In a worrisome security breach, a hacker collective gained access to thousands of security cameras operated by Silicon Valley startup Verkada.

According to Bloomberg, a collective known as ‘Advanced Persistent Threat 69420’ accessed 150,000 live video security feeds, including some in Tesla factories, as well as American and international jails, hospitals, schools, gyms, corporate offices, and even Verkada itself. Some of the footage Bloomberg reporters viewed included a police officer questioning a man in handcuffs, and multiple staff in a hospital pinning a patient to his bed. There was also footage from the assembly line of the Tesla factory in Shanghai, China.

Even worse, the data could be tied directly to individuals, presenting a huge privacy and security problem. As Bloomberg noted, “some of the cameras, including in hospitals, use facial-recognition technology to identify and categorize people captured on the footage.”

Tillie Kottmann, a spokesperson for the collective, explained that they had discovered a vulnerable  “super admin” account that gave them access to the various systems. Kottmann shared details of the hack on Twitter, which then suspended their account.

Bloomberg reported that the hackers claim that they hacked the company to show “just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so.”

Privacy advocates note that because of the sensitive nature of much of the security footage, Verkada should have taken far better precautions to protect the data. For companies that rely on third-parties to manage their security cameras, they should consider who else has access to the footage. As Eva Galperin, director of cybersecurity at Electronic Frontier Foundation told Bloomberg, “if you are a company who has purchased this network of cameras and you are putting them in sensitive places, you may not have the expectation that in addition to being watched by your security team that there is some admin at the camera company who is also watching.”

In other news

  • Hackers getting hacked. Perhaps James Bond has been busy during the quarantine? Gizmodo reports that the Russian online forum Maza (or Mazafaka), known for its involvement in illegal enterprises as diverse as money laundering, dealing in stolen credit card data, and malware, was itself the target of a sophisticated hack.

    Among other data, the hackers obtained users’ email and Internet addresses and hashed passwords, and dumped this data online for others to access. KrebsOnSecurity points out that because of the nature of the data and some unique identifiers, it could spell trouble for some of the biggest perpetrators of online fraud in the world, particularly if this information makes it into the hands of law enforcement.

    This hack is apparently just the latest in a string of attacks on top criminal forums, leading some to wonder if the same entity is behind them all — and to speculate on the possibility of an international spy organization working to bring these forums down. 

  • Move over Google — Brave announces private search. Back in 2016 Brave launched its first web browser. A free and open-source web browser built on the Chromium web browser, Brave blocks ads and website trackers. It also allows site visitors to reward content creators with crypto-currency-backed “Attention Tokens”. Brave subsequently launched a privacy-protecting newsreader and now the company has announced a new privacy-oriented search engine. With Google, even in incognito mode the search engine still knows who you are and tracks certain data that gets sold to advertisers. According to Gizmodo, with a browser like Brave, the goal is to “keep consumer data as far away from advertisers’ prying eyes as possible.” If you want to be one of the first to try out the Brave search engine, you can sign up for their waiting list. 
  • Edgy insights. For a high-level steer on which direction technology is heading check out the Linux Foundation’s just-released State of the Edge 2021 report. In it you’ll find insights and predictions on the disruption the COVID-19 pandemic caused and how industries used open technologies to scale up their service offerings. The report highlights the scale of digital transformation and adoption — and its effect on edge computing facilities and providers. There’s plenty to chew on.

Tip of the week

Ever feel like you’re paying way too much for your website? You might take a look at Namecheap’s affordable shared hosting options or if you’re a WordPress kind of person, check out EasyWP, our managed WordPress hosting, and see if maybe one of our options is a better fit for your budget.

And then when you’re ready to make the move, we’ll make it as painless as possible with our free hosting migration and WordPress migration services.

[News] Hack exposes video surveillance footage .