Australian security cameras hacked, streamed on a Russian-based website
Australians are being filmed through private security cameras that are being streamed on a website based in Russia.
- The Insecam website broadcasts live streams of compromised web-connected security cameras and webcams
- The site allows people to control the cameras by zooming in and out and moving the camera around
- The group behind the website denied it hacked the cameras
Ken Jeffery didn’t know he was one of them, until an ABC News investigation tracked him down in south-eastern New South Wales.
“That’s probably the last thing you think would happen out the back of Bodalla,” Mr Jeffery said.
The auto-electrician had been identified on a compromised home security camera, that was streaming live on a website tracked to a Russian IP address.
“It caught me by surprise and I was thinking ‘was I already in trouble with somebody?’,” Mr Jeffery said.
“We all laugh and joke about Big Brother watching us and things like that, but the reality is there is quite the opportunity for people to be watching us anywhere.”
The Insecam website broadcasts live streams of compromised (or hacked) web-connected security cameras and webcams, with dozens of Australian businesses and homes featuring on the site at any one time.
From backyard swimming pools in Perth, to someone’s outdoor dining area in their Melbourne courtyard, to warehouses in Sydney and restaurants in Queensland — all manner of security cameras have been live streamed, allowing people to watch properties and know when residents are at home or not.
The site even allows people to control the cameras by zooming in and out and moving the cameras around.
The group behind the website denied it hacked the cameras, saying the owners of the cameras did not have appropriate security on their devices.
But at least one victim, alerted by ABC News, said it was the second or third time the cameras had been hacked, even after security advisors had changed the settings and passwords.
‘Countless’ devices vulnerable to hackers
Australian cyber security and privacy experts said the owners of these devices were vulnerable to physical and internet attacks.
Ty Miller is a professional and ethical hacker, who trains foreign government officials in accessing computer systems.
He said there were countless databases of vulnerable cameras on the web allowing anyone — using the right Google search terms — to find them and access them.
Mr Miller said in the age of the so-called Internet Of Things (IOT) more devices were connected to the internet, providing potential for hackers to find “vulnerabilities” and get into networks.
“That can include things like your TV these days, as well as your laptops, pretty much anything connected to the internet,” he said.
“Once an attacker actually gains access to your internal network or your accounts, they can then do what’s called ‘privilege escalation attacks’, where they start gathering more information about you, which they can then use to perform identity theft, and start causing financial and emotional damage to you or your business.”
Mr Miller showed ABC News whole databases of vulnerable and compromised systems and accounts that were accessible online.
‘Cameras may be used to launch criminal attacks’
Professor Katina Michael, from the Australian Privacy Foundation, said cameras could be used to launch criminal attacks like robberies.
“People know when you’re not home, when you’re not in particular rooms,” Professor Michael said.
“They know what property and assets you own.
“They know who comes to visit and what times you go to sleep, what times you wake up, what times you’re using your outdoor areas, like swimming pools.”
Professor Michael said people have hacked into baby monitors and other internet-connected devices.
“There are about 30 billion of these devices and many security experts believe about three-in-five [60 per cent] of these devices are totally unsecure or can be hacked using brute force attacks,” Professor Michael said.
She said the cameras on Insecam could be controlled by a hacker.
The expert advice is to make sure all security patches and software updates are done as soon as they come out and to set a cryptic password to avoid getting hacked.
For Mr Jeffery, the experience of being told he was being watched made him more aware and more cautious.
“It’s shrinking the world and we’re all losing our privacy and our personal rights I guess in some ways, by all this technology,” he said.