Hackers access security cameras inside Cloudflare, jails, and hospitals

Hackers access security cameras inside Cloudflare, jails, and hospitals

Getty Images

reader comments

18 with 17 posters participating

Hackers say they broke into the network of Silicon Valley startup Verkada and gained access to live video feeds from more than 150,000 surveillance cameras the company manages for Cloudflare, Tesla, and a host of other organizations.

The group published videos and images they said were taken from offices, warehouses, and factories of those companies as well as from jail cells, psychiatric wards, banks, and schools. Bloomberg News, which first reported the breach, said footage viewed by a reporter showed staffers at Florida hospital Halifax Health tackling a man and pinning him to a bed. Another video showed a handcuffed man in a police station in Stoughton, Massachusetts, being questioned by officers.

“I don’t think the claim ‘we hacked the internet’ has ever been as accurate as now,” Tillie Kottmann, a member of a hacker collective calling itself APT 69420 Arson Cats, wrote on Twitter.

Hardcoded credentials

Kottmann told Ars that the hack was made possible after Verkada exposed an unprotected internal development system to the Internet. It contained credentials for an account that had super admin rights to the Verkada network. Once inside the network, the hackers said they had access to feeds from 150,000 cameras, some of which provided high-definition video and used facial recognition.

leaked 20GB of Intel source code and proprietary data. Other companies whose data has reportedly been breached by Kottmann include AMD, Microsoft, Adobe, Lenovo, Qualcomm, and Motorola. Those breaches also relied on hardcoded credentials in Internet-exposed repositories.

Kottman said the hackers collected about 5GB of data from Verkada, but could have obtained much more.

Article Tags:
Article Categories: