A group of hackers claims to have entered Verkada’s cloud-based surveillance networks, gaining unfiltered access to thousands and thousands of live security camera streams in the process.
The hack first gained public attention on Tuesday afternoon, when a Twitter user named “Tillie” began posting alleged images of the hack on the Internet: “Have you ever wondered what a repository looks like? @Tesla? he beat the hacker, hanging a picture of what appears to be an industrial facility.
Tillie, who goes by the full name Tillie Kottmann and uses their pronouns, is said to be part of an international group of hackers responsible for the Verkada violation, according to a report from Bloomberg. Once inside, hackers managed to use the company’s security feeds to analyze the internal workings of many organizations, including medical facilities, psychiatric hospitals, prisons, schools and police departments and even large companies such as Tesla, Equinox and Cloudflare. The purpose of the hack seems massive.
Among other things, Kottmann suggested on Tuesday that he could have used access to Verkada to enter the laptop of Cloudflare CEO Matthew Prince:
G / O Media may receive a commission
The group of hackers drew the attention of the very visible public, calling the intrusion campaign “Operation Panopticon” and claiming that they will “puts an end to supervisory capitalism“By drawing attention to the ways in which ubiquitous surveillance dominates people’s lives. The group seems to be leaving from the name “Arson Cats” and is also called a “APT, ” with reference to how the threat increasesps are labeled as “advanced persistent threats” by security research firms.
According to Bloomberg, “Arson Cats” entered the company through a rather massive security blunder: hackers discovered a password and a username for a Verkada administrative account publicly exposed to the Internet. In a Twitter message, Tillie reiterated this to Gizmodo, claiming that once they compromised the administrator account (called the “super administrator”), they were able to connect to any of the 150,000 video streams in the Verkada library.
“The access we allowed ourselves identified us any user of the system and to access their vision on the platform,” said the hacker, further explaining that “super-administration rights are also what allowed us access to the root shell at the click of a button. ”
When asked if there is a political message behind the hack, Tillie said part of it is that she hates “surveillance capitalism.”
“Yes, I think I hate capitalism in general, with surveillance capitalism being a particularly horrible and disgusting part of it,” the hacker said. “However, the prospect of access to these room flows gave us also a very interesting way to see the things we all know going on behind closed doors, but usually not. we never get to see them. “
Verkada’s representatives could not be reached for comment. Emails sent to Tesla and Equinox have not yet received a response. A representative from Cloudflare sent the following message:
This afternoon we were warned that the Verkada security camera system that monitors the main entry points and main routes in a handful of Cloudflare offices may have been compromised. The rooms were located in a handful of offices that had been officially closed for several months. As soon as we became aware of the compromise, I turned off the cameras and disconnected them from the office networks. To be clear, this incident has no impact on Cloudflare products and we have no reason to believe that an incident involving office security cameras would have an impact on customers.