A hacker group claims to have hacked into the networks of cloud-based surveillance company Verkada, gaining unfiltered access to thousands and thousands of live security camera feeds.
The hack got public attention for the first time on Tuesday afternoon, when a Twitter user named ‘Tillie’ started leaking alleged images of the hack on the internet: ‘Have you ever wondered what an @Tesla warehouse looks like? ‘ slap the hooker and hang a picture of an industrial facility.
Tillie, who goes by the full name Tillie Kottmann and uses their / their pronouns, is allegedly part of an international hacker collective responsible for violating Verkada, according to a report of Bloomberg. Once inside, the hackers were able to use the firm’s security features to monitor the internal operations of large groups of organizations, including medical facilities, psychiatric hospitals, prisons, schools and police departments, and even large companies such as Tesla, Equinox and Cloudflare. The scope of the hack looks massive.
Among other things, Kottmann implied on Tuesday that they could have used their access to Verkada to hack the laptop of Matthew Prince, CEO of Cloudflare:
G / O Media can get a commission
The hacker group showed the attention of the public very noticeably and called the intrusion campaign ‘Operation Panopticon’ and claimed that they wanted ‘end supervisory capitalismBy paying attention to the ways in which ubiquitous supervision dominates people’s lives. It looks like the group is going by the moniker “Arson Cats” and also calls himself a ‘APT, ” with reference to the way in which threat growsps is described by security research firms as “advanced persistent threats”.
According to Bloomberg, ‘Arson Cats’ gained access to the company through a fairly large security flaw: the hackers discovered a password and username for a Verkada administrative account exposed to the Internet. In a Twitter message, Tillie repeated this to Gizmodo, claiming that once they compromised the administrator account (called ‘superadministrator’), they were able to join one of the 150,000 video feeds in the Verkada Library.
“The access we were given allowed us to personalize any user of the system and have access to their view of the platform,” the hacker said, further explaining that the “superadmin rights also include access to the root shell with the push of a button. ”
Asked if there was a political message behind the hack, Tillie said part of it was the fact that they hate ‘supervisory capitalism’:
“Yes, I think I hate capitalism in general, and supervisory capitalism in particular is an abominable and disgusting part of it,” the hacker said. “But the insight we gained through access to these camera feeds was also a very interesting way to see things that we all see happening behind closed doors, but usually never.”
With the publication, representatives of Verkada could not be reached for comment. Emails sent to Tesla and Equinox have not yet been answered. A Cloudflare representative sent the following message:
This afternoon, we were warned that the Verkada security camera system, which monitors the main entrances and main roads in a handful of Cloudflare offices, may have been compromised. The cameras were located in a handful of offices that had been officially closed for several months. Once we became aware of the compromise, we turned off the cameras and disconnected them from office networks. To be clear, this incident does not affect Cloudflare products, and we have no reason to believe that customers may have an incident with security cameras in the office.