Thousands Of Security Cameras Hacked, Exposing Tesla, US Jails and Hospitals

On Monday morning, a group of hackers gained access to the live feeds of 1,50,000 surveillance cameras in US hospitals, businesses, police forces, jails, and schools, revealing sensitive data. The group claimed to have hacked a significant amount of security-camera data collected by Verkada Inc., a Silicon Valley start-up.

Tesla, an American electric vehicle and renewable energy firm, and Cloudfare Inc, a software provider, are among the companies whose footage has been compromised.

The hack’s scope is wide, as the hackers claimed to have been able to access video content from inside women’s health clinics, psychiatric facilities, and Verkada’s offices. They also said they had access to every Verkada customer’s entire video archive.

Bloomberg also claimed to have seen a recording inside a Florida hospital, Halifax Health, that showed eight hospital employees tackling and pinning a man to a bed. Another video, shot inside a Tesla warehouse in Shanghai, showed workers on an assembly line. According to the hackers, they could gain access to 222 cameras located in Tesla’s factories and warehouses.

Tillie Kottmann, a hacker who claimed responsibility for the breach of the San Mateo, California-based Verkad, explained that the data breach was carried out by a multinational hacker group whose intentions were to demonstrate the widespread use of video surveillance and the ease with which devices could be hacked.

Kottmann has previously taken responsibility for hacking Intel Corp. and Nissan Motor Co. They said they hacked companies for a variety of reasons, including “lots of curiosity, fighting for the freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism.”  It was also “way too much fun not to do it,” they added.

The hackers gained access to Verkada through a “Super Admin” account, which enabled them to view all of the customers’ cameras. Kottmann claims they discovered a user name and password for an administrator account publicly leaked on the internet, describing the process as unsophisticated.

“We have disabled all internal administrator accounts to prevent any unauthorized access,” a Verkada spokesperson said in a statement, adding that their security teams were investigating the magnitude and issues at hand.

Representatives from Tesla and several other companies have yet to react to the news. “This afternoon, we were alerted that the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised. The cameras were located in a handful of offices that have been officially closed for several months,” Cloudflare said in a statement.

The cameras were turned off and disconnected from the office networks, according to the company.

“The hack exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit,” Kottmann said. “It’s just wild how I can just see the things we always knew are happening, but we never got to see,” they said.