In one video, a woman in a hospital room watches someone sleeping in a resuscitation bed. In another, a man and three children celebrate a Sunday afternoon around a riddle in a carpeted playroom.
Private moments, for some time, would be limited in memory. But he was watching something else. Internet-connected camera run by security startup Verkada, which sells cameras և software that customers can use to watch videos from anywhere on the web.
With one form of hacking, those scenes քները the eyes of more than 149,000 security cameras were suddenly revealed to hackers who used high-level credentials to gain access to a large network of Verkada cameras.
One of the hackers shared some material with The Washington Post to keep in mind the widespread threat of surveillance technologies that the public is almost constantly watching.
The cache contains real-life images, videos, and company lists of over 24,000 organizations in a vast area of American life, including schools, offices, gyms, banks, health clinics, and county jails.
The breach, first reported by Bloomberg, highlighted the central vulnerability that plagues the modern web. As more and more companies compete to store huge amounts of sensitive data, they become more effective targets of attack, making it easier for thousands of people who are suddenly unaware. to obey
But it also revealed that America is now watching a terrible change. With the growing popularity of cheap, internet-connected cameras, describing our lives in a way that many people may not realize, dig them into a network they will never forget.
“This breach should be a wake-up call to the dangers of self-control,” said Andrew Ferguson, a law professor at the American College of Law in Washington. “We are building networks of control that we can not avoid without really thinking about the consequences. “Our desire to have a certain false sense of security is a threat to his security.”
A spokesman for Verkada said his system was now secure, with the company blocking unauthorized access by shutting down all administrator internal accounts. The company, which advertised its camera networks as “secure from the ground up”, notified law enforcement, and its internal security team, a third-party security company, is investigating the scale and extent of the breach.
Tillie Cottman, an activist at the Advanced Persistent Threat 69420 in Switzerland, says a team of less than 10 people stumbled upon login details for Verkada’s “Super Admin” account, which was made public on the web.
“We do not do targeted work. “We all have ADHD և not much patience,” Cottman said. (The band’s name combines the term cybersecurity with specialized hacker squads with two sex-meme numbers associated with sex արի marijuana).
Cottman said that after appearing on the Verkada network, the team members were amazed at how many videos they could watch in real time, how many internal features they could access. The company’s centralized software made it easy for them to access a huge network of sensitive cameras in just a few clicks.
The hackers entered on Monday, were able to view real-time footage, view a complete collection of videos stored by customers. Bloomberg alerted the company to close the breach the next day.
“The foundation I was able to gain from it still feels incredibly surreal,” Cottman said. “It’s the irony of this whole thing. “All the great security features are why everything went wrong.”
Founded in 2016, Verkada sells everything a school, workplace or company needs to start looking at their real space, from indoor-outdoor cameras, door-to-door controls, to temperature, motion and noise sensors.
Silicon Valley equipment connects to the Internet through Verkada’s cloud service, which allows customers to not only watch և save real-time videos from anywhere, but also use the company’s artificial intelligence features to catch up with people as they move around in the real world.
Verkada’s People Analytics software allows customers to automatically search for a person on the other side of a building or university, whether by face, clothing color, backpack or “obvious gender”, and then track it down. moving a person from room to room.
Verkada high-resolution cameras start at $ 599, and cloud licenses start at $ 199 a year. The company also sells a $ 1,999 “viewing station” that can stream up to 36 cameras simultaneously.
Verkada և մրց մրց մրց: մրց::::::::::::::::::::::::::::::::::::::::::::
This business of “video analysis” systems is growing rapidly. Companies like Avigilon have sold camera software with “unusual motion detection” and “appearance search” features to a number of businesses and NGOs across the country, including school districts affected by the mass shootings.
“The ability to have an operating system for all the buildings in the world.” Aydin Senkut, founder of Felicis Ventures, a Verkada investor, told TechCrunch last year. “It looks like that market could not be better.”
But the list of Verkada customers provided to The Post also shows how shocking one violation can be. The list includes churches, volunteer fire departments, hotels, sports bars, rehabilitation centers, child care homes, as well as major technology companies such as Cloudflare.
Some videos show the desert corridors of the epidemic era. An abandoned corporate office that stretches to the horizon. An empty auditorium with an American flag. A Cloudflare spokesman said Verkada cameras had monitored the main entrances to the company’s offices, the highways, which had been closed since last year, and that they had been shut down as soon as the company became aware of the breach.
But many others show that people are just busy with their lives. Workers on the floor of a production plant; people sitting in the hospital waiting room; Security guard, only cemetery shift.
Liz O’Sullivan, director of the nonprofit advocacy group Surveillance Technology Oversight Project, said the massive collection of tech companies’ personal videos and other data is constantly being hacked by hackers who scan networks and use automated testing tools. Vulnerable places
Some do it for fun, others to hijack systems, blackmail targets, or make a lucrative ransom. And the rush to install more Internet-enabled devices around our homes and workplaces, the Internet of Things, is also fueling a wave of vulnerabilities that threaten privacy. He noted that some sites, such as Insecam, allow anyone to view thousands of public և insecure webcams from around the world (even grouped into categories, including House, Kitchen, and Pool).
“This is the hypocrisy of the control network. “Anything you create under the guise of greater security is a tool that can be turned against you,” he said.
“The more we concentrate power in the hands of a few technology companies, the more we risk such things,” he said. And “about every one of these that you hear about, there are 10 people that you do not hear about.”
The crash also raised questions about how much Verkada employees were able to see through its customers’ cameras. Charles Rollett of the IPVM Monitoring Group said on Wednesday that a well-informed company, whom Rolle declined to name, insisted that Vercada staff could access customers’ cameras at any time without their knowledge.
“Verkada sold their system as more advanced in terms of privacy and security, which is ironic when you look at what happened,” Rolle said. “People do not realize what is going on behind the scenes, they assume that there are always those super-formal processes when it comes to personnel, that the company must always give a clear agreement. But it is clear that this is not always the case. “
Verkada did not respond to a request for comment on Wednesday. But last year, the company shut down three employees, according to CEO Philip Calizan, for “absurd behavior against staff” for allegedly using the company’s internal office cameras to film, joke with their female colleagues.
Such access has also caused problems for other tech giants, including the company Ring Camera, which fired employees for improperly accessing customer video data.
Some of Verkada’s footage shared with The Post seems to come from institutional settings where security cameras have long been a reality. The cameras in the prisons were looking at the toilets and benches of the narrow cells. Others showed prisoners talking together on Friday night or being forcibly restrained.
But the cameras also showed how more goods are being transported to small businesses and residential areas. Companies such as Ring և Google Nest advertise closed և external camera systems that can connect to the Internet և Some owners have reported hackers ի cyberattacks that have infiltrated their internal lives.
In some of Verkada’s most common videos, children could be shown during the game. In one video, a girl dances in the community center gym on Friday morning as other children line up. It seems that no one really pays attention to him except us.
“Every video stream we create, sensor uploads, digital tracks are vulnerable to hacking, legitimate acquisition by the police,” said Ferguson, a law professor. “The breach is unusual, horrible, but we should probably be more concerned with numbers that we think are normal, good for digital surveillance technology.”