NEW YORK (PIX11) – A Russian hacking group is suspected of breaking into thousands of surveillance cameras around the world and posting live feeds online.
The cameras range from those in private homes to businesses, all tapped without the owners’ approval.
A side panel on the Insecam homepage gives a breakdown of where each camera is by country.
Insecam is able to access the cameras that are hooked up to public servers.
Websites such as Shodanhq are used to sweep the internet looking for IP address of devices connected to the web.
Laptop and USB-connected webcams are not included, Mashable reports.
In the United States alone there are over 11,000 feeds on the site.
PIX11 found over 100 cameras around Manhattan with a Google Maps zoom-in of the location.
Users can also see the manufacturer of the camera, the default login and password.
Insecam was designed to show the importance of security settings, according to the creators.
Several media outlets reported the breach when the site posted the feeds online.
The site addresses the allegations that they’re hacking into cameras in the frequently asked question portion.
This monumental breach is both startling and newsworthy enough that we enlisted tech and cyber security analyst Raj Goel to help drive home the point that this isn’t just a voyeur’s paradise.
“As security experts say, on the internet every psychopath is your neighbor. In this case, this person has graphically demonstrated. From all over the world, that internet insecurity – stupidity, is not just an American problem, it’s a global thing. It’s the equivalent of buying a combination lock in high school, and leaving the password 0-0-0-0,” said cyber security analyst Raj Goel.
“These cameras are not hacked. Owners of these cameras use default password by unknown reason,” the website says. “There are a lot of ways to search such cameras in internet using Google, search software or specialized search sites.”
The website then lists over a dozen examples of how to search security cameras in Google.
Goel showed us a video feed from an area described as the Aberdeen proving ground, a US Army facility in Maryland.
On our own, we checked in at a deli. Good thing we weren’t crooks trying to case the place.
There is even a maps display giving us the exact location from there the feed is coming from.
But perhaps, what’s more disturbing, Goel says protecting yourself against the world’s peeping toms is as simple as updating the default credentials on these camera devices
Cyber security experts tell KDVR that it’s not difficult for hackers to access the cameras because many users have generic usernames and passwords.
To protect yourself, experts say users should disconnect PCs and laptops from Internet connections overnight. People can also mask web cameras with tape to prevent someone from seeing a feed.
Originally published at http://pix11.com/2014/11/11/hackers-set-up-live-streaming-website-for-over-100-nyc-private-webcams/. Story and reporting by Jay Dow, PIX11
Episode Transcript:
JAY: You are looking at children tucked away nicely in their beds sleeping peacefully. Their dreams may be private but this room with a view is on full display for anyone to see over the internet. We are not going to publicize the website, it's already bad enough that tens of thousands of supposedly private nanny cams, webcams, and security cameras are accessible on this website, allegedly run by Russian hackers.
RAJ: Where we can see the retail counters, we can see the food preparation, this is a restaurant facility of some kind.
JAY: But this monumental breach is both startling and news worthy enough that we enlisted tech and cyber security analyst Raj Goel to help drive home the point that this isn't just a voyeur's paradise.
RAJ: As security experts say on the internet, every psychopath is your neighbor. In this case, this portion has graphically demonstrated from all over the world that internet insecurity and internet stupidity is not an American problem, it's a global thing. It's the equivalent of buying a combination lock in high school and leaving the password 0000.
JAY: Goel showed us a video from an area described as the Aberdeen Proving Ground, a U.S. army facility in Maryland. On our own, we checked in at a deli. Good thing we weren't crooks trying to case the place. There's even a map display, giving us the exact location from where the feed is coming from. But perhaps what's most disturbing, Goel says protecting yourself against the world's peeping Toms is as simple as updating the default credentials on these camera devices.
RAJ: This is something you could lock down in less than 5 minutes if you know what you're doing.
JAY: Really, that's it.
RAJ: This is just simply going into the program and updating it with your own password.
RAJ: Updating with your password and also saying only allow access from this, this, and this person or this, this, and that site. Allowing the world to look at your security cameras is equivalent to your front door and back doors open letting the world come in 24/7.