Offices, kids’ bedrooms: Hackers access 500 UK webcams, thousands worldwide
The website, reportedly maintained by Russians, but registered to an offshore Australian territory, shows listings of 500 webcam feeds in the UK, as well as 4,591 in the US, 2,059 in France and 1,576 in the Netherlands.
The site reportedly shows scenes from the UK, including offices, driveways and children’s bedrooms.
The Information Commissioner’s Office (ICO) claimed the site has been running for one month, but it was only brought to their attention in the last 24 hours when they were alerted by global data watchdogs.
The UK’s Information Commissioner Christopher Graham said the website was operating globally and that British authorities were alerted via other affected countries.
“I think this started in Macau and Hong Kong, they alerted the Australians. The Australians alerted the Canadians. The Canadians alerted us.
“We have known about this for about 24 hours and we’ve been working out how best to deal with it. This is a good example of cooperation between data protection authorities across the world.”
Live feeds from the website, which is not being named by media outlets for fear that publicity may increase traffic to the site, can also be seen broadcasting images from Nicaragua, Pakistan, Paraguay and Zimbabwe.
The site operates by hacking into insecure webcams which provide remote access to their owners. Such webcams are popular with parents wishing to monitor their children and business owners who need to watch their property when offsite.
The live feeds have raised concerns about targeted burglaries, as each broadcast shows the exact latitude and longitude of the webcam, as well as the postal (zip) code of the property.
Graham told BBC Breakfast he wanted to “sound a general alert,” warning “there are people out there who are snooping.”
He further said he would work with Russian authorities to shut the site down, claiming a similar site would be illegal in the UK.
The ICO has not confirmed its sources linking the website to Russian hackers.
Graham said he hoped the information would ensure parents and owners would take the responsibility of securing their webcams with more cryptic passwords.
“It is spooky. But after all, it is the responsibility of the parents to set a proper password if you want remote access.”
The ability for users to access their webcams remotely is both “an internet camera’s biggest selling point and, if not setup correctly, potentially its biggest security weakness,” the group manager for the technology at the office of the Information Commissioner, Simon Rice, said
“You may think that having to type in an obscure web address to access the footage provides some level of protection. However, this will not protect you from the remote software that hackers often use to scan the internet for vulnerable devices,” he added.
While UK authorities have condemned the public use of illegally obtained internet camera, former GCHQ Director Iain Lobban praised the practice of his agents and surveillance workers after the spy agency came under fire for accessing thousands of stills from UK webcams.
Operation Optic Nerve, which was disclosed in February 2014 by whistleblower Edward Snowden, showed that GCHQ, working with the NSA, had compiled stills from over 1.8 million Yahoo users’ internet chat records.