Australians are filmed by private security cameras which are shown on a website based in Russia.
- Insecam website broadcasts live feeds from compromised security cameras and webcams
- The site allows users to control cameras by zooming in and out and moving the camera
- The group behind the website denied they had hacked the cameras
Ken Jeffery had no idea he was one of them, until an ABC News investigation found him in south-eastern New South Wales.
“It’s probably the last thing you think would happen in the back of Bodalla,” Mr. Jeffery said.
The auto electrician had been identified on a compromised home security camera, which was streaming live on a website followed by a Russian IP address.
“It took me by surprise and I was like, ‘was I ever having problems with someone?'” Mr. Jeffery said.
“We all laugh and joke that Big Brother is looking at us and things like that, but the reality is that there is quite a chance for people to look at us anywhere.”
The Insecam website broadcasts live feeds from compromised (or hacked) web-connected security cameras and webcams, with dozens of Australian businesses and homes listed on the site at all times.
From backyard pools in Perth, to someone’s outdoor dining area in their backyard in Melbourne, to warehouses in Sydney and restaurants in Queensland – all manner of security cameras have been broadcast live, allowing people to look at the properties and know when the residents are at home or not.
The site even allows people to control the cameras by zooming in and out and moving the cameras.
The group behind the website denied they had hacked the cameras, claiming that the owners of the cameras did not have proper security on their devices.
But at least one victim, alerted by ABC News, said it was the second or third time the cameras had been hacked, even after security advisers changed settings and passwords.
“Countless” devices vulnerable to hackers
Australian cybersecurity and privacy experts said owners of these devices were vulnerable to physical and internet attacks.
Ty Miller is a professional and ethical hacker, who trains officials of foreign governments to access computer systems.
He said there are countless vulnerable camera databases across the web allowing anyone – using the right Google search terms – to find and access them.
Mr Miller said that in the age of the so-called Internet of Things (IOT), more and more devices were connected to the Internet, giving hackers the ability to find “vulnerabilities” and to access networks.
“It can include things like your TV these days, as well as your laptops, pretty much anything that’s connected to the internet,” he said.
“Once an attacker actually has access to your internal network or accounts, they can then perform what are known as ‘privilege escalation attacks’, where they begin to gather more information about you, which ‘it can then use to perform identity theft and start causing financial damage. and emotional damage to you or your business. “
Miller showed ABC News comprehensive databases of vulnerable and compromised systems and accounts accessible online.
“Cameras can be used to launch criminal attacks”
Professor Katina Michael, of the Australian Privacy Foundation, said the cameras could be used to launch criminal attacks like thefts.
“People know when you are not at home, when you are not in particular rooms,” Professor Michael said.
“They know what goods and assets you own.
“They know who is coming to visit and what time you go to bed, what time you wake up, what time you use your outdoor spaces, like swimming pools.”
Professor Michael said people hacked baby monitors and other internet-connected devices.
“There are about 30 billion of these devices and many security experts believe that about three in five [60 per cent] of these devices are completely insecure or can be hacked using brute force attacks, ”Professor Michael said.
She said Insecam’s cameras could be controlled by a hacker.
The expert advice is to make sure that all security patches and software updates are made as soon as they are released and to set a cryptic password to avoid being hacked.
For Mr. Jeffery, being told he was being watched made him more aware and more careful.
“It’s shrinking the world and we’re all losing our privacy and our personal rights, I guess in some ways because of all this technology,” he said.