Hackers Breach Security Company Verkada Accessing 150,000 Cameras Inside Tesla, Hospitals, and Jails
Hackers said they did it for “fun”, but they also wanted to show how pervasive the surveillance of citizens is.
On March 9th, Bloomberg reported that hackers breached security company Verkada after infiltrating into the systems of security, giving them access to live and archived footage from 150,000 security cameras inside Verkada customers’ facilities and its own offices. Victims included carmaker Tesla, software provider Cloudflare, women’s health clinics, psychiatric hospitals, police stations, and several prisons.
The cameras, including the ones in hospitals, are able to identify and classify people captured on the footage by using sophisticated facial-recognition technology. What’s more, they can also filter individuals by their gender, their clothes’ color, and other factors.
Tillie Kottmann, one of the hackers, told Bloomberg they did it for fun:
Lots of curiosity, fighting for the freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it.
The hackers, who call themselves “Advanced Persistent Threat 69420,” got into the system using a “Super Admin” account that allowed them to access all the cameras and found a username and password for an administrator account on the Internet. They’ve gained access to Verdaka’s offices, their customers’ archive, and a balance sheet, which lists assets inventory, and obligations.
The company acknowledged the breach, saying it had disabled all internal administrator accounts to prevent unauthorized access.
We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.
As per Kottmann’s declaration, the reason behind the attack was to illustrate how security surveillance has infiltrated society at large.
This incident comes after last October’s scandal when it was reported that Verkada employees abused their own surveillance cameras installed in the company office to harass coworkers. At first, the company did not fire the respective employees, but in the aftermath of that article, Verkada’s CEO and co-founder Filip Kaliszan said the company had reviewed its decision and the employees were dismissed.
In the last year, Verkada advertised its cameras as an advantageous tool for businesses that are returning to work during the COVID-19 pandemic, stating that they can be used to detect when rooms are overcrowded, to restrict access to meeting rooms when needed, and for contact tracing.