On Monday, Swiss authorities announced there was a police raid at the home of a Lucerne Switzerland software engineer. Tillie Kottmann claimed credit for the hacktivist breach of a massive data-trove of security-camera footage. Silicon Valley startup company, Verkada Inc, was collecting and holding this footage.
Verkada sells high-resolution cameras for as low as $599. Additionally, the company sells a professional viewing station that streams up to 36 cameras at once. Customers pay $199 for an annual cloud license.
Hacktivist Group Invades Live Streaming Cloud
Kottmann claimed his team, the Advanced Persistent Threat 69420 hacktivist group, is fewer than 10 people. Supposedly, the hackers accidentally “stumbled” onto log-in details for a Verkada Super-Admin account which was public on the Web.
He bragged about breaking into the cloud-connected camera system which Verkada, the retailer of cameras and software, manages. Clients use webcams to watch videos in real-time online. This left the network vulnerable to attack.
Fighting for “freedom of information and against intellectual property was the goal. Along with a huge dose of anti-capitalism, a hint of anarchism, and it’s also just too much fun not to do it.” Kottmann said.
Andrew G. Ferguson, a law professor at American University Washington College of Law says the hack ‘should be a wake-up call to the dangers of self-surveillance.’
“We are building networks of surveillance we cannot escape from without really thinking about the consequences. The desire for a fake sense of security is its own security threat,” Ferguson emphasized.
Verkada’s Global Clients Live-streamed
The breach was first reported on March 9th when Kottmann and other malicious attackers obtained access to the extensive archives and began to leak it online. The hack-attack revealed the vulnerabilities of this cloud-based technology. Thousands of innocent people had sensitive data appearing on the net.
One of the hacktivists gave the story to the Washington Post claiming it was a warning regarding the threat of widespread surveillance technologies turned on citizens.
Many of the cameras are new-gen, with facial-recognition technology, which can identify and verify people captured on the footage.
People Analytics (PA) facial-recognition software allows you to automatically search for anyone room-to-room in a building or across a campus. The software considers everything like facial features, clothes, “apparent sex” and what they are carrying (backpack, purse, briefcase).
The hackers got access to 150,000 live-stream surveillance cameras inside prisons, hospitals, police departments, schools, and companies. Additionally, psychiatric hospitals, gyms, and women’s health clinics became victims.
APT69420 was able to access the network using high-level log-in credentials. After Kottmann and other malicious attackers obtained access to the video archives they began to leak it online.
The hacked companies include carmaker, Tesla, transport start-up Virgin Hyperloop, Equinox, and software provider Cloudflare. APT69420 even has access to view all the archived video footage from Verdana.
Thankfully, Kottmann alleged the authorities took all equipment during the raid.
A Swiss police spokesman asks all questions go to “the relevant U.S. authority”. The FBI claimed “awareness of the law enforcement activity conducted in Switzerland,” but has no comment.
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.