Mass Hacking of IP Cameras Leave Koreans Feeling Vulnerable in Homes, Businesses (joins.com) 17
Hackers breached approximately 120,000 IP cameras across South Korea and allegedly sold footage captured from private homes, gynecology offices, breastfeeding rooms and massage parlors to an overseas pornography website, prompting an interagency government task force to announce sweeping reforms on December 7.
Police believe one suspect alone hacked 63,000 cameras and produced 545 videos that netted him 35 million won ($24,000) in cryptocurrency; a second suspect, operating independently, compromised 70,000 devices and earned 18 million won from 648 videos. The footage accounted for 62% of all content on the website, which maintains a dedicated "Korean" category. A government survey found that only 59% of installation companies consistently carried out mandatory security measures such as changing default passwords. Lawmakers are now pursuing legislation requiring security-certified IP cameras in sensitive facilities.
Police believe one suspect alone hacked 63,000 cameras and produced 545 videos that netted him 35 million won ($24,000) in cryptocurrency; a second suspect, operating independently, compromised 70,000 devices and earned 18 million won from 648 videos. The footage accounted for 62% of all content on the website, which maintains a dedicated "Korean" category. A government survey found that only 59% of installation companies consistently carried out mandatory security measures such as changing default passwords. Lawmakers are now pursuing legislation requiring security-certified IP cameras in sensitive facilities.
It won't matter... (Score:2)
...if the cameras are "security-certified" if either (a) the box they feed isn't, or (b) they're installed by idiots.
Re: (Score:2)
If the cameras need a cloud service to work then you are doing it wrong. Way too many devices uses cloud services these days.
Also turn off UPnP in your router since that can open up backdoors to no end.
As usual (Score:5, Insightful)
As usual, 545 videos for 24 000 $ is a lot of victims for little profits. Crime annoys a lot of people for very petty results. The people doing that deserve to be called lowlifes on many levels.
Why put the cameras there? (Score:2)
This is on par with buying gift cards and reading the numbers over the phone to 'pay your unexpected tax bill'.
If you buy a camera and put it on line and do not have a full time security guy to maintain it, I assure you it will be hacked.
NKor disappointed (Score:2)
It'll be harder for them to compromise SKor. But seriously, given the hacker haven that North Korea is, you'd think South Korea would be a lot more careful with computer security regulation.
Re:NKor disappointed (Score:4, Insightful)
The fact that they had IP cameras in gynecology offices & breastfeeding rooms tells you a lot about there society.
Sure, makes sense (Score:4, Insightful)
Hey, we're going to have a room set up just for breastfeeding.
Should I put in a webcam connected to the internet?
Of course!
Action is good but this one? (Score:2)
What is wrong expecting this for all camera's (and devices)?
What? Why? (Score:2)
Why would anyone put cameras in gynecology offices, breastfeeding rooms and massage parlors? What were they thinking?
Also, why is this unbelievable story not supported by any linked evidence? The people need proof!
Re: (Score:2)
Protection against abusive doctors or for creating real-world training videos (USA has students finger anesthetized patients without their knowledge for training, so why not simple training vids?). Find the person smearing shit or leaving trash in the breastfeeding rooms. Handling abuse claims. Etc... It's easy to come up with a bunch of useful reasons for having the cameras. Easy to come up with a bunch of reasons for not having them too.
Re: (Score:2)
USA has students finger anesthetized patients without their knowledge for training
Citation needed. Offhand, I can't think of anything that a medical school would be less likely to do. Even if they didn't care about the potential eight-figure lawsuits (and believe me, they *do* care very much about that)... what possible "training" purpose would "fingering an anesthetized patient" serve?
fingering anesthetized patients was common (Score:2)
And it is still legal in most US states.
\o/ (Score:1)
Assuming for a moment the hacking and distribution of the feeds is completely ok - this haX0r seems to have spent way too much time developing the side of their personality which allows hacking and almost zero to not-getting-exploited by business partners - wtf - 38 cents per camera?
Re: (Score:2)
Assuming for a moment the hacking and distribution of the feeds is completely ok - this haX0r seems to have spent way too much time developing the side of their personality which allows hacking and almost zero to not-getting-exploited by business partners - wtf - 38 cents per camera?
It's not likely they had to do something unique for each camera; they probably hit one or more central master databases. That's the problem with cloud-based things: there's a very tempting attack surface that's outside your control. What stands out to me is that, after reviewing the outputs of these 120,000 cameras to find anything interesting, they found under 1200 videos (an average of 1 video per 100 cameras x who knows how many hours of footage), and the thieves got paid between $20 and $45 per video.
Big Brother is watching you (Little Brother, too) (Score:2)
The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it; moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment.