A group of hackers claims to have hacked into the networks of cloud-based surveillance startup Verkada, gaining unfiltered access to thousands and thousands of feeds from live security cameras in the process.
The hack gained public attention on Tuesday afternoon, when a Twitter user who goes by the name “Tillie” started leaking alleged images of the hack to the internet: “Have you ever wondered what an @Tesla warehouse looks like?” the hacker joked, displaying an image of what appears to be an industrial facility.
Tillie, who goes by the full name of Tillie Kottmann and uses the pronouns he / they, is allegedly part of an international hacking collective responsible for violating Verkada, according to a report from Bloomberg. Once inside, hackers were able to use the company’s security feeds to examine the inner workings of various organizations, including medical facilities, psychiatric hospitals, prisons, schools and police departments, and even large companies like Tesla, Equinox and Cloudflare . The scope of the hack looks huge.
Among other things, Kottmann hinted on Tuesday that they could have used their access to Verkada to hack into the laptop of Cloudflare CEO Matthew Prince:
G / O Media can receive a commission
The group of hackers caught the public’s attention in a very noticeable way, calling the intrusion campaign “Operation Panopticon” and claiming they want “end of surveillance capitalism”, Drawing attention to the ways in which ubiquitous surveillance dominates people’s lives. The group seems to go by the nickname “Incendiary Cats” and also calls itself a “APT, ” in reference to how the threat groupsps are labeled “advanced persistent threats” by security research companies.
According to Bloomberg, “Arson Cats” managed to enter the company through a major security mistake: the hackers discovered a password and a username for a Verkada administrative account publicly exposed on the Internet. In a message on Twitter, Tillie reiterated this to Gizmodo, claiming that once they compromised the administrator’s account (called a “super administrator”), they were able to connect to any of the 150,000 video feeds in Verkada’s library.
“The access we had allowed ourselves to impersonate any user of the system and access their view of the platform,” said the hacker, further explaining that “superadmin rights are also what gave us access to the root shell at the click of a button. “
When asked if there was a political message behind the hack, Tillie said that part of that was the fact that they hated “surveillance capitalism”:
“Yes, I think I hate capitalism in general, surveillance capitalism being an especially horrible and disgusting part of it,” said the hacker. “However, the perception of having access to these camera feeds has also given us a very interesting way to see things that we all know happen behind closed doors, but we usually never get to see them.”
Until publication, Verkada representatives could not be reached for comment. The emails sent to Tesla and Equinox have yet to be answered. A Cloudflare representative sent the following message:
This afternoon, we were alerted that the Verkada security camera system, which monitors the main entry points and main thoroughfares at some Cloudflare offices, may have been compromised. The cameras were located in a handful of offices that have been officially closed for several months. As soon as we became aware of the compromise, we deactivated the cameras and disconnected them from the office networks. To be clear, this incident does not affect Cloudflare products and we have no reason to believe that an incident involving office security cameras would affect customers.