Getty Images / Aurich Lawson
A home security technician admitted that he repeatedly broke into cameras he installed and saw clients involved in sex and other intimate acts.
Telesforo Aviles, a 35-year-old former employee of the home security and small office firm ADT, said that over a five-year period, he accessed the cameras of nearly 200 client accounts on more than 9,600 occasions – all without permission or knowledge of customers. He said he took note of houses with women he found attractive and then saw his cameras for sexual satisfaction. He said he watched naked women and couples having sex.
Aviles made admissions on Thursday to the U.S. District Court for the Northern District of Texas, where he pleaded guilty to one charge of computer fraud and one charge of invasive visual recording. He faces a maximum of five years in prison.
Aviles told promoters that he routinely added his email address to the list of users authorized to access clients’ ADT Pulse accounts, which allows clients to remotely connect to the ADT home security system so they can turn on or off their lights, arm or disarm alarms, and view feeds from security cameras. In some cases, he told customers that he needed to add himself temporarily to be able to test the system. Other times, he added himself without his knowledge.
More legal consequences
An ADT spokesman said the company brought the illegal conduct to the attention of prosecutors last April, after learning that Aviles had obtained unauthorized access to the accounts of 220 customers in the Dallas area. The security company then contacted each customer “to help fix this”. The company has already resolved disputes with some of the customers. ADT published this statement last April and continued to update it.
“We are grateful to the Dallas FBI and the US Public Prosecutor’s Office for holding Telesforo Aviles responsible for a federal crime,” the company wrote in an update published on Friday.
After the discovery of the violation, ADT was hit by at least two proposed collective lawsuits, one on behalf of ADT clients and the other on behalf of minors and others who live indoors. The plaintiff in one of the actions was allegedly a teenager at the time the infringement occurred. ADT informed the family that the technician spied on his house almost 100 times, according to the lawsuit.
The lawsuits alleged that ADT marketed its camera systems as a way for parents to use smartphones to check in children and pets. ADT, complainants said, was unable to implement safeguards – including two-factor authentication or text alerts when new parties access accounts – that could have alerted customers to the intrusion. The breach was discovered when a customer noticed an unauthorized email among the addresses that were allowed to access the security system.
The revelation of an electronic Peeping Tom is a good reminder of the risks that come from installing cameras connected to the network at home or elsewhere where there is a reasonable expectation of privacy. People who choose to accept these risks should learn how to use, configure and maintain the devices. Among the first things to inspect is the list of users who have been granted access and who actually connected to the system.