An international hacker collective broke into the network of cloud-based surveillance firm Verkada and accessed live footage of 150,000 surveillance cameras of several clients.
The hackers also gained access to entire archive videos of the American startup’s customers that include companies, jails, schools, hospitals, prisons, women’s health clinics, police departments, psychiatric care centers, and so on. Some of the cameras had facial recognition systems that identified and classified people into groups.
The hack was conducted by APT-69420, an anti-corporate hacktivist group from Switzerland. They gained access to Verkada’s systems on March 8, with the hack lasting 36 hours. The hacking group’s representative Till Kottmann pointed out that Verkada has a fully centralized platform, making it easy for them to access and download client data.
Calling the company’s security “nonexistent and irresponsible,” Kottmann said that her team had decided to target Verkada to show how easily third parties can access surveillance cameras and potentially gain access to sensitive information. She said that her team is not motivated by making money. Kottman also dismisses concerns that her actions would result in serious repercussions.
“We do scans for very broad vectors looking for vulnerabilities. This one was easy. We simply used their web app the way any user would, except we had the ability to switch to any user account we desired. We did not access any server. We simply logged into their web UI with a highly privileged user [account]… APT-69420 is not backed by any nations or corporations, backed by nothing but being gay, fun, and anarchy,” Kottman told CBS News.
Among the affected companies is Tesla, with hackers gaining access to 222 cameras installed in the firm’s warehouses and factories. Tesla released a statement saying that the hack was restricted to only one supplier. The company said that surveillance camera footage from their Shanghai factory and other places is safe since they are stored on local servers.
Software provider Cloudflare, who was also affected by the breach, admitted that cameras in a “handful” of offices might have been compromised. However, many of the cameras were located in offices shut down for several months. Cloudflare has since disabled the cameras, disconnecting them from office networks.
Verkada is investigating the matter, and the company is notifying customers of the breach and has set up a support line to deal with any queries their clients might have.
Hackers stole NSA tool
The APT-69420 hack comes as a recent report by cybersecurity firm Check Point Research revealed that Chinese hackers had stolen a tool developed by the National Security Agency (NSA), using it to target several American companies.
The hacking group, APT-3, is backed by the Chinese government. In 2014, the Chinese stole some of the NSA’s codes and used it to create their hacking tool, which was eventually used against defense company Lockheed Martin and a host of other firms.
The hacking group’s custom tool, named in the report as ‘Jian,’ allowed them to gain super privileges on networks, allowing them to access more data in the system. The tool remained in use for over three years before being discovered by Microsoft, who patched the vulnerability.