The public is being warned about a Russian-based website which has been found to be broadcasting thousands of feeds of live video footage from inside homes and businesses around the world, including over 4,000 in the U.S., 2,000 in France and 500 in the UK. The footage has been accessed by hacking into personal webcams, CCTV cameras and even baby monitors using weak or default passwords.
The site includes footage of a child’s bedroom in Birmingham in the UK obtained from a baby monitor, as well as footage from inside a UK office, a gym and a shop interior, obtained from CCTV networks supposedly used to keep the companies and businesses secure.
The purpose of the website is to highlight poor cyber security, a person claiming to be the administrator told Sky News.
They wrote that broadcasting the footage was the only way to "contact a million" users. "All these cameras were viewed by a lot of users and (the) camera's owners have no chance to know about it for many years," they said. "Only mass media can help users to understand the importance to set a password."
The footage has been obtained from cameras using default passwords or without any passwords at all, allowing hackers to use software and search tools to scan the internet for feeds that can be accessed using the camera's' default setting.
The most commonly listed camera brand on the website was Chinese-made Foscam, followed by Linksys and then Panasonic.
A Linksys spokesperson told the BBC: “We are still trying to determine which Linksys IP cameras are referenced on the site. We believe they are older Linksys IP cameras which are no longer being manufactured.
“For these cameras we do not have a way to force customers to change their default passwords. We will continue to educate consumers that changing default passwords is extremely important to protect themselves from unwanted intruders.”
Over 500 cameras in the UK accessible this way have been listed on the website, as well as 4,591 cameras in the U.S., 2,059 in France and 1,576 in the Netherlands.
UK information commissioner Christopher Graham said he wanted to "sound a general alert", warning "there are people out there who are snooping".
He went on to say that if the administrators are trying to alert people to a security breach as they say they are then “now we all know and please will they take it down”.
The alleged administrator of the website told Sky News that the site would be taken down "only when all cameras will be password protected".
According to cyber security expert Caroline Baylon at the thinktank Chatham House, it’s incredibly easy for hackers to access webcams as many people never bother to change their passwords. “But this is not just a problem that involves webcams, it involves everything on the internet,” Baylon says. “The problem is that people are not aware that they should be changing the passwords for these cameras very regularly.”
Baylon also recommends covering up webcams when not in use. “The majority of people working in cyber security have a piece of tape over their webcams,” she told Newsweek. “The problem is that most people are just not sensitised to the issue.”
Whilst Baylon says that in many of the cases the hackers may be bored teenagers, she warns that cyber espionage is a growing field and is becoming an increasingly powerful weapon for gathering intelligence and stealing data. “In the world of cyber espionage governments have the technology to monitor and see anything that you might be doing online,” she said.
According to some analysts, cyber attacks and espionage have become an important tactic used by Russia to wage unconventional warfare.
British troops stationed in Poland were even been ordered earlier this month not to take laptops, smartphones and electronic devices as they could be targeted by Russian cyber spies.
It is feared that any poorly protected devices used by the troops, which have been sent to support Britain’s NATO allies in the region, could be used by hackers to obtain data such as GPS positions, emails or passwords.
This week NATO is holding its biggest ever cyber warfare drills, with over 400 experts from NATO countries meeting in Estonia to discuss how to protect their networks from cyber assaults.
In September, NATO leaders agreed that a large-scale cyber attack on a member country would be viewed as an act of agresssion and could even trigger a military response.