Hackers Target Tesla, Sandy Hook Elementary School in Sweeping Security Camera Breach
An international hacker collective claims to have breached the security camera data of Tesla, Sandy Hook Elementary School and numerous other companies and institutions.
The collective, which calls itself "Advanced Persistent Threat 69420," said it hacked into Verkada, a security camera software start-up. The company is based in the technology region of California known as Silicon Valley.
Tillie Kottmann, one of the hackers who claimed credit for the breach, told Bloomberg News that they found a username and password for one of Verkada's "Super Admin" accounts online.
Kottman said the collective then gained access to live feeds of 150,000 surveillance cameras, as well as the video archives of all of Verkada's customers and Verkada's balance sheet. Most company balance sheets contain a listing of its financial assets, liabilities and equity for any owners.
"We have disabled all internal administrator accounts to prevent any unauthorized access," a Verkada spokesperson said in a statement. "Our internal security team and external security firm are investigating the scale and scope of this potential issue."
The spokesperson also said that Verkada is reviewing all logins and actions, has notified all customers and created a helpline to address customer questions and issues.
The companies reportedly affected by the hack include Verkada; the software provider Cloudflare Inc.; the high-end gym chain Equinox; the Florida hospital Halifax Health; the Wadley Regional Medical Center in Texarkana, Texas; Tempe St. Luke's Hospital in Arizona; a police station in Stoughton, Massachusetts; and Sandy Hook Elementary School in Newtown, Connecticut, the site of a 2012 mass shooting that killed 20 people.
Additionally, the hackers claimed to have accessed 330 cameras in the Madison County Jail of Huntsville, Alabama as well as 222 cameras in factories and warehouses belonging to the electric carmaker Tesla.
Kottmann told the aforementioned publication that they hacked Verkada to illustrate how security surveillance has infiltrated society at large. They also said the collective hacked the cameras due to "lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism—and it's also just too much fun not to do it."
The hackers also said they accessed "root" data on the cameras, in some cases allowing them to remotely control a camera's physical position or to hack into a company's camera systems at a later date.
In 2019, Amazon's Ring home security cameras were blasted as a risk after the cameras across the U.S. were compromised and exploited to trouble parents and children in their homes.
A collective of privacy digital rights groups led by Fight for the Future called the cameras "not safe." The collective also urged the public to avoid the cameras and educate others about their risks. In some cases, a hacker could access a home's wireless network using the login details from Ring cameras.
"If you want to keep your family safe, don't bring gadgets that are constantly watching and listening into your home," Evan Greer, deputy director of Fight for the Future, told Newsweek. "This is not a problem that can be fixed with a stronger password. It's fundamentally dangerous to live in a world full of cheap, insecure, internet-connected surveillance devices."
Amazon responded by claiming that it had removed all bad actors from being able to access the cameras.
