A US hacker collective on Tuesday claimed to have tapped into footage from 150,000 security cameras at banks, jails, schools, carmaker Tesla, among others. The group of hackers viewed both live and archived footage from hundreds of businesses by gaining access to cameras manufactured by Verkada.
Images from surveillance videos have been shared online on Twitter with an #OperationPanopticon hashtag for everyone to see.
Hackers claim their goal is to expose “the surveillance state.”
“What if we just absolutely ended surveillance capitalism in two days?” a purported member of a hacker group said on Twitter. “This is the tip of the tip of the tip of the iceberg.”
The attacks are largely attributed to a group of hackers known as a group called APT-69420 Arson Cats.
Swiss hacker Tillie Kottmann, a member of the group, described it to The Associated Press as a small team of “primarily queer hackers, not backed by any nations or capital but instead backed by the desire for fun, being gay and a better world.”
The hacker group claimed to have stolen the credentials of a high-level administrator at Silicon Valley company Verkada and got access to its platform operating security systems.
Following the incident, Verkada disabled all internal administrator accounts to prevent any further unauthorized access.
That California startup said it is investigating the breach, that has been first reported by Bloomberg, and also notified law enforcement.
“Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement,” said a Verkada spokesperson and added that the company notified customers that use its platform.
Surveillance camera imagery posted on Twitter included Tesla manufacturing facility, a jail cell unit, and a bank storage room.
The breach of Verkada cloud storage underscores the risk of storing security surveillance in third-party cloud storages, according to Digital Shadows chief information security officer Rick Holland.
“You don’t always get more secure when you outsource your security to a third party,” Holland said.
He expects that the breach will trigger investigations by US and European privacy regulators.