3 TB of Private Webcam/Home Security Video Leaked on Porn Sites

schwit1 quotes Input: A hacking group that has yet to identify itself found and stole more than 3 TB of private video from around the world — mainly collected from Singapore — and shared it on porn sites, according to reports from local media like The New Paper. While some of the footage was indeed pornographic in nature, other videos are more mundane.

More than 50,000 private IP-based cameras were accessed by hackers to amass the collection. Some were explicitly tagged with locations in Singapore, The New Paper reports, while others revealed their location as Singapore based on context clues such as book titles and home layout. Many show people (sometimes with their faces censored) in "various stages of undress or compromising positions...."

It's looking like poor security is the culprit. Clement Lee, a solutions architect for multinational software company Check Point Software Technologies, told The New Paper that the hacking of IP cameras is often due to "poor password management." IP cameras make it easy to access your video feeds from anywhere — which means it's also easy for hackers to access them from anywhere, once they've figured out your password...

The unfortunate fact of the matter is that internet-connected devices are inherently susceptible to hacking. Add lax encryption and lazy users to the mix and you have a recipe for disaster.

Hold the phone - Oh, nothing

[AndyKron]

Then they saw the opossum eating some old cole slaw and my cat walking out the door this morning.

Re:

[vlad30]

First thought who had time to look at al that video to find 3TB of potentially private moments then I thought who is stupid enough to put cameras where private moments could be captured? So your post makes sense an should be modded funny/insightful

Singapore

[Cmdln Daco]

So the porn was a teenage girl popping her bubble gum?

Re: Singapore

[ethanms]

...that's definitely a caning.

Sounds hot

[Patent Lover]

Can't wait to seem some of that hot hot moth flying around a light action.

Re:

[Aighearach]

LOL an old guy who still hasn't discovered the internet.

Lies

[sizzlinkitty]

I can't find it any where, this has to be a fake article. Proof or it didn't happen.

Re:

[Aighearach]

It isn't that sort of leak, they mean these videos are, and have already been, running at the usual places. Try using the "category" listings.

Re:

[hcs_$reboot]

Here is the link:

Re:

[hcs_$reboot]

Damn slashdot! These tags never work

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[BitterOak]

No, the culprits are those who obtained and distributed the files.

While technically true, if I have a million dollars worth of gold bullion visible through my living room window and I leave for a week long vacation with the front door wide open, then I will probably find the gold is gone when I return. In that case, the person responsible is the one who walked in and stole the gold, but it is almost a certainty that someone will have done that, and therefore one would probably point to my carelessness as the reason the gold disappeared.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Aighearach]

> therefore one would probably point to my carelessness as the reason the gold disappeared.
And that person would be wrong, at best they could say that the carelessness is "part" of the reason.

Wrong as in, they're a bad person?

Or RONG as in, you want to believe they're incorrect, but really they're just looking at the issue from a different direction than you, and using the language that is normal to use when viewing from that side?

Re:

[hcs_$reboot]

I will probably find the gold is gone when I return

Oh you live in the US? In Singapore or Japan the gold would still be there.

Re:

[hcs_$reboot]

Isn't a society condemning the intention?

Re:

[anegg]

I agree that the "culprits" are the ones who obtained and distributed the files. But I truly can't understand why people would put cameras in their houses that are positioned in a way that a) monitors them at all, b) monitors them where they might be less than clothed, and c) monitors them where they might be getting it on. To do so while not being absolutely sure of the security of the cameras seems like swimming in shark infested waters while bleeding from a cut.

Re:

[Aighearach]

No, the culprits are those who obtained and distributed the files.

The legal moral culprits, yes, yes, indeed, very true, Good Boy, you are truly Virtuous.

However, the context of the discussion you're referring to was actually about the full range of root causes, not moral or ethical responsibility.

Just as the low shear strength of typical Earth materials is one of the culprits in the high rate of bicycle theft in modern cities.

Damn .. I ignored the emails

[OzPeter]

All those emails saying that if I didn't pay a certain amount of bitcoin that they'ed release the video of me watching porn In flagrante delicto. I never responded to them because I thought they were a scam. But now I'm worried that I missed my chance to hide those moments from my friends and family. Who knew?!!? /s

Re:

[Aighearach]

Report your fursuit stolen now, it won't be a believable story if you report it after everybody starts asking.

Re:

[Rockoon]

Friends and family?

Wait until your employer finds out that you single-handedly pioneered the 'Midget Porn with Power Tools' category.

Re:

[AmiMoJo]

I asked them for the video because I had lost my bookmarks but they never got back to me. I even offered a Bitcoin.

Default passwords are the vendors fault, not users

[Pimpy]

Companies trying to pass the "poor password management" blame onto users is exactly how these massive leaks happen in the first place. If vendors required users to set non-default passwords on initial configuration, most of these problems would disappear. There are already actions in place by the EU to ban manufacturers from using default passwords in connected consumer devices, but it's pretty pathetic that the industry can't work this out on their own without regulatory intervention.

Re:

[kbsoftware]

Well it would help a bit, but we still have to remember most people use "stupid" passwords. I think the number one password still is something like 123456.

Re: Default passwords are the vendors fault, not u

[tchetch]

That's because users have been told to use pass-word. Tell them to use pass-phrase, tell them to use a phrase from their favourite song or poem or book or inspirational phrase or whatever. A phrase they already know by heart. It's easy to remember as they already know it and it's secure enough. A Pink Floyd fan might go with "we don't need no education". Good enough. For added security, tell them to start every word with caps : "We Don't Need No Education". Now they have something to use for devices.

Re:

[CubicleZombie]

When I have to create an account to order a pizza, I use a weak password because I just don't care.

The things people care about

[joe_frisch]

Its interesting that while many people are happy to post all sorts of details about their lives on FB, easily attached to their real identity, many are concerned about possible nude or pornographic videos, that I have to imagine would be almost impossible to associate with an actual identity.

Re:

[drew_kime]

Its interesting that while many people are happy to post all sorts of details about their lives on FB, easily attached to their real identity, many are concerned about possible nude or pornographic videos, that I have to imagine would be almost impossible to associate with an actual identity.

Maybe you're not familiar with this thing that's typically used to associate identity: a face.

Re:

[joe_frisch]

Is the technology good enough to do that in an automatic way with poor quality sec cam videos? Otherwise there are a nearly unlimited number of porn videos, so I'd think the odds of recognizing someone you knew would be really small.

Multitude of problems with security cameras...

[Bert64]

A lot of the cheaper security cameras out there are unbranded junk from china, many of which have default passwords - some of which cannot be changed, as well as various security flaws. Often the vendor never patches these flaws either.

But it is rare for these cameras to be directly reachable from the internet, unless the user has explicitly opened ports for them. This is also true for IPv6, where the default configuration of a home router is to block inbound connections by default - with the added obscurity that an attacker is unlikely to discover the address of a device in amongst the 2^64 possible addresses a user has.

However because of the above, the ability to access cameras from outside would be lacking, so many of these cameras operate a cloud service to which you can connect and access the cameras. Sometimes it's as simple as scanning a qr code that came with the camera. An attacker could easily generate codes for sequential serial numbers and see what comes up etc.

The cloud service itself could also be compromised...

If you want to run your own cameras, configure a VPN with strong authentication and connect to the cameras over that, don't give them any form of direct internet access. Also you want to find cameras that support a standard web browser and open formats for video streaming, a lot of the cheaper chinese one use proprietary protocols or require activex.

Pay Up

[kbsoftware]

What's not mentioned in this article is that you have to pay for the explicit stuff, $150. https://theindependent.sg/stol... [theindependent.sg]

Sigh

[ledow]

1) Don't put cameras where you don't want to be watched.
2) Switch off your system when you're in your home. Why do you need it then?
3) Never allow a CCTV system out to the Internet. Put it on an isolated network that does NOT allow outgoing traffic.
4) If this stops you using the app... aw... shame. Almost all CCTV NVRs will provide local RTSP streams, if you're that desperate, or just dial into your home with a proper mechanism (e.g. a VLAN, or remote control of a computer) and view them over the local network.

Simple rules. I fit CCTV systems as part of my job. I don't put them internally, there's little point (it's game over once someone you don't want to get in has got to that point!). I don't point them at anything sensitive and/or I mask the footage in those areas. I put the cameras on their own VLAN. I put the CCTV NVR straddling the camera VLAN and something you can use to watch it, but it still can't get out. I don't use their apps. I don't let them talk to the Internet.

Oh, and I don't have sex in front of cameras.

Re:

[AmiMoJo]

All of which is about 200 hours more learning than the average person is willing to put in to getting their Nest camera to work. Someone told them they were good, that's all they needed to know.

Everything has to be built to be secure without the user having any knowledge, because generally they don't. If it needs a non-default password it better force them to change the password before using it. If they shouldn't put one in sensitive areas it should warn them repeatedly and brick itself if they try to renam

Re:

[ledow]

We passed that point 20 years ago.

Everything ships in an insecure configuration, for simplicity of use. Especially if it's cheap junk from China, and/or the company that it sends data to is the one you bought it from.

If you have to trust that it ships securely, you're stuffed. If you have to learn to use it in a way that it doesn't matter if it's insecure, you solve the problem for yourself once and for all.

Re:

[drew_kime]

Oh, and I don't have sex in front of cameras.

That you know of.

Imagine all those poor people

[OpinOnion]

Trying to harmlessly surf some porn and being spammed with 98% useless webcam footage.

Child porn?

[joe_frisch]

Isn't there a huge risk that there will be underage people in a state of undress in these videos? Seems very dangerous for anyone to have collected, or distributed these.