Authorities raise alert over Russian website hacking into webcams

Macau and Hong Kong’s data protection authorities have uncovered a Russian website hacking into thousands of webcams across the globe. According to the UK Information Commissioner, Christopher Graham, authorities here first alerted officials in Australia, who then passed on the information to Canada, eventually reaching authorities in the United Kingdom.
He added this is a good example of cooperation between data protection authorities across the globe, although he admitted on Friday that the site cannot be quickly shut down. The Information Commissioner’s Office said it is seeking contact with its Russian counterparts to shut down the website, while also coordinating with other foreign agencies and the U.S. Federal Trade Commission.
The Washington Post reported Saturday that a profound violation of privacy is indeed “quietly unfolding” as a Russian-based website is allowing voyeurs to view footage from home and office webcams installed in France, the Netherlands, Japan, United Kingdom, Mozambique, Gambia, Bahrain, and the United States.
According to the U.S. newspaper, voyeurs have access to various images, including infants sleeping in their cribs, school hallways, home kitchens, parking lots and lounge rooms. Alongside live streaming, hackers have also made available a map with GPS coordinates for each webcam into which they have hacked.
The Times sought comment from Macau’s Office for Personal Data Protection (GPDP), but couldn’t obtain a reply prior to publication, on whether or not webcams in Macau have also been targeted, and how the hacking activity was uncovered.
The website takes voyeurs to nearly 4,600 locations in the United States, the Washington Post reported. But it goes beyond that to reach the private webcams of thousands of people across the globe.
Those behind the major violation of privacy said they have hacked into webcams or even web-
connected video devices such as baby monitors using default passwords, which were not changed by owners. They were hoping to show “the importance of [the correct use of] security settings,” The Independent reported.
The UK Information Commissioner has urged anyone whose remote-access cameras may be at risk to change their passwords, as hackers are targeting cameras whose owners are still using the manufacturer’s default password.
Hackers said that their actions were “fully legal.” “This site has been designed in order to show the importance of the [correct use of] security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera default password,” they stressed.
Mr Graham has acknowledged that it is difficult to remove the website immediately. “It may take longer to get the site taken down. It is not within my jurisdiction, it is not within the European Union; it is Russia. I will do what I can but don’t wait for me to have sorted this out. The action is in your own hands if you have one of these pieces of kit,” Mr Graham said.
The website has been in operation for about a month. The fact that hackers are publicly displaying postcodes, as well as latitude and longitude co-ordinates of each camera has raised concerns over the possibility of criminals using the website to identify and locate any empty homes.
The website was originally based in Moldova, but has recently changed its location to a web address in Moscow, using a domain name linked to either Australia or Cyprus.
The site also provides a link to other websites showing how to find obscure web addresses for cameras, as well as for their default passwords used by manufacturers.
A security adviser to Sophos, a developer of computer security software, Maxim Weinstein, told The Independent that “every internet-connected device – be it a smartphone, tablet, laptop, webcam, or thermostat – is essentially a monitoring device. They know where you are, what you’re doing and in many cases they can see and hear you. There’s always the risk that a criminal will hijack your ‘connected devices’.” CP