UPDATE MARCH 15: One of the schools that was targeted by the Verkada hack was Sandy Hook Elementary School, reports the Hartford Courant. Hackers were able to watch live feeds from the outdoor and indoor cameras of the campus.
In 2012, a gunman broke into the school, fatally shooting 20 children and six campus staff members before turning the gun on himself.
ORIGINAL MARCH 10 ARTICLE:
San Mateo, California — A group of hackers allegedly breached Verkada, a provider of enterprise security software and hardware, gaining access to live feeds of 150,000 security cameras, according to a Bloomberg report.
An international collective of hackers accessed video from Tesla, Cloudfare, schools, hospitals, prisons and thousands of other organizations, according to the report.
Hackers managed to gain “Super Admin”-level access to Verkada’s system using a username and password it found publicly on the internet. From there, the members were able to access the entire company’s network, including root access to the cameras themselves, which, in turn, allowed the group to access the internal networks of some of Verkada’s customers.
In addition, hackers were able to view video from inside women’s health clinics, psychiatric hospitals and the offices of Verkada itself. Some of the cameras, including in hospitals, use facial-recognition technology to identify and categorize people captured on the footage. The hackers say they also have access to the full video archive of all Verkada customers, according to Bloomberg.
In a video seen by Bloomberg, a Verkada camera inside Florida hospital Halifax Health showed what appeared to be eight hospital staffers tackling a man and pinning him to a bed. Halifax Health is featured on Verkada’s public-facing website in a case study titled: “How a Florida Healthcare Provider Easily Updated and Deployed a Scalable HIPAA Compliant Security System.”
Another video, shot inside a Tesla warehouse in Shanghai, shows workers on an assembly line. The hackers said they obtained access to 222 cameras in Tesla factories and warehouses, according to Bloomberg.
The report cites a statement from Tillie Kottmann, said to be one of the hackers who claimed credit for breaching Verkada’s networks. Kottmann said the collective’s actions were intended to show the pervasiveness of video surveillance and the ease with which systems could be broken into.
Kottmann previously claimed credit for hacking chipmaker Intel Corp. and carmaker Nissan Motor Co. Kottmann said the group’s reasons for hacking are “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism — and it’s also just too much fun not to do it.”
In statement to Bloomberg, a Verkada representative said: “We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this potential issue.”
Founded in 2016, Verkada, based here, sells security cameras that end users can access and manage through the web. In January 2020, it raised $80 million in venture capital funding, valuing the company at $1.6 billion.
This article originally appeared in CS sister publication Security Sales & Integration.