Tasken
Advanced
- Joined
- 22.09.20
- Messages
- 127
- Reaction score
- 945
- Points
- 63
Bloomberg reports that a group of hackers managed to gain access to surveillance cameras installed in Tesla, Equinox, medical clinics, prisons and banks. In addition to the images from the cameras, the hackers published screenshots proving that they had direct access to the surveillance systems installed at the headquarters of Cloudflare and Telsa. The group's operation was carried out under the hashtag #OperationPanopticon.
The Bleeping Computer publication contacted the group's reverse engineer, Tilly Kottmann, and she said that the access was obtained thanks to the compromise of the account of the super-administrator of Verkada, which deals with corporate security systems, including video surveillance, and works with all victims. Allegedly, this recorded data was hard-coded and found in the open DevOps infrastructure.
On Twitter, Kottmann posted several images taken from surveillance cameras at Equinox, Tesla and Bank of Utah.
She also published screenshots of root access to a certain system. Since the image shows the MAC address of one of the network cards, the journalists were able to make sure that it corresponds to the Verkada equipment.
Shortly after the publication of Bloomberg, the group lost access to the super administrator's account, as Verkada engineers learned about the hack.
"We have disabled all internal admin accounts to prevent any unauthorized access. The Internal Security Team and the external security service are investigating the extent of this incident, and we have already notified law enforcement agencies," the company said.
Representatives of Cloudflare confirmed the fact of hacking, but say that the compromised cameras were located in offices that have been closed for many months, and the incident did not affect the company's customers and products in any way. Currently, all the problematic cameras are already disabled.
No comments from Tesla, Equinox and other affected companies have yet been received.
The Bleeping Computer publication contacted the group's reverse engineer, Tilly Kottmann, and she said that the access was obtained thanks to the compromise of the account of the super-administrator of Verkada, which deals with corporate security systems, including video surveillance, and works with all victims. Allegedly, this recorded data was hard-coded and found in the open DevOps infrastructure.
On Twitter, Kottmann posted several images taken from surveillance cameras at Equinox, Tesla and Bank of Utah.
She also published screenshots of root access to a certain system. Since the image shows the MAC address of one of the network cards, the journalists were able to make sure that it corresponds to the Verkada equipment.
Shortly after the publication of Bloomberg, the group lost access to the super administrator's account, as Verkada engineers learned about the hack.
"We have disabled all internal admin accounts to prevent any unauthorized access. The Internal Security Team and the external security service are investigating the extent of this incident, and we have already notified law enforcement agencies," the company said.
Representatives of Cloudflare confirmed the fact of hacking, but say that the compromised cameras were located in offices that have been closed for many months, and the incident did not affect the company's customers and products in any way. Currently, all the problematic cameras are already disabled.
No comments from Tesla, Equinox and other affected companies have yet been received.