An international hacker collective cracked into a vast collection of security cameras run by a single Silicon Valley company, just to see if it could be done. Among the prisons, schools, health clinics, hospitals and police departments around the world that experienced security breaches was a Tesla supplier’s assembly line in China.
Bloomberg has the exclusive on the breach. Not only were streams from the private security firm Verkada hacked by a collective called the Advanced Persistent Threat 69420, but Verkada’s video archives, balance sheets and customer lists were targeted as well:
A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.
Companies whose footage was exposed include carmaker Tesla Inc. and software provider Cloudflare Inc. In addition, hackers were able to view video from inside women’s health clinics, psychiatric hospitals and the offices of Verkada itself. Some of the cameras, including in hospitals, use facial-recognition technology to identify and categorize people captured on the footage. The hackers say they also have access to the full video archive of all Verkada customers.
The hackers were able to access 222 cameras in the Tesla supplier’s warehouse. One of the hackers, Tillie Kottmann, told Bloomberg that the collective’s intention was to show just how easily such systems can be breached. Kottmann told Bloomberg the collective also claimed responsibility for previous hacking incidents at chipmaker Intel and at Nissan Motor.
Kottmann told Bloomberg the reasons for the hacking are “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism — and it’s also just too much fun not to do it.”
Tesla was the only affected company to release a statement to Bloomberg:
Tesla said that, “based on our current understanding, the cameras being hacked are only installed in one of our suppliers, and the product is not being used by our Shanghai factory, or any of our Tesla stores or services centers. Our data collected from Shanghai factories and other places mentioned are stored on local servers.”
Verkada Inc. is currently investigating the incident and working to notify its customers of the security breach. What’s really scary is that some of these cameras also employ facial recognition software, used mainly by prisons and hospitals to track people’s movements in high resolution. It was apparently an easy hack, too. Kottmann had this to say about the operation:
The hack “exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit,” Kottmann said. “It’s just wild how I can just see the things we always knew are happening, but we never got to see.” Kottman said they gained access to Verkada’s system on Monday morning.
Kottmann makes an excellent point. Heck, this isn’t the first time Verkada’s cameras were abused. In October 2020, Verkada fired three of its own employees who used cameras in its facility to take photos of female Verkada employees and make explicit jokes about them. Even the keeper of the keys to this technology can’t really be trusted to use it in a secure and humane manner.