So you have caused worldwide – 250 countries, in fact, mayhem by hacking into the webcams and baby monitors, which you preceded to beam live on your website, what do you do now?
Of course, you close down the offending live feeds and instead place an advertisement looking for work!
“Programmer looking for a good remote job.”
This is now the only content left on the site, along with a list of skills and an email address.
The Russian-based site, called Insecam, was streaming footage from systems using either default passwords or no log-in codes at all. If you connect such a web-based camera to the internet with no password, you are simply producing a public web page that displays video to the world.
Alarmingly the site contained 500 feeds from the UK, along with listings for 4,591 cameras in the US, 2,059 in France and 1,576 in the Netherlands.
When approached, the offender claimed he was not a hacker as the webcams had very weak passwords and he hadn’t infiltrated any security settings. Not much of a plea of innocence!
It would appear that many of the passwords were the default password issued at the point of sale. We totally agree with wireless camera maker, Foscam, who condemned what it called, a gross violation of people’s privacy.”
The company’s chief operating officer, Chase Rhymes went on to say “An analogy best describing this would be just because someone leaves their window open it does not give permission for an unauthorised individual to set up a camera outside their window and broadcast the feed worldwide.”
Thankfully the site as we said has seized to beam any footage, but surprisingly last week at its height the ICO (Information Commission Office) offered up little hope of halting the Russian website or others like it beyond the UK’s borders.
“If a website in the UK did this we would take action against it because firstly it’s a breach of the Data Protection Act because you are accessing people’s information and you shouldn’t be, and secondly there are also issues around the Computer Misuse Act as well,” the spokesman added.
So it would seem our passwords are the issue. This is a topic we have written about before and cannot stress how important it is to choose wisely.
The University of Surrey’s Prof Alan Woodward suggests the following rules should be observed when picking a new password.
Don’t choose one obviously associated with you
Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet’s name you’re in trouble.
Choose words that don’t appear in a dictionary
Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.
Use a mixture of unusual characters
You can use a word or phrase that you can easily remember but where characters are substituted, e.g. Myd0gha2B1g3ars!
Have different passwords for different sites and systems
If hackers compromise one system, you do not want them having the key to unlock all your other accounts.
Keep them safely
With multiple passwords, it is tempting to write them down and carry them around with you. Better to use some form of secure password vault on your phone.
So what do you think, were the webcams and baby monitors breached or did they really need passwords?
Until next time…