A network of cybercriminals has successfully breached thousands of private CCTV cameras. The attackers used a simple technique to exploit one of the most common security flaws of an unchanged default password.
All it took for automated “brute force” bots to gain access was the login “admin” and password “123” for an estimated 50,000 camera feeds. The deeply personal and often obscene footage captured from these cameras includes many in private homes, hospitals, and schools, which was then reportedly packaged and sold online. Payal Maternity Hospital in Rajkot was a victim of this crime.
Reports of cybercrime indicated that around 50,000 clips were being sold on private online groups, like those on the Telegram app, at prices ranging from ₹700 to ₹4,000, turning this devastating privacy violation into a criminal enterprise.
How did the hackers get in?
According to the Times of India report, security experts mention that this is not a sophisticated operation but a crime of opportunity at a massive scale. Brute force bots were used by the attackers. These bots are simple automated scripts that try to log in to devices repeatedly.
These bots crawl the internet searching for the IP addresses of CCTV cameras. Once a camera has been identified, the bot tries to log into it using thousands of known password combinations in a very short period.
Many CCTV cameras are sold with a default username of “admin” and a password of “123”. Users often install these cameras and do not change these default credentials, neglecting the instructions, and hence it becomes extremely easy for the hacker bots to find these cameras.
How to prevent your cameras from being hacked?
Change the default password: Once the camera is installed and started using the default password, change it immediately. The new password given should be a long and complex one, which should have a mix of uppercase letters, lowercase letters, numbers, and symbols. Avoid using simple passwords like “password123” or personal names.
Enable 2FA or MFA: If the camera system allows it, enable two-factor authentication (2FA) or multi-factor authentication (MFA). This means even if someone tries to hack your password, they need a second code or need to complete multiple processes.
Update the firmware: Manufacturers timely release software updates. Ensure the CCTV camera installed is updated with the latest version to upgrade it to the latest security patch.
