NEW YORK (PIX11) — A Russian hacking group is suspected of breaking into thousands of surveillance cameras around the world and posting live feeds online.
The cameras range from those in private homes to businesses, all tapped without the owners’ approval.
A side panel on the Insecam homepage gives a breakdown of where each camera is by country.
Insecam is able to access the cameras that are hooked up to public servers.
Websites such as Shodanhq are used to sweep the internet looking for IP address of devices connected to the web.
Laptop and USB-connected webcams are not included, Mashable reports.
In the United States alone there are over 11,000 feeds on the site.
PIX11 found over 100 cameras around Manhattan with a Google Maps zoom-in of the location.
Users can also see the manufacturer of the camera, the default login and password.
Insecam was designed to show the importance of security settings, according to the creators.
Several media outlets reported the breach when the site posted the feeds online.
The site addresses the allegations that they’re hacking into cameras in the frequently asked question portion.
This monumental breach is both startling and newsworthy enough that we enlisted tech and cyber security analyst Raj Goel to help drive home the point that this isn’t just a voyeur’s paradise.
“As security experts say, on the internet every psychopath is your neighbor. In this case, this person has graphically demonstrated. From all over the world, that internet insecurity – stupidity, is not just an American problem, it’s a global thing. It’s the equivalent of buying a combination lock in high school, and leaving the password 0-0-0-0,” said cyber security analyst Raj Goel.
“These cameras are not hacked. Owners of these cameras use default password by unknown reason,” the website says. “There are a lot of ways to search such cameras in internet using Google, search software or specialized search sites.”
The website then lists over a dozen examples of how to search security cameras in Google.
Goel showed us a video feed from an area described as the Aberdeen proving ground, a US Army facility in Maryland.
On our own, we checked in at a deli. Good thing we weren’t crooks trying to case the place.
There is even a maps display giving us the exact location from there the feed is coming from.
But perhaps, what’s more disturbing, Goel says protecting yourself against the world’s peeping toms is as simple as updating the default credentials on these camera devices
Cyber security experts tell KDVR that it’s not difficult for hackers to access the cameras because many users have generic usernames and passwords.
To protect yourself, experts say users should disconnect PCs and laptops from Internet connections overnight. People can also mask web cameras with tape to prevent someone from seeing a feed.