Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv
securityaffairs.com
external-link
Ukraine’s SBU: Russia-linked actors hacked surveillance cameras to spy on air defense forces and critical infrastructure in Kyiv

Man, I hadn’t thought of that as being a threat.

There are probably zillions of brands of inexpensive, insecure cameras out there from companies that have gone out of business and which were poorly-set-up or configured. Usually not a huge issue, but for military operations in urban areas, it’s gonna be a pain.

Countering that is going to be tough.

Maybe disallow security cameras above the third story or something like that, so that any one camera can only see so much. If you can break into one way up and rotate it, which it sounds like they did, then you have good odds of being able to see a lot.

Or disguise the military hardware, which also helps address humans who might be spying.

Justin
link
fedilink
English
210M

I believe the GDPR covers surveillance cameras. At least, Sweden’s version of the GDPR does cover cameras. It is illegal to film public places without approval from the police. If I want to put up a camera, it needs to only film my property, with no sight lines of public space.

https://www.imy.se/privatperson/kamerabevakning/fragor-och-svar---privatpersoners-kamerabevakning/

It’s also been illegal to publish aerial photos of the horizon in sweden for a long time, for security reasons. If you publish a photo of the horizon, there is a possibility that there is military base or other secured object in the photo, and you could be in serious trouble. So you need to get approval from the government before publishing the photo.

https://www.lantmateriet.se/sv/spridningstillstand/undantag/

Sweden’s version of the GDPR does cover cameras. It is illegal to film public places without approval from the police

That is not correct, you just need to follow the GDPR guidelines regarding data handling and legitimate purpose:

https://www.imy.se/privatperson/kamerabevakning/att-vara-personuppgiftsansvarig/

illegal to publish aerial photos of the horizon in sweden for a long time, for security reasons. If you publish a photo of the horizon

https://www.lantmateriet.se/sv/spridningstillstand/undantag/

This ties into the “legitimate purpose” of the previous point: you are not forbidden from publishing photos “of the horizon”, but an “aerial photo that goes up to the horizon” is likely to go way beyond any legitimate purpose, also showing your neighbor’s property, any nearby public roads with people (aka: personal information) on them, along with any possible strategic infrastructure.

The review process is for strategic infrastructures, but in this case it’s a double whammy, where you also need to comply with the GDPR.

Justin
link
fedilink
English
110M

As a private person, IMY’s page states this requirement for setting up a surveillance camera.

att kameran inte fångar en plats dit allmänheten har tillträde

But yeah, GDPR isn’t very restrictive unless you’re capturing personal information without a valid reason. Usually the police/myndighet permits are just to make sure that you have a valid reason.

I think that part of the problem here was that the person who compromised the cameras was able to robotically rotate them to look at something else. So it’s not just what they’re aimed at, but what they can be remotely-aimed at that matters for this.

4dpuzzle
link
fedilink
English
310M

Are you kidding me? Governments are trying to expand surveillance on us plebs by expanding their own coverage and forcing access to private ones. We wouldn’t have such cameras if they cared about our privacy or safety.

PS: This case should be considered as a slap in the face for those “I don’t need privacy because I have nothing to hide” people

@A1kmm@lemmy.amxl.com
link
fedilink
English
310M

Maybe a good countermeasure would be a lot of honeypot fake cameras that actually just play old video on a loop, or AI generated fake video. Then they might struggle to work out which cameras are real, and waste their time on fake intel.

sub_o
link
fedilink
English
610M

I remember Mirai botnet that scanned for default password on IoT cameras.

They could definitely become a weak link.

@megopie@beehaw.org
link
fedilink
10
edit-2
10M

I remember a while back stumbling arose a forum or web page or something that was just a list of web cams that had ip’s anyone could connect to through a browser, part of it was people playing a sort of geo guesser game and figuring out out exactly where the camera was.

Always felt super weird and surreal, like, I remember two in particular, one was probably a cam in some officer building in Japan. I sat there and watched this guy work on his computer for a like a minute and realized this dude probably had no idea he was being watched by some random weirdo.

Another was a camera on what was probably a Venezuela oil rig, this one had little in built servos so it could pan left right up and down, the inputs for this were open along with the video feed. I wiggled it up and down a bunch out of fascination for like a minute, then a guy I. A hard had and a high vis fest was walking by, he froze and looked at the camera. I stoped moving it and then slowly nodded it up and down. He just started and I closed the page, feeling a little freaked out.

To this day I refuse to have a web connected camera uncovered in my home, I put post its or tape over anything I can’t physically get rid of.

Kerb
link
fedilink
610M

you can even google unsecured webcams with querries like: inurl:/view.shtml

and thats just the easy way,
people are constantly portscanning all over the internet.

if you have any device that is publicly reachable,
people know it exists, and will try to hack it

@jarfil@beehaw.org
link
fedilink
7
edit-2
10M

https://www.shodan.io/search?query=webcam

Geolocalized for easier browsing, currently showing 64 webcams in Kyiv, some with funny things like RDP access.

I always suggest everyone to check their own IP in Shodan, lots of surprises await.

Create a post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

  • 1 user online
  • 56 users / day
  • 167 users / week
  • 618 users / month
  • 2.31K users / 6 months
  • 1 subscriber
  • 3.28K Posts
  • 67K Comments
  • Modlog