Bloomberg reports that some hackers have gained access to surveillance cameras installed in Tesla, Equinox, medical clinics, prisons and banks.
In addition to the images from the cameras, the hackers published screenshots proving that they had direct access to the surveillance systems installed at the headquarters of Cloudflare and Telsa. The group’s operation took place under the hashtag #OperationPanopticon.
Bleeping Computer contacted the group’s reverse engineer, Tilly Kottmann, and she said that access was obtained through the compromise of the super-administrator account of Verkada, which deals with corporate security systems, including video surveillance, and works with all victims. Supposedly, this logged data was hardcoded and found in an open DevOps infrastructure.
On her Twitter account, Kottmann posted several images from security cameras at Equinox, Tesla and Bank of Utah.
She also released screenshots of root access to a certain system. Since the image shows the MAC address of one of the network cards, the journalists were able to make sure that it matched the Verkada equipment.
Shortly after the Bloomberg publication, the group lost access to the super administrator’s account as Verkada engineers learned of the hack.
Cloudflare has confirmed the hack, but said that the compromised cameras were located in offices that have been closed for many months, and the incident had no impact on the company’s customers and products. Currently, all problem cameras are already disabled.
No comments have yet been received from Tesla, Equinox and other victims.
Let me remind you about the fact that Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company.