Internet-connected web cameras, which are bought by their owners supposedly to keep them more secure, have become the next target of cyber-attacks.
The United Kingdom government, through the Information Commissioner's Office (ICO), warns the public of the possibility that live footage streaming from their webcams may currently be shown on a Russian website that collects video footage from several thousands of users around the world.
The footage are accessed from webcams that are either set to the default password provided by the manufacturer or do not have passwords at all. The videos show footage taken from all sorts of business and consumer users from all corners of the world, spanning from an elderly patient lying in a hospital bed in Minnesota to a beauty salon in Japan. One video shows footage being taken of a baby sleeping in New Jersey.
Nearly 4,600 live feeds come from users in the United States, with 2,000 more coming from France, 1,500 from the Netherlands, 500 in the U.K. and thousands from other countries. Around 14,000 of the compromised cameras are made by Foscam, followed by Linksys and Panasonic.
The ICO urged all users to change their passwords and choose strong passwords, such as combinations of lower and uppercase characters, which make it difficult for scrupulous individuals to break into their webcams. It also recommended that users turn off remote viewing for users who have no intention of viewing the footage on the Internet.
"If you take only one security step when getting any new device, make sure it's setting a strong password," says Simon Rice, group manager for technology at ICO.
The Federal Trade Commission also stepped in to advise customers looking to buy security cameras that stream footage over the Internet to purchase only from manufacturers who make cameras that use security protocols, the strongest of which is WPA2, and encrypt data being sent over the Internet to prevent hackers from intercepting and showcasing that data online.
"Once you've bought your IP camera, check its security settings and keep its software up-to-date," says Nicole Vincent Fleming, consumer education specialist at FTC. "If you bought a camera that encrypts data - and I hope you did - turn this feature on."
One person who claims to be behind the website tells Sky Net that the purpose of publishing the feeds is to highlight the weakness of poor cyber security. He says he could have easily contacted the authorities about his discovery that thousands of private camera feeds were exposed for public viewing because of weak or non-existent password protection, but publishing the content online was the easiest way to "contact a million" people.
"All these cameras were viewed by a lot of users and (the) camera's owners have no chance to know about it for many years," the website says. "Only mass media can help users to understand the importance to set a password."
But British information commissioner is adamant about having the website taken down. He says he is already in contact with Russian authorities to have the website removed.
"The website operators shouldn't be doing it. If it was in the U.K., they would be breaching the Data Protection Act and the Consumer Misuse act," Graham says. "So they have made their point, thank you very much, now take it down."
The website's administrator says he will only take it down once all the cameras' passwords have been changed.