A large US hacker collective claimed credit for something you may not have heard of yet called “#OperationPanopticon.” According to the group behind the attack, they compromised a high level administrator account at a Silicon Valley firm called Verkada, which runs a platform for security systems online. This enabled them to gain access to video feeds from more than 150,000 security cameras around the country.
These include, but are not limited to cameras inside:
Worse, as proof, they began posting images captured from various camera feeds, tweeting out “ever wondered what an @Tesla warehouse looked like?” along with an image from one of Tesla’s cameras.
For their part, Verkada moved quickly and part of the company’s initial response to the breach reads as follows:
“We have disabled all internal administrator accounts to prevent any unauthorized access….Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”
The company has also notified all of the firms, government agencies and other organizations that use their services. If you happen to be one of them, then you’ve probably already received a notification. If you’re not a Verkada customer, then there’s nothing for you to do, except be aware of the fact that the incident is still under investigation.
It also underscores the potential dangers associated with outsourcing security. While something like this could have easily happened at any individual company, the fact that Verkada has made a business of security and provides secure camera feeds and other services to a variety of clients has made them an almost irresistible target for hackers around the world.
After all, breach Tesla’s security and (assuming they handled their camera and other security in house), you’d gain access to Tesla’s camera feeds. In this case though, breaching Verkada’s network gave them access to literally scores of feeds across a wide range of industries and government agencies and that is cause for concern indeed.