Hackers recently breached corporate networks to access 150,000 surveillance cameras installed at Tesla, Equinox, Bank of Utah, jails, healthcare clinics, and gain live feeds, Bloomberg reported. The hackers shared video camera and screenshot images taken at Tesla and Cloudfare facilities as proof of their breach.
As per an analysis by Tillie Kottmann, a Swiss software developer, the hackers was able to access the surveillance by compromising a super admin Verkada account. Verkada is a surveillance camera manufacturing company that works with these industries, especially with Tesla for its autonomous cars. The hackers gained the credentials of this super admin account by infiltrating a weak DevOps infrastructure.
Verkada has already taken steps to combat the situation and hackers no longer have access to these surveillance cameras. The security team at Verkada was able to disconnect its internal systems and assure there is no further compromise to its systems. Cloudfare has announced that the compromised cameras were at a location that has been non-operational for several months, so there was no impact on customer data.
This operation was hash tagged as #OperationPanopticon, and is named after the massive physical design called panopticon.
Panopticon is a design that allows a single security guard or warden to have visibility of all inmates. This is usually seen in jails to keep a watch on prisoners.
The below image depicts the actual design of a panopticon,
With developments in technology, the need for new security policies and procedures have to be redefined everyday. With high-speed Internet and new purpose Internet of Things (IoT) devices, the demand for end-to-end security and encryption will continue to be a gargantuan task and IT teams need to cope with it.
Our informative user entity behavior analysis overview, guide, and log management resources help you discover more about your network patterns so you can audit them regularly to ensure your IT ecosystem is safe and secure.