For Russian hackers, it’s as easy as 1-2-3-4.
That’s among the simple manufacturer default passwords that have been exploited to swipe personal video from computers in more than 100 countries, including Canada, and post the footage on a Russian website, according to Britain’s information commission.
The hackers have been targeting baby monitors, webcams and personal security cameras, uploading the footage to a site authorities have declined to identify for fear of driving traffic its way.
A child playing in Bucheon, South Korea, and an empty crib in Absecon, N.J., are among the video images that have appeared on the website, Britain’s Information Commissioner’s Office said Thursday. The hackers have posted footage from bedrooms, office buildings, shops, laundromats, stables and barns, the agency said.
Canada’s Privacy Commissioner could not immediately say how many Canadians have been targeted, or how they have been affected, but spokeswoman Anne-Marie Hayden said the commission was trying to get the hacked images taken off the website.
“We’ve been in touch with, and are now working with, our international counterparts on this issue,” she said in an email. “We fully support UK Information Commissioner Christopher Graham’s call for Russian authorities to take immediate action to take down the site.
“As well, we plan to reach out to web camera makers to discuss the issue of defaults and webcams with remote access capabilities,” she added.
“We would also urge anyone with a webcam in their home or business to ensure that they take steps to secure the camera — make sure you are not using the factory default password.”
The hackers have preyed on IP (Internet protocol) cameras, which let users remotely monitor footage via a web address, said Greg Jones, spokesman for the U.K.’s Information Commissioner.
To stream the live video, users must enter a password, and they often use the simple default code provided by the manufacturer: combinations like “pass” or “1234.”
To beef up their security, people should use passwords with a combination of upper- and lowercase letters, numbers, and characters like ampersands and plus signs.
“If you were to change your password from a default password, (your footage) would disappear off the site shortly afterward,” Jones said.
Authorities in Hong Kong were the first to be alerted to the site, before passing on what they knew to their Australian counterparts, who informed Canada’s Privacy Commissioner, Jones said.
“It was initially Hong Kong — Hong Kong to Australia, Australia to Canada, Canada to ourselves and then America as well.”
British authorities think the site may be hosted by a company with ties to the U.S., and are working with officials in that country to confirm.
A person claiming to be the site’s administrator has told Britain’s Sky News that the hacks are a political gesture meant to highlight lax cyber security.
“All these cameras were viewed by a lot of users and (the) camera’s owners have no chance to know about it for many years,” the person said.
“Only mass media can help users to understand the importance to set a password.”
Jim Love, chief information officer of IT World Canada, said the hackers were teaching the world an important lesson about the lack of privacy online, and the dangers of more serious cyber attacks.
“They’re not doing anything that difficult — they’re showing us how exposed we are,” he said. “Our lives are connected to the Internet and we need to behave like we are.”
“Graphically drawing attention to a problem in this world, with so much coming at us, is sometimes the only way to make a point.”
Reports indicate that the most common brands of camera streaming on the Russian site were Foscam, Linksys and Panasonic.
In a statement, Linksys spokeswoman Karen Sohl said the company’s new webcams warn users to change their passwords whenever they try logging on to the cameras.
“We are still trying to determine which Linksys IP cameras are referenced on the site,” she added. “We believe they are older Linksys IP cameras which are no longer being manufactured. For these cameras we do not have a way to force customers to change their default passwords. We will continue to educate consumers that changing default passwords is extremely important to protecting themselves from unwanted intruders.”
- With files from The Associated Press