Man, I hadn’t thought of that as being a threat.
There are probably zillions of brands of inexpensive, insecure cameras out there from companies that have gone out of business and which were poorly-set-up or configured. Usually not a huge issue, but for military operations in urban areas, it’s gonna be a pain.
Countering that is going to be tough.
Maybe disallow security cameras above the third story or something like that, so that any one camera can only see so much. If you can break into one way up and rotate it, which it sounds like they did, then you have good odds of being able to see a lot.
Or disguise the military hardware, which also helps address humans who might be spying.
Are you kidding me? Governments are trying to expand surveillance on us plebs by expanding their own coverage and forcing access to private ones. We wouldn’t have such cameras if they cared about our privacy or safety.
PS: This case should be considered as a slap in the face for those “I don’t need privacy because I have nothing to hide” people
I believe the GDPR covers surveillance cameras. At least, Sweden’s version of the GDPR does cover cameras. It is illegal to film public places without approval from the police. If I want to put up a camera, it needs to only film my property, with no sight lines of public space.
https://www.imy.se/privatperson/kamerabevakning/fragor-och-svar---privatpersoners-kamerabevakning/
It’s also been illegal to publish aerial photos of the horizon in sweden for a long time, for security reasons. If you publish a photo of the horizon, there is a possibility that there is military base or other secured object in the photo, and you could be in serious trouble. So you need to get approval from the government before publishing the photo.
https://www.lantmateriet.se/sv/spridningstillstand/undantag/
Sweden’s version of the GDPR does cover cameras. It is illegal to film public places without approval from the police
That is not correct, you just need to follow the GDPR guidelines regarding data handling and legitimate purpose:
https://www.imy.se/privatperson/kamerabevakning/att-vara-personuppgiftsansvarig/
illegal to publish aerial photos of the horizon in sweden for a long time, for security reasons. If you publish a photo of the horizon
https://www.lantmateriet.se/sv/spridningstillstand/undantag/
This ties into the “legitimate purpose” of the previous point: you are not forbidden from publishing photos “of the horizon”, but an “aerial photo that goes up to the horizon” is likely to go way beyond any legitimate purpose, also showing your neighbor’s property, any nearby public roads with people (aka: personal information) on them, along with any possible strategic infrastructure.
The review process is for strategic infrastructures, but in this case it’s a double whammy, where you also need to comply with the GDPR.
As a private person, IMY’s page states this requirement for setting up a surveillance camera.
att kameran inte fångar en plats dit allmänheten har tillträde
But yeah, GDPR isn’t very restrictive unless you’re capturing personal information without a valid reason. Usually the police/myndighet permits are just to make sure that you have a valid reason.
I think that part of the problem here was that the person who compromised the cameras was able to robotically rotate them to look at something else. So it’s not just what they’re aimed at, but what they can be remotely-aimed at that matters for this.
Maybe a good countermeasure would be a lot of honeypot fake cameras that actually just play old video on a loop, or AI generated fake video. Then they might struggle to work out which cameras are real, and waste their time on fake intel.
I remember a while back stumbling arose a forum or web page or something that was just a list of web cams that had ip’s anyone could connect to through a browser, part of it was people playing a sort of geo guesser game and figuring out out exactly where the camera was.
Always felt super weird and surreal, like, I remember two in particular, one was probably a cam in some officer building in Japan. I sat there and watched this guy work on his computer for a like a minute and realized this dude probably had no idea he was being watched by some random weirdo.
Another was a camera on what was probably a Venezuela oil rig, this one had little in built servos so it could pan left right up and down, the inputs for this were open along with the video feed. I wiggled it up and down a bunch out of fascination for like a minute, then a guy I. A hard had and a high vis fest was walking by, he froze and looked at the camera. I stoped moving it and then slowly nodded it up and down. He just started and I closed the page, feeling a little freaked out.
To this day I refuse to have a web connected camera uncovered in my home, I put post its or tape over anything I can’t physically get rid of.
you can even google unsecured webcams with querries like: inurl:/view.shtml
and thats just the easy way,
people are constantly portscanning all over the internet.if you have any device that is publicly reachable,
people know it exists, and will try to hack ithttps://www.shodan.io/search?query=webcam
Geolocalized for easier browsing, currently showing 64 webcams in Kyiv, some with funny things like RDP access.
I always suggest everyone to check their own IP in Shodan, lots of surprises await.
I remember Mirai botnet that scanned for default password on IoT cameras.
They could definitely become a weak link.