Britain urges Russia to shut down webcam spying site

November 20, 2014 by James Pheby
Hackers have accessed household webcams, baby monitors and CCTV cameras with footage appearing online on a website in Russia, Britain's privacy watchdog warns

A Russian website offering thousands of live feeds peering into bedrooms and offices around the world by accessing poorly secured webcams should be taken down immediately, British officials said on Thursday.

The Information Commissioner's Office (ICO) said the site was taking advantage of devices like CCTV cameras and remote-access baby monitors without security protection and with weak passwords.

"I want the Russians to take this down straight away," Christopher Graham, the information commissioner, told BBC Radio 4's Today programme.

"We've known about this for about 24 hours but we've been working out how best to deal with it because we want to take regulatory action," he said.

Graham said that the first reports about the website, which has a domain name in the Australian-administered Cocos Islands, came from Macau and Hong Kong, then Australia and Canada.

Britain is now planning "very prompt action" with the Federal Trade Commission, the US , "to get this thing closed down", Graham said without giving further details.

Roskomnadzor, the Russian communications agency, declined immediate comment.

In Britain, the ICO said around 500 feeds had been targeted, including a gym in Manchester, a house in Birmingham, and an office in Leicester.

'Leave your house open'

"The website, which is based in Russia, accesses the information by using the default login credentials, which are freely available online, for thousands of cameras," said Simon Rice, ICO group manager for technology.

"The footage is being collected from used by businesses and members of the public, ranging from CCTV networks used to keep large premises secure, down to built-in cameras on baby monitors," he said.

The site reveals the location and manufacturer of the device whose feeds have been accessed using software and search tools.

Chinese company Foscam was the most commonly listed manufacturer, followed by US firm Linksys and Japanese multinational Panasonic.

"We are still trying to determine which Linksys IP cameras are referenced on the site," a company spokeswoman told the BBC.

All three stressed that customers were instructed to change the default passwords in order to secure their devices.

Mischa Dohler, wireless communications expert at London's King's College, said the site was not hacking in the traditional sense, and was just making use of search engines freely available on the Internet.

"It's as though you leave your house open, and people come inside, is that ok or not ok? They're not touching anything or taking anything away," he told Sky News.

Given the broad range of devices affected and international scope of the website, an ICO spokesman admitted that it had no power to take it down.

"If a website in the UK did this we would take action against it because firstly it's a breach of the Data Protection Act because you are accessing people's information and you shouldn't be, and secondly there are also issues around the Computer Misuse Act as well," he said.

Data watchdogs across the world have already drawn attention to the site, which is hacking 4,591 cameras in the US, 2,059 in France and 1,576 in the Netherlands.

"We've got to grow up about this sort of thing. These devices are very handy if you want to check your child is ok and the shop's alright but everyone else can access that too unless you set a strong password," Graham said.

"If you value your privacy, put in the basic security arrangements."

Explore further: Russia hacking site spying webcams worldwide: Britain

Related Stories

Russia hacking site spying webcams worldwide: Britain

November 20, 2014

Britain's privacy watchdog on Thursday called on Russia to take down a site showing hacked live feeds from thousands of homes and businesses around the world and warned it was planning "regulatory action".

FTC settles complaint over hacked security cameras

September 4, 2013

The government is settling with the marketer of Internet-connected home security cameras after feeds from consumers' homes—video from baby monitors and home security systems—were posted online for public view.

Google: Didn't delete Street View data after all

July 27, 2012

After being caught spying on people across Europe and Australia with its Wi-Fi-slurping Street View cars, Google had told angry regulators that it would delete the ill-gotten data.

Sony fined in UK over PlayStation cyberattack (Update)

January 24, 2013

British regulators have fined Sony 250,000 pounds ($396,100) for failing to prevent a 2011 cyberattack on its PlayStation Network which put millions of users' personal information—including names, addresses, birth dates ...

Apple sees iCloud attacks; China hack reported

October 21, 2014

Apple said Tuesday its iCloud server has been the target of "intermittent" attacks, hours after a security blog said Chinese authorities had been trying to hack into the system.

Recommended for you

Google braces for huge EU fine over Android

July 18, 2018

Google prepared Wednesday to be hit with huge EU fine for freezing out rivals of its Android mobile phone system in a ruling that could spark new tensions between Brussels and Washington.

EU set to fine Google billions over Android: sources

July 17, 2018

The EU is set to fine US internet giant Google several billion euros this week for freezing out rivals of its Android mobile phone system, sources said, in a ruling that risks fresh tensions with Washington.

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

rp142
not rated yet Nov 21, 2014
This site has been around for a while and is only slowly starting to be reported in to the mainstream media, while some of the more IT focussed media have been reporting on it for some time. Earlier stories have indicated that the objective of the site is to increase public awareness of the privacy risks of not properly configuring a camera.

Taking the site down does absolutely nothing to address the real problem of users not understanding what their cameras are actually doing. The site is exposing the problem of camera feeds which are being openly offered up to the entire Internet by their owners.

Manufacturers have a responsibility to make users aware of this fact so that users can take the very easy steps required to protect their privacy or make an informed choice to share their lives with the world. Lazy manufacturers are the only winners if this site is just taken down before the media makes camera owners aware of the issue.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.