Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah.
In addition to images captured from the cameras, the hacker also shared screenshots of their ability to gain root shell access to the surveillance systems used by Cloudflare and at Telsa HQ.
Hacks multiple cameras in #OperationPanopticon
According to Tillie Kottmann, a reverse engineer for the group of hackers, they gained access to these surveillance systems using a super admin account for Verkada, a surveillance company who works with all of these organizations.
Speaking to BleepingComputer, Kottmann said they found hardcoded credentials for a Verkada super admin account in exposed DevOps infrastructure.
Verkada makes enterprise security systems such as automation and IoT surveillance cameras. The company is also known to provide services to Tesla.
This afternoon Kottmann teased by posting multiple images allegedly captured from surveillance cameras at Equinox, Tesla, and the Bank of Utah.
Image of a Tesla warehouse posted by the hacker
In the same Twitter thread, Kottmann shared images of what appeared to be root access to a Linux operating system. From these images, you can see the MAC address of one of the network cards, which corresponds to equipment developed by surveillance company Verkada.
After Bloomberg News, who first reported on this attack, contacted Verkada, the hackers lost access to the hacked super admin account.
“We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement,” Verkada told BleepingComputer in a statement.
Cloudflare told BleepingComputer that the cameras were located in offices that have been closed for several months and that the breach has no impact on their customers.
“This afternoon we were alerted that the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised. The cameras were located in a handful of offices that have been officially closed for several months.
As soon as we became aware of the compromise, we disabled the cameras and disconnected them from office networks. To be clear, this incident does not impact Cloudflare products and we have no reason to believe that an incident involving office security cameras would impact customers.” – Cloudflare
The hashtag #OperationPanopticon associated with this cyberattack refers to Panopticon, a philosophical design concept.
Panopticon refers to a design of such a building in which captives (e.g., prisoners) cannot tell whether they are being watched by security personnel or not at a given moment.
This means, in a building with a large number of inmates, it may be impossible for one guard to monitor all of the inmates at the same time, yet because of the panopticon design ideology, every prisoner may fear being watched for they have no way of knowing if they are being watched.
BleepingComputer has reached out to Tesla, Equinox, and other alleged targets. We are awaiting their response.
Educating yourself and your employees with Cyber Security Awareness Training is best way to start ensuring your business is protected from cyber-attacks.
Learn more about Cyber Security