She described Verkada, a Silicon Valley-based startup, as a “fully-centralized platform” which made it easy for her team to access and download video footage from thousands of security cameras. The dripped video footage appears to include major companies and institutions, but not personal homes.The video and images claim to record a variety of activities that might be sensitive, like security video from the Tesla automobile manufacturing line and a screenshot from inside the security firm Cloudflare.
Security video from Halifax Health offered by APT-69420.
Video and AI security business Verkada was breached, offering hackers access to over 150,000 internet-connected security video cameras that were being used inside schools, jail cells, healthcare facility ICUs, and major companies like Tesla, Nissan, Equinox, Cloudflare and others.
Kottman described the security on Verkada systems as “nonexistent and careless,” and said her group targeted the business to show how simple it is to gain access to internet-connected cameras put in extremely delicate areas.
Supplied by Till Kottmann
Screenshot of a Cloudflare office complex from video provided by APT-69420.
Verkada said they notified their customers about the hack, which their security teams are dealing with an external security company to investigate it. Verkada informed CBS News, “We have disabled all internal administrator accounts to prevent any unapproved gain access to. Our internal security group and external security company are investigating the scale and scope of this concern, and we have actually notified police.”
Offered by Till Kottmann
Kottmann supplied CBS News with a 5 gigabyte archive consisting of video and images from the hack, and described the attack as “non-technical” and not difficult to pull off.
Screenshot of a jail facility from security video offered by APT-69420.
The FBI did not comment. CBS News has reached out to Tesla and Equinox however they were not available for remark at the time this story was released.
Offered by Till Kottmann
When asked if she feared repercussions, Kottman replied, “Maybe I should be a bit more paranoid, but at the very same time what would it change? Im just going to be as targeted as I am right now.”
I asked Till, who is gay, if shes anxious about the effects of the @VerkadaHQ hack. She said, “Maybe I should be a little bit more paranoid, but at the very same time what would it change? Im simply going to be as targeted as I am right now” pic.twitter.com/yf6oIxdBaa— Dan Patterson (@DanPatterson) March 10, 2021
The business, she said, exposed an internal development system to the internet, which contained tough coded qualifications for a system account which she said provided them full control over their system with “incredibly admin” rights.
She described Verkada, a Silicon Valley-based start-up, as a “fully-centralized platform” which made it simple for her group to access and download video from thousands of security cameras. The dripped video footage appears to include major business and institutions, but not private homes.The video and images profess to record a range of activities that might be delicate, like security video from the Tesla vehicle manufacturing line and a screenshot from inside the security company Cloudflare. Verkada said they informed their clients about the hack, and that their security teams are working with an external security firm to investigate it. Our internal security group and external security company are investigating the scale and scope of this problem, and we have actually notified law enforcement.”
Kottmann said that her group discovered a Verkada administrator username and password stored on an unencrypted subdomain. The business, she stated, exposed an internal advancement system to the web, which consisted of tough coded credentials for a system account which she said gave them complete control over their system with “super admin” rights. Kottmann said her group of hackers is not motivated by money or sponsored by any nation or organization.