All vehicles are good
According to the Ministry of Internal Affairs of the Russian Federation, with the help of hacked cameras on the territory of Russia, the enemy “sees everything from private yards to roads and strategically important highways.” This problem is most urgent for residents of the Bryansk, Kursk and Belgorod regions, where the offensive of the Armed Forces of Ukraine has recently been curtailed.
“The enemy is mass-selecting IP ranges (Sets of numerical identifiers of devices connected to the Internet) “It connects remotely to unprotected CCTV cameras in our areas.” – says an article published on the Telegram channel “Bulletin of the Cyber Police of Russia”, the official profile of the Directorate for organizing the fight against the illegal use of information and communication technologies of the Ministry of Internal Affairs of the Russian Federation.
Information that the Armed Forces of Ukraine use hacked cameras in the Russian Federation was confirmed to socialbites.ca by military observer Colonel Mikhail Khodarenok. According to him, the Main Intelligence Directorate of the Ministry of Defense of Ukraine collects such information. Intelligence obtained in this way can be used by the enemy both for planning its own combat operations and for conducting fire attacks on objects and units of the Russian Armed Forces.
“Such facts do happen. In some cases, they contributed to the Ukrainian Armed Forces to obtain intelligence data on the deployment and movement of units and units of the Russian army,” the expert said.
In turn, Igor Bederov, head of the investigation department of T. Hunter and an expert in the field of cybersecurity, assures that in order to increase the efficiency of such operations, the Armed Forces of Ukraine process footage from cameras using artificial intelligence ( AI). This tool allows you to not only quickly weed out unnecessary recordings, but also to record correlations in the necessary materials that will probably not be noticed by a person.
“AI makes it possible to more accurately track the movements of the Russian armed forces, determine the number of units and their weapons, and even identify individual citizens (for example, military personnel) face to face,” Bederov said.
Right in the palm of your hand
Attackers use IP addresses to detect cameras connected to a network in a specific country or even city. Due to the large number of devices on the Internet, IP addresses are grouped, meaning they receive specific numerical representations in a specific range. The range varies from region to region. At the same time, information on IP ranges is also public and is accumulated in databases used by Internet providers.
“IP ranges associated with zones do not need to be defined; they are in the public domain. And it was never a secret. They are even published in the open with varying degrees of relevance,” said Fedor Muzalevsky, director of the technical department of RTM Group, a company specializing in information security.
Different categories of devices are connected to the Internet: from computers to smartphones, from printers to CCTV cameras. Publicly available services such as Shodan, Censys, ZoomEye, and more are available to filter equipment. Some of them, such as ZoomEye, have ready-made presets for searching for IP addresses of certain types of cameras: street surveillance, webcams, video nannies, and more.
“Advanced Google search operators are also used to search for available cameras (search operator is a special word or symbol that filters the results and makes them more accurate. – socialbites.ca)“Added Bederov from T.Hunter.
After completing this procedure, hacking begins. In most cases, it is limited to entering the default username and password in the admin panel. Usually such pairs consist of words or combinations such as “admin-admin”, “admin-123456”, “root-camera” and many more. It happens when the “admin panel” is not password protected at all.
“Information about cameras (brands and models) without passwords or with factory passwords is available in the public domain. Lists of standard passwords for cameras are also distributed on the Internet and are actively used by attackers,” the expert explained.
Scale of the problem
Information security experts interviewed by socialbites.ca do not have accurate data on the number of vulnerable or hacked cameras in Russia. Maxim Aleksandrov, software product specialist at Security Code, believes that such information is available only from dozens of camera manufacturers. But it is unlikely that these companies would disclose such risky data.
Fedor Muzalevsky from RTM Group, based on personal observations, suggested that at least one in ten working cameras in Russia has a standard password.
“Of course, such data is not publicly available. According to observations, at least 10% of cameras work with the “default” password. This applies, first of all, to cameras installed by non-professionals,” he said.
According to Bederov, the number of hacked cameras in Russia may be in the thousands. This is indicated by a study conducted by T. Hunter in 2021, which identified more than 6 thousand surveillance devices with basic security settings in the Russian Federation. Bederov believes that their number has almost not decreased since then.
“The security of security cameras depends on various factors, such as the brand, model and level of security settings. Attacks on cameras from Hikvision, Dahua and Foscam are often mentioned online. But this most likely only speaks to the prevalence of products from these brands,” he added.
Maxim Aleksandrov stressed that vulnerable cameras are also located on the territory of objects classified as critical information infrastructure (CII). These include, in particular, industrial and energy facilities.
Turn off the cameras!
“Most often, during installation, integrators do not care about information security and activate cameras that are easily available on the Internet using IP. Also, companies often neglect to update camera software, which creates additional threats of hacking,” Aleksandrov said.
RTM Group also announced that vulnerable video surveillance cameras are found in the infrastructure of enterprises such as KII, but they are extremely rare here. In many years of practice, the company’s experts have encountered this situation only twice.
To protect security cameras, the Ministry of Internal Affairs of the Russian Federation recommends that Russians check their security settings and at least change the default username and password. The ministry also recommended temporarily suspending the use of cameras unless there is an urgent need.
What are you thinking?
Source: Gazeta
Jackson Ruhl is a tech and sci-fi expert, who writes for “Social Bites”. He brings his readers the latest news and developments from the world of technology and science fiction.