Israeli police have arrested a 41-year-old man for allegedly hacking into the security surveillance camera system of a high-profile women’s boutique in northern Tel Aviv, and spying on undressed customers and recording footage of them while they tried on bathing suits.
The victims include Israeli singer Eden Ben Zaken and fashion model Neta Alchimister. The identity of the arrested man has not been revealed yet but reports indicate that he is a respectable Rabbi in the community.
Although limited details have been provided by the police, the alleged hacker is also being accused of uploading recorded clips on his social media page. When the footage went viral authorities moved in to arrest the man on Wednesday, March 3rd who is currently on remand.
The Cybercrimes Unit of the Israeli police has warned businesses using security camera that their devices could also be compromised, therefore, they need to change the default login credentials for their cameras to a new and strong one.
“Take into account and assume that every camera that is on a network system can be hacked. Therefore, clothing store owners should ensure no cameras are placed in changing rooms or other sensitive locations,” JPost reported.
It is no surprise that security cameras and other Internet of Things (IoT) devices are highly vulnerable but for the last few years, hackers have found CCTV systems as lucrative targets and continuously use them to carry DDoS attacks against critical cyber infrastructure around the world.
Previously, a group of Pro-Hezbollah hackers took over security camera systems and claimed it acquired access to live camera footages of government buildings in Haifa and Tel Aviv. The target of Qadmon was the Kirya compound of the Defense Ministry situated in Tel Aviv.
Groups like Lizard Squad and PoodleCorp are recent examples of hackers who compromised security cameras to conduct large-scale DDoS attacks on British National Crime Agency website and popular gaming platforms including like PlayStation and Steam.
It must be noted that the world’s first ever 1.1 TBPS DDoS attack (and the largest at the time) on Frech hosting company OVH was carried out after hacking 145,000 hacked cameras. Therefore, if you own a security camera or any other IoT device it is advised to change its default credentials.
Users can take advantage of this IoT Scanner which shows if their device is vulnerable to being used in DDoS Attacks. Additionally, for those who are running a business; do not forget to calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.
Image credit: DepositPhotos