fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Access Surveillance Cameras At Tesla, Cloudflare, Banks, More

Hackers Access Surveillance Cameras At Tesla, Cloudflare, Banks, More

Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah.

In addition to images captured from the cameras, the hacker also shared screenshots of their ability to gain root shell access to the surveillance systems used by Cloudflare and at Telsa HQ.

Hacks multiple cameras in #OperationPanopticon

According to Tillie Kottmann, a reverse engineer for the group of hackers, they gained access to these surveillance systems using a super admin account for Verkada, a surveillance company who works with all of these organizations.

Speaking to BleepingComputer, Kottmann said they found hardcoded credentials for a Verkada super admin account in exposed DevOps infrastructure.

Verkada makes enterprise security systems such as automation and IoT surveillance cameras. The company is also known to provide services to Tesla.

This afternoon Kottmann teased by posting multiple images allegedly captured from surveillance cameras at Equinox, Tesla, and the Bank of Utah.

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

Image of a Tesla warehouse posted by the hacker
Source: Twitter

In the same Twitter thread, Kottmann shared images of what appeared to be root access to a Linux operating system. From these images, you can see the MAC address of one of the network cards, which corresponds to equipment developed by surveillance company Verkada.

The hacker demonstrating having obtained shell access to Cloudflare and Tesla systems

After Bloomberg News, who first reported on this attack, contacted Verkada, the hackers lost access to the hacked super admin account.

“We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement,” Verkada told BleepingComputer in a statement.

Cloudflare told BleepingComputer that the cameras were located in offices that have been closed for several months and that the breach has no impact on their customers.

“This afternoon we were alerted that the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised. The cameras were located in a handful of offices that have been officially closed for several months. 

As soon as we became aware of the compromise, we disabled the cameras and disconnected them from office networks. To be clear, this incident does not impact Cloudflare products and we have no reason to believe that an incident involving office security cameras would impact customers.” – Cloudflare

The hashtag #OperationPanopticon associated with this cyberattack refers to Panopticon, a philosophical design concept.

Panopticon refers to a design of such a building in which captives (e.g., prisoners) cannot tell whether they are being watched by security personnel or not at a given moment.

This means, in a building with a large number of inmates, it may be impossible for one guard to monitor all of the inmates at the same time, yet because of the panopticon design ideology, every prisoner may fear being watched for they have no way of knowing if they are being watched.

BleepingComputer has reached out to Tesla, Equinox, and other alleged targets. We are awaiting their response.

Also Read: 4 Considerations In The PDPA Singapore Checklist: The Specifics

Update 3/10/21 8:20 PM EST: Added statements we have received from Verkada and Cloudflare.

This is a developing story.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us