Private Cookstown CCTV Cameras Hacked for Online Broadcast.
Courtesy of Tyrone Courier, Dungannon, Co Tyrone, NI.
Live feeds from private security cameras in Cookstown, Co Tyrone, Northern Ireland are being broadcast on the internet after becoming the target of internet hackers.
Over 50 camera feeds from across Northern Ireland have been found on the site, including one from what appears to be a child’s bedroom. The feeds were being broadcast live online on the hackers’ website without the owners’ permission.
The footage is among hundreds of thousands of live feeds from across the globe being posted on a website believed to be based in Moldova. The security cameras targeted, known as IP cameras, allow householders and businesses to log in from any location and view the live feed using a password.
However, the website has been able to hack into the cameras because many users have not changed the devices’ default passwords and factory settings.
A message on the website says it aims to show the importance of security settings and cameras will be removed from the site on request. It is unclear whether any laws have been broken by the website, which could also be difficult to shut down because it is based overseas. Technology experts have expressed concern over the online footage and urged businesses and householders to check their cameras’ security settings.
David Crozier from the Centre for Secure Information Technologies (Csit), at Queen’s University Belfast, warned that businesses could potentially be in breach of data protection laws.
“While they have set the cameras up for easy access for themselves, the concern is that they are opening up private situations to all and sundry – it’s a breach of privacy,” he said.
“It is a concern especially when you have the cameras in private residences or perhaps where you have them in businesses such as a children’s creche. It is worrying who would have access to this.”
A PSNI spokesman said officers were not investigating the site as no complaints had been received from members of the public.
The Information Commissioner’s Office (ICO) said companies must en-sure personal information accessed online has “adequate security”.
“The Data Protection Act requires organisations to have adequate security in place to keep the personal information they are processing secure,” a spokesman said.
“If they are using online services to process this information that involve logging into an online platform then they must make sure that they change any default password to a more secure alternative.
“This would typically be a long password that includes a combination of lower and upper case letters, numbers and symbols.
“The service provider should also consider whether any login page should be exposed to the Internet at all.
“If it does need to be, then the organisation should have adequate measures in place to identify repeated attempts to access an account where the wrong login details are being continually provided.”