-
South Korea’s NPA (National Police Agency) has just arrested four suspects, who collectively hacked into over 120,000 internet-enabled cameras in the country, making a massive gain from their illicit activities.
-
Two of the perpetrators mainly targeted devices from intimate locations, such as gynecology offices, selling sexually exploitative videos on the darknet.
-
Law enforcement officials in South Korea stated that the four individuals arrested were involved in an extensive hacking operation targeting Internet Protocol (IP) cameras across the country.
According to police authorities, investigators discovered that the criminals used dictionary attacks on weakly protected IP cameras in order to gain access to these devices. This marks one of the largest surveillance breach operations in South Korea.
According to the NPA, the suspects worked independently, but collectively hacked into a staggering 120,000 internet-enabled cameras across the country. The suspects allegedly hacked into various kinds of buildings, including residential properties and medical offices.
Notably, the two most prolific suspects committed the nefarious acts for financial gain. These two reportedly edited the footage of sexual exploitative videos obtained from the footage and sold them on illegal, known dark web forums.
Hacking Methods and Suspect Information
It is worth stating that the scale of the criminal enterprise varied broadly among all four suspects. Two main suspects carried out most of the attacks. One allegedly hacked 63,000 cameras, while the other reportedly compromised about 70,000.
According to local reports, these two suspects mainly focused their efforts on collating footage from extremely sensitive and intimate locations, including the offices of private gynecologists. The videos created were then sold on an undisclosed dark web platform, which law enforcement labels as Site C —the same types of markets that see frenzied trading in other stolen data, such as credit card details.
In addition, two of the suspects were able to generate huge illicit revenue from their criminal activities. The suspect who hacked into 70,000 cameras allegedly earned ₩18 million ( which is roughly $12,200). The second hacker, who committed 63,000 breaches, reportedly earned ₩35 million ( roughly $23,800).
The two other offenders, who did 136 and 15000 camera hacks respectively, were not very active in comparison to the two primary offenders, and had many different backgrounds, as noted by a Korean media company (Yonhap).
Korean media reported that the two main offenders held ordinary jobs, while the other two were either unemployed or self-employed. Police in South Korea are still investigating the four offenders, and authorities have not publicly released their names.
Technical Weaknesses and Police Response
According to findings from police investigations, none of the individuals employed any technologically advanced attacks, but mainly exploited the common security negligence of their victims. The attackers mainly hacked the cameras by locating internet-enabled devices that still used default, weak, or easily identifiable factory passwords.
This hacking technique, known as a dictionary breach or credential stuffing, doesn’t rely on high-end hacking software. Instead, it exploits the negligence of the victim to change their devices’ default logins.
The criminals hacked a significant number of security cameras, warning consumers about the vulnerability of IoT devices and urging them to protect any internet-connected hardware immediately.
