Verkata: a weak user password exposed 150K highly sensitive videos

Verkata: a weak user password exposed 150K highly sensitive videos

It was just ONE weak user password that could be guessed by hackers. That ONE users password however led to a 40 hour access to much larger unsecured list of Super User logins and passwords as well as sensitive trade, personal privacy, hospitals, jails, schools, Intel and Tesla factories.

Verkada’s Camera Debacle Traces to Publicly Exposed Server (bankinfosecurity.com)

WHAT DID THESE HACKERS GAIN?

Bloomberg revealed how Verkada, a Silicon Valley security startup, poor cyber security was breached from a chain of Security Operations Information and unmanaged risks that started with:

How much are people watched over by dangerous internet camera streaming?

Tillie Kottmann was at times shocked by what they found during their 40 hours of access to the most personal internet streaming camera videos, with cameras located, and some hidden, but thousands of all internet connected security cameras.

Some cameras were hidden in other devices, designs, thermostats, and medical devices to obscure detection and recording.

  • Highly personal information and human events recorded in Prison Cells; People experiencing tramatic health events in hospital intensive care unites. ChildCare Community Centers and even hidden cameras in Police Interrogation rooms
  • Corporate trade secrets discernable from Billion Dollar Public Companies including a huge collection of secret documents and source code from chipmaker Intel and recording from inside Tesla Manufacturing Operations.

Some cybervideo victim sites included children, penal system and mental health patient care centers, Tempe St. Luke’s Hospital, Peoria Unified School District, the city of Avondale, Graham County Jail and more.

HACKTIVISM WAS THE MOTIVE

Identity theft affects one in twenty Americans. Basic identify information can be sold on the dark web for a premium. Identity, password and personal information and video cyberfraud/cybertheft is on the rise. Last April,  500,000 compromised Zoom accounts were being sold by another group, for them profit was the motive, selling stolen personal information on the darkweb for less than a penny each. Less than $50 profit for cybertheft of data theft containing email addresses, passwords, personal meeting URLs and hostkeys.

While many hacking organizations exploit vulnerabilities to charge a ransom, or sell stolen video records to gain advantage from other security operations improperly managed data, this did not seem to be the case here.

This seemed to be “hacktivist” (hacker activist) for social cause. A Swiss Hacker Organization found a single user password that gave them access to wanted to share the dangers of internet connected cameras are, against human rights. Tillie Kottmann, is a 21-year-old transgender hacker.  

She went on the record stating that the hacking was a deliberate demonstration of how dangerous internet connected camera’s are as a violation of human rights.

“I was persecuted and attacked long before I executed this attack.”

She wanted it known that the consequences of exposing the data via hacking were nothing compared to the violation of human rights she experienced prior as a transgender woman.

The Wrap Up

The company, Verkada … Failed to exercise the most basic, sound cyber security protocol.

  • Hackers exploited Verkada’s Bad Cyber Security Hygiene around passwords;
  • Encription for sensitive files and information, and records management for personal information.

Tillie Kottmann’s GitLab repository, contained a catalog of exploits, that have since been seized by the Federal Bureau of Investigation.

Resources for Governance, Risk Management, and Compliance

How do you protect sensitive data with Insider Risk Management? 93% are concerned with Insider Risk Management. COVID has increased this risk with data endpoints not being secured.

Great discussion by Microsoft’s Ramyan Kalyan, Director Product Marketing and Talah Mir, Principal Program Manager.

Enterprise Global Cyber Fraud Prevention, CyberFraud Methods, Information Security Monitoring, Detection, Remediation, Mitigation, Information Security Best Practices, Dawn C Simmons, Service Delivery Improvement, OCM, Process, Technology,itsmf, HDI, IT Service Management, ITIL, ServiceNow, Change Management, linkedin.com/dawnckhan, Business Process Improvement, ITSM, COVID, Process Improvement for ITSM
COVID COE | Cyber Fraud Prevention- Methods: Detection & Mitigation, & Best Practices
A-Z | Covid Jobs Taskforce Executive Womens Network | Global CyberFraud Prevention | Global Education Study Abroad | Healthcare COE | Jobs/Careers FB LI | Recruiters Network |RPA and AI Association |Vouch4Veterans

Lets Connect! Reach me at http://dawncsimmons.com on LinkedIn or Facebook

2 thoughts on “Verkata: a weak user password exposed 150K highly sensitive videos

  1. If you consume CNN and BBC’s coverage of China, I am sure you are under the impression that China is a really screwed up country.

    The West has a very biased view of China. China’s rise is bad for us? Is our system superior?

    What is good for the West’s government is definitely good for Wall Streets and the bankers, but not necessarily good for the people.

    China has a lot to offer to the average guy in the West.

    Do you have a business? Consider selling to China

    Do you want an incredible life experience like no others? Perhaps you can relocate to China!

    What is China really like?

    We share some you tube videos of Westerners living in China. Check the videos out and perhap it will change your view of China.

    Or Perhaps you can visit China and seek out new opportunities there!

    The Most SHOCKING Street Reactions of Foreigners living in CHINA!
    https://www.youtube.com/watch?v=0jt3M3QNrH4

    Jason (from UK) China vs USA – Who Would Win? 2021 Military / Country Comparison
    https://www.youtube.com/watch?v=NO5OH7KFEqw

    How China Became So Powerful

    https://www.youtube.com/watch?v=qw-FLc7Z01Q

    Johnny Harris – It’s a story of a certain type of capitalism

    China Shaolin Martial Arts
    https://www.youtube.com/watch?v=FQg5b6bagGs

    Check out Philip Hartshorn’s experience in Shao Lin learning Kungfu!

    Who REALLY Runs The World and How to Protect Yourself – Gerald Celente
    https://www.youtube.com/watch?v=hEusdJ7fi4Q

    Am I a Commie? – Question for YouTube Content Creators in China
    https://www.youtube.com/watch?v=rKx2B0C8n5c

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Me