Posts
I'm here as always with the latest news Back in early December of last year in South Kore…
January 24, 2026 at 8:12 PM•Max Knyazev is typing…Telegram mirror
I'm here as always with the latestnews
Back in early December now last year in South Koreapolicecovered several people at once who independently hacked more than 120,000 IP surveillance cameras. Well, those that just stood in people's homes, offices, halls, gynecological offices... (fuck, what? Why is there a camera in the gynecologist's office? Make content for yourself?)
They sold about 60% of the recordings they received to a porn site, which they later blocked.
The scheme is as mundane as possible and that makes it even more terrifying. The cameras are connected directly to the Internet. As usual, our passwords are either default or admin/admin level combinations. No complex operation or zero-day. Just brute force of standard combinations. Two of the detainees broke ~60–70 thousand devices each. In total, they earned about 35 million and 18 million Korean won, respectively (approximately 24 and 12 thousand dollars)
Police visited 58 locations to personally warn camera owners and recommend changing their passwords. It's hard not to be sarcastic here, but yes, change your passwords. This is still relevant advice in 2025 (and in 2026 too; please change passwords everywhere to normal ones)
But in fact, this case is not unique at all. They even sell access to cameras on the darknet. Some people just like to peek at others. Someone is trying to find incriminating evidence so that they can blackmail them later. But since I’ve already touched on the topic, let’s talk about other cases
IN2021The attackers gained access to the Verkada cloud video surveillance system and looked in real time at cameras in hospitals, offices, prisons and factories around the world (more than 150,000 cameras)
For years, there has been a website called Insecam (Russian, by the way), which aggregates tens of thousands of publicly available IP cameras, simply because no one changed their default passwords (I won’t give a link to the site, because I don’t support invading someone else’s life + whoever needs it will find it)
In India in2024–2025years, there were cases where recordings from cameras in maternity wards and private homes were sold en masse through Telegram channels
And here we come to an important point
IP cameras are pure IoT. Devices that are always online are often cheap, rarely updated, and almost never designed with security as a priority. The manufacturer sold the device, and then it lives its own life. Sometimes for years (with ten year old firmware)
From the attacker's point of view, this is a diamond. The device is located inside a private space. Removes everything that is turned towards. Connected to the Internet. And it’s less protected than a test bench
As an information security specialist, I’ll say it bluntly: the problem is not with “evil hackers,” but with the architecture and culture of using IoT. As long as cameras and other smart devices continue to be protected with little or no protection, stories like these will continue to repeat themselves. And not just with cameras. These can be microphones, smart locks, baby monitors and scales ( like if you remember that post )
If you want to minimize risks, the basic set is still the same, boring, but working. Change default passwords. Use unique and complex ones. Update firmware. Do not point the camera directly at the Internet. Isolate IoT devices into a separate network segment. And don’t believe that “who needs me, break me”
Because, as practice shows, what is needed is not you, but what can be used against you. And that's more than enough
#information_security
#internet_things
Open original post on TelegramBack in early December now last year in South Koreapolicecovered several people at once who independently hacked more than 120,000 IP surveillance cameras. Well, those that just stood in people's homes, offices, halls, gynecological offices... (fuck, what? Why is there a camera in the gynecologist's office? Make content for yourself?)
They sold about 60% of the recordings they received to a porn site, which they later blocked.
The scheme is as mundane as possible and that makes it even more terrifying. The cameras are connected directly to the Internet. As usual, our passwords are either default or admin/admin level combinations. No complex operation or zero-day. Just brute force of standard combinations. Two of the detainees broke ~60–70 thousand devices each. In total, they earned about 35 million and 18 million Korean won, respectively (approximately 24 and 12 thousand dollars)
Police visited 58 locations to personally warn camera owners and recommend changing their passwords. It's hard not to be sarcastic here, but yes, change your passwords. This is still relevant advice in 2025 (and in 2026 too; please change passwords everywhere to normal ones)
But in fact, this case is not unique at all. They even sell access to cameras on the darknet. Some people just like to peek at others. Someone is trying to find incriminating evidence so that they can blackmail them later. But since I’ve already touched on the topic, let’s talk about other cases
IN2021The attackers gained access to the Verkada cloud video surveillance system and looked in real time at cameras in hospitals, offices, prisons and factories around the world (more than 150,000 cameras)
For years, there has been a website called Insecam (Russian, by the way), which aggregates tens of thousands of publicly available IP cameras, simply because no one changed their default passwords (I won’t give a link to the site, because I don’t support invading someone else’s life + whoever needs it will find it)
In India in2024–2025years, there were cases where recordings from cameras in maternity wards and private homes were sold en masse through Telegram channels
And here we come to an important point
IP cameras are pure IoT. Devices that are always online are often cheap, rarely updated, and almost never designed with security as a priority. The manufacturer sold the device, and then it lives its own life. Sometimes for years (with ten year old firmware)
From the attacker's point of view, this is a diamond. The device is located inside a private space. Removes everything that is turned towards. Connected to the Internet. And it’s less protected than a test bench
As an information security specialist, I’ll say it bluntly: the problem is not with “evil hackers,” but with the architecture and culture of using IoT. As long as cameras and other smart devices continue to be protected with little or no protection, stories like these will continue to repeat themselves. And not just with cameras. These can be microphones, smart locks, baby monitors and scales ( like if you remember that post )
If you want to minimize risks, the basic set is still the same, boring, but working. Change default passwords. Use unique and complex ones. Update firmware. Do not point the camera directly at the Internet. Isolate IoT devices into a separate network segment. And don’t believe that “who needs me, break me”
Because, as practice shows, what is needed is not you, but what can be used against you. And that's more than enough
#information_security
#internet_things
Discussion
Comments
Comments are available only to confirmed email subscribers. No separate registration or password is required: a magic link opens a comment session.
Join the discussion
Enter the same email that you already used for your site subscription. We will send you a magic link to open comments on this device.
There are no approved comments here yet.