Let’s begin with my early 2000’s household with the introduction of a new rule: laptop cameras to be covered if not in use.
I was a bit taken aback, because it seemed a little unnecessary – paranoid, even.
- Hot Tub Compromised Machine
- Paranoid, or Perceptive?
- Insecam: Security IP Camera Directory
- Not All Press is Good Press
- My User Experience
- Final Thoughts
“My webcam came on in the bath – I was horrified”
The chances of cameras in your home being accessed by hackers are slim, but they are far from impossible. This 2013 Daily Mail article interviews a 20 year old student from Glasgow who fell victim to hackers spying on her when bathing. She had started watching a movie when she noticed the green webcam light turning itself on.
When she tried to open the webcam program to investigate it rejected her access. Soon, programs started opening and closing themselves. Alarmed, she immediately disconnected the wifi and unplugged the ethernet from the router outside. This important step restored access to her computer.
“Someone’s watching me in my bath…that sounds horrifying paranoid.”5 Live Breakfast (BBC), 20th June 2013
When asked if she’d contacted the police, the answer was no. Certain that she wouldn’t be taken seriously or the police not able to do anything about it, she didn’t seeking help from law enforcement.
The woman’s actions were quick and effective in securing her device. She also worked at a computer shop at the time, which helped her act calmly and with purpose. Hackers gained access to her system using Remote Administration Tool (RAT) software, installed when she accessed a malicious link.
Here’s a guide to telling if your webcam has been hacked.
Paranoid, or Perceptive?
“Like that’s going to happen,” I’d thought of the house rule concerning laptop cameras. “I’m not important enough to get hacked. Who’s going to hack me?”
In most cases for the average person, network attacks or data breaches will most likely occur without discrimination. Your network or device won’t be attacked because someone scoped you out. Low sophistication attacks (phishing) are popular because they require little to no skill, and can be mass delivered with ease.
Think of these predatory cyberattacks as fisherman trawling the ocean. In a school of fish, you feel small and one of many.
“I’m not a big enough fish to be targeted,” one may think.
There are a lot of fish, but there are also a lot of trawls.
Today’s world population growth sits at around 220,000 – on the other hand, 560,000 new pieces of malware are detected daily. The world’s population currently is around 8 billion – as of 2021, more than a billion malware programs.
The world’s first malware was discovered in 1986 (that’s over a billion in under 40 years). It almost seems an eventuality that one day malware will outnumber people.
Speaking of people, you know who I wouldn’t trust to install a security camera?
Insecam: The World’s Largest Security IP Camera Directory
Connection to the site is not secure (site link here), proceed at your own risk.
Russia-based Insecam (started 2014) is the world’s largest directory of online security IP cameras. These cameras are not hacked, instead being accessed by using default credentials (in most cases, ‘admin’ or ‘1234’).
That’s what Insecam claims anyway, but ABC news reported at least one victim who “said it was the second or third time the cameras had been hacked, even after security advisors had changed the settings and passwords.”
It’s reported at one point there used to be over 73,000 camera streams in its directory. In 2021 the number has dropped to around 16,000. It’s unclear why Insecam lost over 80% of its camera streams, but…
No matter how these cameras are accessed (with or without authorisation), it’s clear that it was ripe for privacy infringement. Compromised home security IP cameras were putting people’s private lives on full display on a public website. After their first year of operation, Insecam made changes to no longer display cameras in people’s houses.
Australia 2020: Not All Press is Good Press
It could be that they’ve gotten in hot water a few too many times. Like this time in 2020, when DailyMail revealed camera footage of backyards, pubs and offices (one even showing a workstation monitor).
The 2020 article reported 126 camera feeds from Australia (currently 56). Japan currently sits just over 1,500, and the US has almost 3,500. Ironically the first news article on Insecam I found on Japanese Google (translation here) was reporting on an Australian ABC story (on the insecure Aussie cams).
Insecam: My User Experience
The homepage is mostly plain, with a greeting message from the Insecam admin. It includes info on changes made to protect user privacy:
- Camera Stream Filtering: cam stream submissions must be approved
- Camera Stream Removal: via email complaint or setting a password
Six cam stream previews are shown per page, and these camera streams include anything and everything from kitchens, restaurants/cafes, retail shops, office floors, bird nests, and many more. The amount of variety is overwhelming, allowing you to sort by Manufacturer, City, Country, Timezone, Popularity and New online cameras.
A larger video stream is displayed when clicking into it, along with other locational data and GPS coordinates associated with the IP address. The GPS data may be off ‘by hundreds of miles’. (Related: What is a VPN and why do I need one?)
At the bottom of the page a map can be located, pinpointing the GPS location of the current camera feed, as well as any nearby. Previews can be opened by clicking on different pins on the map.
When I was scouring through pages upon pages of unremarkable black and white cameras devoid of people I suddenly came across a colour camera feed inside a Majong parlour in Tokyo. It was 1am, but the place was packed.
I also came across a TV evangelist, one streaming movies and a pizza ad overlayed on a street camera in Romania. Clearly, some streams are set up intentionally – whether it be for religious, pirate or enterprising purposes.
Insecam is a directory, not a business. Unlike other similar forms of social media like YouTube, Twitch or Facebook, Insecam is not so much as ‘streaming platform’. It’s not a company, it has no sponsorships, and has no ads. It seemingly allows anyone and everyone to submit their (or someone else’s) unsecured cam.
Like streaming platforms you have countless opportunities to pique your curiosity – but unlike them is the (mostly) absence of ‘money money money’ in the background (through sponsorships, ads, promotions, affiliate marketing). There are no ‘influencers’ trying to make it big, no ads switching between streams or on the website. In many ways it’s more authentic than social media – candid, sometimes voyeuristic and endlessly vast.