Thieves Hacking Security Cameras?

The FBI is investigating fifteen store robberies in eleven states, committed via phone and internet. The perpetrators hack the store's security system so they can observe their victims. They then make customers take their clothes off and get the store to wire money. From the article, "A telephone caller making a bomb threat to a Hutchinson, Kan., grocery store kept more than 100 people hostage, demanding they disrobe and that the store wire money to his bank account. ... officials were investigating whether the caller was out of state and may have hacked into the store's security system. "If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened.""

Dumber than dumb

[BobTheLawyer]

Has there ever been a more stupid quote than:

"If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened."

Re:

[Anonymous Coward]

Not TOO far from the truth. Often the security cameras are accessible to anyone with a browser and without password protection or with a password that's ridiculously easy to guess.

Re:Dumber than dumb

[endianx]

And easily found [google.com] if you know what to look for.

Re:Dumber than dumb

[brian.gunderson]

You just slashdotted a whole lotta webcams.

Way to go...

[TimeTraveler1884]

You're no better than the terrorists! Ten or so homes and businesses are likely to be burned to the ground after their AXIS Network Cameras catch fire after a thorough Slashdotting. Bravo.

Re:

[bcmm]

We need to get that on T-shirts. Black T-shirts. Just to scare non-techs.

Re:Dumber than dumb

[KudyardRipling]

This is called a JURY POOL TAINTING STATEMENT. It is designed to predispose those eligible for jury service in the jurisdictions involved to convict by using the element of fear and terror. Whenever a statement made by law enforcement officials about an alleged criminal act is broadcast, it should be quoted in the voir dire process to screen out the rubberstampers. These are defined as those who (are carefully instructed to) worry about wives, kids, homes, SUV's entertainment systems, 401k's vacations, etc. Since the media as an institution is presumed diligent in publishing such statements, there is a presumption of contamination on the part of the jury pool. That is why one of the boilerplate questions asked by the parties in court deals with this issue of media contaminating his/her worldview or view of the defendant.

Those who have a place in the system have no place in a jury.

Re:

[Applekid]

Whenever a statement made by law enforcement officials about an alleged criminal act is broadcast, it should be quoted in the voir dire process to screen out the rubberstampers.

Even if LE watched their tongues, the media would fill in the gaps for them. They bury an "allegedly" in the text and now it's free reign to spout whatever they want, really.

"Innocent until proven guilty" has long been gone from the mob vigilante justice world of public opinion. God help you if you're ever accused of anything.

Re:

[AdamWeeden]

GP is probably referring to Kenneth Foster Jr. [latimes.com].

Re:Dumber than dumb

[5KVGhost]

I don't see anything controversial about that case. If you actively participate in a violent crime and someone dies then you're just as responsible as the person who pulls the trigger. Don't want to be responsible for a murder? Then don't be a getaway driver for a gang of doped up armed robbers. It's not difficult.

Re:

[crashfrog]

Don't want to be responsible for a murder? Then don't be a getaway driver for a gang of doped up armed robbers. It's not difficult.

Not driving a guy away from a murder nobody had any idea he was going to commit doesn't make anybody less dead. Of course it might make you dead - a guy who just killed someone a second ago isn't somebody I'd say "sorry, you're on your own" to.

So explain to me again how that guy is responsible? Like, responsible enough to be killed by the state for it?

Re:

[crashfrog]

He was providing assistance to the person who did it.

And, in your opinion, that merits a death sentence? I still don't see how it does.

Re:

[hax0r_this]

The governor just commuted his sentence to life:
http://www.chron.com/disp/story.mpl/ap/tx/5095674. html [chron.com]

Re:

[IBBoard]

Exactly what I thought. It's complete scare-mongering if you take it as it is written. It either reads as "if hackers can access the Internet then they can get to anything" which is scare-mongering over what hackers can do, or "if these cameras have a link to the Internet then the cameras can get to anything", which is complete garbage.

What he really means is that "if the cameras have a an insecure link to the Internet then people can exploit them, just like how if a house has an insecure link to the street

Re:Dumber than dumb

[LarsWestergren]

Has there ever been a more stupid quote than:
"If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened."

Yes. I think "No, it's not loaded! Here, I'll prove it to you!" beats it.

Re:

[adona1]

"No, it's not loaded! Here, I'll prove it to you!"

If only we could get Police Chief Dick Heitschmidt to say that as well ;)

Re:Dumber than dumb

[WhatAmIDoingHere]

"hackers on steroids"
"internet hate machine"
Wait until these stores get dogs and curtains, than we'll be REALLY fucked.

Re:

[Hoi Polloi]

Those would be be great names for bands.

Re:

[JazzLad]

This one's got the dogs, anyway ... [71.157.145.90]

Re:

[DrVomact]

If they can access the Internet, they can get to anything

Great Caesar's ghost! I'm Superman!

Re:

[Anonymous Coward]

Who but an Moron would comply ?

A nudist who's glad to have a good excuse this time? :-)

Re:Dumber than dumb

[lordofthechia]

From the article (Piro is the manager)....

"He then demanded that one of Piros' fingers be cut off for every hour his demands were not met, and another employee got a butcher knife on his orders"

Anybody wanna take bets on who was the first person fired after this incident?

Re:Dumber than dumb

[CellBlock]

You're right, but this isn't about "any forward-looking organization," it's about Wal-Mart, a company that has decided that prosecuting shoplifters isn't worth their time unless they're stealing a lot.

They'd probably harbor a sleeper cell in the loading dock as long as their supply chain of cheap Chinese crap doesn't slow down.

Re:

[Marxist Hacker 42]

They'd probably harbor a sleeper cell in the loading dock as long as their supply chain of cheap Chinese crap doesn't slow down.

Why not, I seem to remember a homeless college student spending a couple of days in one of their stores once.

Hacking security cameras, huh?

[EveryNickIsTaken]

I'm sure Jack Thompson will blame this on BioShock.

and...

[antdude]

... System Shock 2 [sshock2.com].

Re:

[zurmikopa]

I went to the comments and searched for "bio" *specifically* to see if this comment had already been made.

"wire money to his bank account"?

[TheLink]

Can't they follow the money trail from there?

Strange.

Re:"wire money to his bank account"?

[morgan_greywolf]

That depends on what country the bank account is in. In some countries, bank accounts can't necessarily be tracked back to the owner, they are secured only by a really, really fscking long account number.

Re:

[Mister Whirly]

And don't forget the banks in the Bahamas.

Re:

[avronius]

Well...

Pay-per-use cellular phones would be difficult to trace (although chances are good that you could at least narrow it down to the right area code...)
Any thoughts on how easy it would be to trace an IP telephone based call? I'm pretty sure that there are enough proxies out there to make this a nightmare in and of itself.

Some things just aren't as easy as they might seem...

Get the RIAA in on the case!

[threaded]

Why don't these stores copyright their video feed and then let loose the RIAA on the perps. That'll stop 'em!

Re:

[djones101]

That would be the MPAA. RIAA would be if the store's music that is constantly interrupted by screaming cashiers showed up on the Internet.

Is the footage on YouTube?

[140Mandak262Jamuna]

He did not record the security camera footage and upload it to You Tube? Dumb idiot. This is what dumbing down of America has done to the respectable profession of robbery.

CCTV

[Recovering Hater]

Why are the security cameras on anything other than a closed circuit? It makes no sense for their cameras to be connected to the internet.

Re:CCTV

[MyLongNickName]

How else do you outsource your security work to India?

Re:

[Opportunist]

That works as long as you don't have a real incident. The response time for the teams to arrive are awefully long, and now they started to charge by the mile.

Re:CCTV

[Skapare]

Why are the security cameras on anything other than a closed circuit? It makes no sense for their cameras to be connected to the internet.

Many companies are cutting back on security staff by eliminating in-store people that watch the TV screens. The stores still have some roving security people, but the TV screen watching is now more automated, more centralized, and in some cases even pushed out to homes where people with broadband can be paid even less than the in-store people to sit and watch a bunch of TV camera images for hours, looking for suspect people.

It might be interesting if someone developed a way to fool those systems into thinking someone is watching (frequently clicking to see the next camera).

Re:CCTV

[Egonis]

I run a security consulting business, and one of the things we do is CCTV Camera Systems.

Most of our clients are hell-bent on having internet access so that they can remotely view and control their cameras, card access systems, and PA systems.

Although it is possible to hack these systems, it is a remote chance if configured properly like anything else.

My guess is that these incidents are with default usernames and passwords on the DVR and other equipment.

However, my question is: how did they find the IP of a target store?
It's one thing to want to rob a store, but it's another to know this type of sensitive information.
And in many cases, even large stores are using DSL or Cable where they get a dynamic IP.

Sounds like an inside job to me.

Re:

[Gandalf_the_Beardy]

It's easy - most of the cameras have a default control page. You just Google for that keyword and it' will often return lots of hits of cameras with webservers that are exposed to the internet- say that $CAMERAMAKER has a default webpage of http://camerasite/view?control=mode-on [camerasite]

Just google for the keyword control=mode-on and you will get tons of hits for that camera from all over the page.

Re:

[Rob the Bold]

However, my question is: how did they find the IP of a target store?

In the olden days of modem-connected monitoring equipment, we called it "war dialing". What do the kids call it now, "war surfing"? Start at 0.0.0.0 and increment through FF.FF.FF.FF, excluding local nets if you like, and see if anything responds like a "Brand X" security camera.

But if they did that, how would they have determined the actual store location to get a phone number? Perhaps instead of an inside job, it was a bluff, and th

Re:

[Altus]

Well websites often figure out what town I am in based on my IP address. If you knew that and you knew it was, say, a 7-11 based on the promo materials visible, you could just call around to all the 7-11s in that town (one, maybe two) until you see the clerk on the camera answer your call. Then your in business.

Even if you didn't know it was a 7-11 a Google search of continence stores would provide a fairly short list.

IP sensitive?

[Rob T Firefly]

However, my question is: how did they find the IP of a target store? It's one thing to want to rob a store, but it's another to know this type of sensitive information.

IPs are about as sensitive as a street address. Send an email to the store's staff about any stupid thing that would warrant a reply, get an IP back in the headers. Or just give them a web link to click, or an email that takes advantage of crappy Outlook and auto-loads something from your own webspace, and wait for the hit. Either way, you end up with a nice IP range to scan out in exchange for minimal effort.

Wireless

[Anonymous Coward]

However, my question is: how did they find the IP of a target store?
It's one thing to want to rob a store, but it's another to know this type of sensitive information.

In my WarDriving travels, I've come apon many SSID-hidden wireless networks around stores. Sometimes they aren't even encrypted. My recent curiosity with these nets reveals a few wifi networked cameras in some locations, and sometimes if you log into these networks, you can find a nat. From there it's simply accessing a site that gives you a IP.

But why bother when you already have access to there cameras via a unsecured access point?

Anonymous for obvious reasons.

Re:

[Lumpy]

Although it is possible to hack these systems, it is a remote chance if configured properly like anything else.

They rarely are. as a Technology specialist company that also does cameras, we find that 9 times out fo ten the default passwords are set for the administration access of the DVR and even the IP cameras.

Out of the last 35 jobsites over 30 of them still had defaults set that would allow access in one way or another. Yes these were installed by "professional companies". some of them had adminis

Re:

[ralphclintellis]

According to current reports, the claim that the cameras were compromised was withdrawn.

Re:CCTV

[Fox_1]

Mod Parent up - this was actually withdrawn yesterday - the cops spread at little FUD with their Internet Hackers working the Security Camera Comments - but now they have backed off on this statement, particularly since the Hutchinson Incident was caused by locals who have been taken into custody.
see here [kansas.com]
Oh and no bombs have ever been found, there are a lot of embarrassed people out there who have really overreacted to these 'menacing & scary' phone calls.

Re:

[StikyPad]

On the other hand, if they *had* found a bomb...

Does it really make sense to risk the lives of tens or hundreds of customers just to call a bluff? I would draw the line at violence against another person (or myself for that matter), but ten grand of corporate funds? Who cares? "Here's the money, have a nice day," then call the cops when it's over. It's nothing to be embarrassed about; they did the right thing.

Re:

[Fox_1]

Hey I could ignore it, I guess, but if I was in their positions I would have prepared an emergency response plan that includes response to bomb threats in addition to the usual of theft, medical crisis and fire. The place I would go to get started on that plan might be somewhere like here [nsi.org].

If I followed the directions in that document it would be unlikely that my employees would be running around with butcher knives threatening my fingers, while 100 fat middle aged Americans got naked on the floor.

That doc

Re:

[Torvaun]

Every place I've worked, policy has been, "If they claim they have a bomb, you do what they tell you to do." Suppose they actually did have a bomb, and they blew it up when you didn't do what they said. The store is now liable for a shitload of lawsuits from the victims' families. Not to mention you're dead.

Wal-Mart would send the money. Taco Bell would send the money. Any place that had the option of sending the money would send the money. You could take the case off an old digital clock, put the who

Different businesses in different cities???

[stanleypane]

FTA:

FBI spokesman Rich Kolko said the threat appears to be related to a plot in recent days focusing on banks and stores in places like Detroit, Phoenix, Salt Lake City, Philadelphia and Newport, R.I.

It sounds like they are randomly finding these cameras all over the place. They aren't hitting just one chain or anything like that. It's different types of businesses in completely different cities.

I think it's highly unlikely that they have an inside connection in 11+ states spread across the US. It'

Why CCTV is on the internet

[G4from128k]

It's a valid question. Companies put security cameras on the internet to enable remote recording and control. It lets the central office or outsourced security firm handle all the digital video and dispatch police/fire services from a cost-efficient central location. If you owned 100 convenience stores in 10 states, where would you put the security office and how would you link them?

Rather than build a dedicated hardwired telecom network, companies are using the internet to connect everything together (security systems, financial systems, medical records, industrial control, etc.) As we can see from this example, they think they've created their own virtual network (of some degree of privacy), but in practice, the system is extremely vulnerable. I'd bet that more than a few internet-connected security cameras run with factory-default passwords.

Re:

[Rob the Bold]

I'd bet that more than a few internet-connected security cameras run with factory-default passwords.

And even if they change it, there's still the "Joshua" back door.

Re:

[Rob the Bold]

Why are the security cameras on anything other than a closed circuit? It makes no sense for their cameras to be connected to the internet.

I don't know that they actually are interwebbed, but if they were, it would be to save money over having a dedicated line for every store. The Dillons stores are owned by Kroger now, so home office is hundreds of miles away.

Re:CCTV

[canUbeleiveIT]

Last year we put a security camera system into a auto recycling yard using IP cameras. They had been suffering a rash of after-hours breakins to steal the platinum that is in old catalytic converters. The system recorded to a DVR, but also was hooked to motion sensors that, when activated, would call the manager's cell phone, as well as start pitching still shots across the internet to a remote ftp server.

Two weeks after installation, the thieves broke in. When they saw the cameras and the DVR, they set fire to the place to destroy the evidence, but the still photos were enough to identify and convict them. They haven't had a problem since.

Re:CCTV

[Ajehals]

They haven't had a problem since.

Is that on account of no longer having a business as it was destroyed by fire?

ethnic lightning

[hawk]

At least in Nevada, the phrase "Jewish lightning" is *not* ethnic. Rather, it's a reference to Meyer Lanski, who was a master of the convenient fire during the mob days here.
awk
h

High risk, low reward...

[avronius]

Each of the three most common metals used in catalytic converters (palladium, platinum and rhodium) are worth a bundle. But you'd be hard pressed to get more than about $50 worth of material from each catalyst. Aa lot of work with a lot of risk for such a low return.

Re:CCTV

[ptbarnett]

Why are the security cameras on anything other than a closed circuit? It makes no sense for their cameras to be connected to the internet.

Read further in TFA:

Initially, the caller led employees to believe he was observing them.

"After a while, it sounded like he was just taking a shot in the dark at what they might be doing, or what they looked like or how they were reacting to his call," Prescott police Lt. Ken Morley said.

Re:

[Dunbal]

Please we need to hear from the 100 in the store , why didn't they leave ?
Why did they comply ?

      Because the general public have been indoctrinated into thinking that a) there are "terrorists" EVERYWHERE, especially in the parking lot outside the store, and b) of course you always do what the perpetrator wants, and then he'll let you go, right?

      Oh, and the rest just wanted to see everyone else naked.

Re:

[Hoi Polloi]

Oh, and the rest just wanted to see everyone else naked.

(Overheard during the robbery) "Ummm, did he say he wanted us to strip? Everything? Oh, just shirts. Ok. Sure he didn't mean underwear also? Sure? Because I will if he insists. I'm willing to do it. I'll get totally naked. Would he like us to dance real sexy-like also? Is that a security camera? Can it see me right now?..."

Re:

[Tofystedeth]

Because they were told by a guy they believed was watching them that there was a bomb in the store and if they tried to leave, he would blow it up. Even if there wasn't a bomb, there have in the past been bombs put in places. It's enough to make them reluctant to call his bluff.

Re:

[Jeremi]

Because they were told by a guy they believed was watching them that there was a bomb in the store and if they tried to leave, he would blow it up. Even if there wasn't a bomb, there have in the past been bombs put in places. It's enough to make them reluctant to call his bluff.

Wasn't this the plot to "Die Hard", or something? Besides, I thought that post-9/11 we were all supposed to assume that the "terrists" will kill us no matter what, and not to bother trying to appease them.... :^P

Re:

[Tofystedeth]

So you're saying that if you honestly thought there was enough credibility in the bomb threat to seriously injure a fellow hostage in an attempt to get out, that you think running away like a pussy even when the bomber said he would blow up the very building you and possibly your family and friends and 100 other people are in is somehow both safer and more "manly" than sitting it out and not needlessly endangering yourself and others? Wow, what a run-on.

Re:

[Joebert]

The cameras in the Subway (sandwich stores) my brother worked at years ago are wired to the internet.
Knowing that his boss could see what he was doing at any given moment, my brother didn't slack off much at that store.

I was fooled too

[clovis]

My wife came in a found me sitting on the floor in my underwear. I had only skimmed the slashdot article and thought that it was a disrobe-or-get-bombed threat against me. It seems that the Slashdot is only _reporting_ a bomb threat and isn't actually going to blow us up.
Also, would CowboyNeal please send back my $3,000?

Sparks

[Renraku]

This could be one of the first, and certainly not the last, case of people using security devices against the people whom they were designed to protect.

How are those net-enabled security cameras working out for you?

Re:

[aadvancedGIR]

How are those net-enabled security cameras working out for you?

Fine, I just coupled a HTTP-controlled shotgun to the ones I have in my home.

Re:

[MillionthMonkey]

link?

Internet security system ..

[rs232]

"officials were investigating whether the caller was out of state and may have hacked [kpho.com] into the store's security system"

"If they can access the Internet, they can get to anything"

"Anyone in the whole world could have access, if that's what really happened"

What kind of idiot would connect the security system to the Internet so that 'they' could get to anything. Didn't they put it on a private VPN or use a password even?

"The FBI was looking into whether the calls to the banks and stores were being placed from overseas"

I thought DCSNet [slashdot.org] was designed to provide instant access to such information. Provides absolutly no evidence of any such hacking. Sounds to me like a low level extortion plot apart from the mention of the (scary) Internet and hackers (even more scary). Since when do sophisticated thieves use Western Union and wire themselves $3,000 with a $150 service charge. Who paid the charge I wonder.

We get bomb threats here all the time, so don't take any notice ...

Re:

[Opportunist]

Since when do sophisticated thieves use Western Union and wire themselves $3,000 with a $150 service charge.

That practice is old, tried and proven. It's been used by banking trojan users for at the very least two years now. You have a trojan'd computer, hire gullible people to provide their accounts, use the trojan to transfer money to the account, the account holder then uses WU to send you the money.

Easy, anonymous and hard to track. Works like a dream.

Re:

[zakezuke]

What kind of idiot would connect the security system to the Internet so that 'they' could get to anything. Didn't they put it on a private VPN or use a password even?

Your average ordinary idiot. People don't understand when they connect that wire... they are connected to "planet earth". They really don't. Even Axis cameras don't come with a default robot.txt on their cameras.

"hacked" by simply using Google?

[Speare]

There are many store monitor camera systems that are installed with poor defaults and wide open access. Several makers' web interfaces have easy formulaic URLs to select different store views, and these commonly can be searched with plain old web search engines. This was a fun thing to do a few years back, with whole sites dedicated to lists of web cams that were likely not intended for global viewership. Without any real evidence that the web cameras were "hacked" I think it's a big stretch to assume any skill was involved here.

Re:

[rs232]

Cats Pets Donau City Strasse [62.218.22.115]

Re:

[Vegeta99]

Priceless. I caught a girl looking in the general direction of the camera, so I centered it on her. She turned around and started walking away, so I panned the camera to follow her. Sure made her hurry up!

Re:

[rs232]

You should have seen the coverage of Stuttgart Airport, pretty dumb to leave them wide open ..

Another law broken?

[Ukab the Great]

I'm sure that in some states, 100 naked people in a store legally counts as an orgy.

Re:

[jollyreaper]

I'm sure that in some states, 100 naked people in a store legally counts as an orgy.

And in Texas, possessing more than three dildos gets you arrested for "intent to distribute." Bill O'Reilly had better watch his ass in Texas.

In other news...

[dark-br]

People are stupid. Google for: inurl:"ViewerFrame?Mode="

And have fun...

Re:

[lordofthechia]

Sweet, I now get the public plaza channel and the auto shop channel!

Re:

[Opportunist]

Report to your nearest police office and turn yourself in for publishing hacking tools.

Re:

[Hoi Polloi]

I like the remote control cameras. I once played with googling for them and finding unsecured control webapps. One time I kept scanning a camera around but it would start to move back. I was wondering if the owner was trying to keep it from moving ("This thing has a mind of its own!") or if other people had found it and were also screwing around.

They were asking for this...

[cablepokerface]

I usually have Security Expert I & II equipped, so I have significantly less alarm and overload tiles. Every camera I see I take a few pictures of because then I can see the 'weaknesses' of the camera.

Of course when I have positioned myself directly under the camera I can't see me anymore and if it hangs too high I can just jump up and finish my hack in mid air.

Unfortunatly, the guards are a bitch. For them it always seems to be "bring your daugther to work day".

Other then that, hacking cameras is a

Urban legend? Hoax?

[gvc]

The commentary makes no sense at all. A bunch of disconnected factoids, that may or may not be true. I would need to hear a more convincing means, opportunity and motive before I swallowed a word of it.

hehe, this sort of thing is fun

[jollyreaper]

Well, not the crime part but the poking around with cameras. :) I was taking a computer class and one of the guys there mentioned this. I hit the google and had a string of candidates to look at within seconds. After about five minutes of searching, I found an unsecured and controllable camera. Its purpose was to monitor the construction of a new building at a California college. However, the camera had such a range of motion that I could easily turn it to observe the intersection across from it.

If any of y

A simple solution

[MillionthMonkey]

It should be legal to appear naked in public places if one has been ordered to do so over the Internet. That way, naked customers can exit hacked stores without fear of prosecution.

Reality Imitates Ghost in the Shell

[bmajik]

One of the things that "The Laughing Man" did in the GITS TV series was that he could hack video feeds in near-real-time. On one occasion he ghost-hacked someone's cybernetic eyes and became effectively invisible. More commonly, he would simultaneously hack all of the security cameras in a public place and overlay this funny "animated gif" over the top of his head to conceal his identity.

Nobody could figure out who he was because nobody had ever actually "seen" him.

Many video cameras now transmit mjpeg or

One of the dumber scams I've ever read about

[Master of Transhuman]

Yeah, wire me the money - I'll get it someday when the police aren't looking...

This was a hoax, a prank. Somebody was just having fun jerking people around.

And see how easy it was. Anybody remember the Chinese Fire Drill in the book "Illuminatus?" Act authoritative - or threatening in this case - and spew out some orders, and everybody falls right into line like lemmings.

The first response to the bomb threat should have been, "Fine - set it off. We'll settle up later, asshole."

Returned equipment

[PhotoGuy]

An obliquely related story; I bought a security webcam, wasn't happy with it, thought I did a factory reset, but I guess I didn't. When it was purchased, suddenly I was bombarded with emailed images from a strangers house :S The only ones who could track it down was the ISP Eastlink, who ignored my pleading for months.

Then CTV ran a story on it, and they magically found the customer, informed them, and the problem was solved. Amazing (and sad) how a bit of media attention will get the job done.

Link here [www.ctv.ca]

Cats Pets Donau City Strasse ..

[rs232]

You mean like this one ...

Re:Duh

[Lumpy]

Mostly it's incompetent IT and store managers that have installed panasonic IP cameras and left them not only wide open but on the internet because the store managers are retarted and want to spend their life watching the employees.

ALL of this stuff goes right back to raging incompetence. It's incredible how little these stores pay for IT, I had to teach the IT specialists for Walmart how to do basic networking when we were helping a client set up their network for their restaurant inside a new walmart store. The Walmart head of networking, or so he claimed to be, told me it was impossible to tunnel IP traffic safely through a network, no. he did not understand what a VPN was and then told me that VPN is not allowed as it's insecure and unencrypted!.... and then I had to hold their hands and show them how easy is really is to patch a phone line to a cat 5 jack in the phone room. Their network engineer told me flat out that DSL will not work over cat-5e cable. "The phone company uses Cat6 to your house!" is what he said. I was amazed at how undereducated these IT and networking people were.

With that kind of incompetence due to very low pay, it does not surprise me that security cameras are put on the net directly.

Re:

[Opportunist]

That's no wonder. What happens here is the combination of some unhealthy factors.

1. The cheapest guy gets the job. Now, the cheapest is never the best, and rarely even good enough to actually do it good.
2. As soon as it "works", stop working on it. As soon as the picture somehow appears on the screen of the manager, he's satisfied. He does not care about whether someone else can see it. If he is, his wannabe-admin will lie to him because he'd have to fix it in his (unpaid) overtime and the manager can't tes

Re:

[asdfghjklqwertyuiop]

With that kind of incompetence due to very low pay, it does not surprise me that security cameras are put on the net directly.

It isn't due to low pay. It is just IT in general. This whole industry is overflowing with incompetent morons. I've encountered web designers who don't know what a CSS class is; programmers who think client-side Javascript is sufficient input validation; network people who think apache web sites necessarily run on a different port number... Many of them make decent money (often at la

YOU FUCKING LOVE IT

[Anonymous Coward]

inurl:/view/index.shtml
inurl:"ViewerFrame?Mode="
inurl:netw_tcp.shtml
intitle:"supervisioncam protocol"
inurl:CgiStart?page=Single
inurl:index Frame.shtml?newstyle=Quad
intitle:liveapplet inurl:LvAppl
inurl:/showcam.php?camid
inurl:vide o.cgi?resolution=
inurl:image?cachebust=
intitle :"Live View / - AXIS"
inurl:view/view.shtml
intext:"MOBOTIX M1"
intext:"Open Menu"
intitle:snc-rz30
inurl:home/
inurl:"Multi CameraFrame?Mode="
intitle:"EvoCam" inurl:"webcam.html"
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View / - AXIS 206M"
intitle:"Live View / - AXIS 206W"
intitle:"Live View / - AXIS 210"
inurl:indexFrame.shtml Axis
inurl:"ViewerFrame?Mode="
inurl:"MultiCamer aFrame?Mode=Motion"
intitle:start inurl:cgistart
intitle:"WJ-NT104 Main Page"
intext:"MOBOTIX M1" intext:"Open Menu"
intext:"MOBOTIX M10" intext:"Open Menu"
intext:"MOBOTIX D10" intext:"Open Menu"
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"sony network camera snc-p1"
intitle:"sony network camera snc-m1"
site:.viewnetcam.com -www.viewnetcam.com
intitle:"Toshiba Network Camera" user login
intitle:"netcam live image"
intitle:"i-Catcher Console - Web Monitor"
inurl:/home/home

Re:

[forgotten_my_nick]

someone should mod you up.

Yep and this is very old news. I recall when the thing originally came out I tried a few links and was looking at Japanese Streets, stores and vets offices. Not to mention someones living room. The best one was some old folks home where they had the camera set up that you could zoom into each room in the buildings across the street and actually read the papers people were reading.

Less to do with hacking and more do with people using technology they have no idea how to set up to be

Re:

[BlueTrin]

Somebody sue google ... fast ...

Re:

[multisync]

Somebody sue google ... fast ...

I'm sure when the city of Tuttle OK's traffic cams start pointing at random subjects, Jerry Taylor will threaten to call the FBI [theregister.co.uk] again.

Re:Duh

[CmdrGravy]

Have you tried

"Hi, I am ze plumber. I haf com to examine ze pipework, ver can I place my tooool ? It is ver huge and I can't keep it in here much longer"

Re:

[Random832]

Probably testing the waters (i.e. make sure they're intimidated into doing whatever the thieves say) before giving them bank account information to do the wire transfers.

Re:

[j00r0m4nc3r]

1. Open store
2. Receive bomb threat
3. Ignore demands, find bomb
4. Sell bomb on black market
5. Profit!!!
6. Goto Step2