THE BLOG

Spycam Hacking Shock

23/11/2014 18:28 GMT | Updated 21/01/2015 10:59 GMT

Much of the UK media was dominated this week by yet another security story - this time the news that thousands of web cameras and even baby monitors around the world had been hacked and their images displayed on a website, allegedly to warn users to set up passwords and other security procedures.

What shocked me about this story was not that this happens, but that people are surprised it has and we have failed to take even the most basic security steps like setting a password when connecting cameras and monitors to the Internet.

This particular website lists streams from more than 250 countries including 500 feeds from the UK alone. The site's database shows listings for 4,591 cameras in the US, 2,059 in France and 1,576 in the Netherlands.

It's a worldwide problem and it will only get worse as we connect more and more devices and applications to the Internet and we try to protect the data in between.

The reality is that we are experiencing a new wave of technology that's being defined by connected devices everywhere. It's all a part of the Internet of Things, or IoT. These connected devices are impacting our lives on a daily basis, changing everything from the way we provide healthcare to heating our homes to running our manufacturing facilities and other critical infrastructure. Today there are 10 billion connected devices but that number is expected to grow exponentially - exceeding 50 billion sensors, objects, and other connected "things" by the year 2020.

Of course the ultimate goal of IoT is to increase operational efficiency, power new business models, and improve quality of life. By connecting everyday objects and networking them together, we benefit from their ability to combine simple data to produce usable intelligence. But that also means there is greater potential that more personal information and business data will exist in the cloud and be passed back and forth, and with that comes significant implications for applying proper security to protect the data and establishing privacy policies to address how the data is used.

But as this webcam story shows, in today's world of IoT, security needs to be top of mind as the number and type of attack vectors will continue to increase as will the amount of data, creating a daunting challenge for companies and those responsible to defend the infrastructure.

I don't want to speculate on what the real motives behind the individuals running this particular website carrying the hacked camera and monitor feeds, but the reality is today criminal gangs dominate cybercriminal activities all around the world and are well resourced and highly experienced in the work they do.

Clearly cybersecurity models need to radically change to provide the right level of protection for this new, connected world. The number and diversity of connected devices and associated applications is so large and growing so fast, that the very foundation of many of our cybersecurity assumptions is being challenged.

If we don't get security right, we wont benefit to the degree we should from the huge advantages which the connectivity of the Internet of Things will bring us in the future.

So, whether the hackers were flexing their muscles and saying to the world "hey, look what we can do" or simply reminding users that not setting a password on an internet connected device can leave you very exposed, who knows?

In the meantime we can do the simple things to start with. If you connect a device to the Internet - no matter how innocuous it might seem - set a password using numbers and letters and ideally special characters to make it as hard as possible for anyone snooping out there.