InfoSecBulletin Cybersecurity for mankind
The Korean National Police arrested suspected four people for hacking over 120,000 IP cameras and selling the footage to a foreign adult website. Police are acting against the operators of the illegal content despite not revealing the suspects or websites, through international cooperation.
“The National Office of Investigation announced that four suspects who hacked over 120,000 IP cameras installed in private homes and commercial facilities and sold the stolen footage on an overseas illegal website have been arrested,” reads an announcement from the National Office of Investigation.
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
“Investigations are also underway against the website’s operators as well as buyers and viewers of illegal sexual-exploitation materials. Protection measures are being carried out simultaneously to prevent additional harm to the victims.”
Four suspects hacked thousands of cameras and captured vast amounts of video from unaware users. The announcement highlights their activities as follows:
Suspect B (unemployed) – Hacked 63,000 IP cameras and produced and sold 545 illegal sexual videos for 35 million KRW ($23,800) worth of virtual assets.
Suspect C (office worker) – Hacked 70,000 IP cameras and produced and sold 648 illegal sexual videos for 18 million KRW ($12,300) worth of virtual assets.
Suspect D (self-employed) – Hacked 15,000 IP cameras and produced illegal content, including underage people.
Suspect E (office worker) – Hacked 136 IP cameras.
It is unclear if some cameras were hacked multiple times.
Investigators found that 62% of the website’s illegal voyeuristic and sexual exploitation content last year came from suspects B and C.
Three people who bought content from the illegal site have been arrested and could face three years in prison. Police are working with foreign authorities to find the site’s operators and take it down.
Authorities identified 58 affected locations and advised users to reset their passwords and submit takedown requests. The police promised an aggressive response to secondary harm against victims.
“Viewing or possessing illegal sexual-exploitation videos is also a serious criminal offense, and we will investigate it actively,” warned Park Woo-hyun, Director of Cyber Investigation Policy at the National Police Agency.
Users of IP cameras should change the default admin password to a strong one, disable remote access when unnecessary, and update the firmware regularly.
