Governments act against webcam-snooping websites

Insecam, which broadcast feeds from unsecured webcams, no longer works

Government officials in the US and the UK are warning people to secure their webcams after websites that broadcast the contents of those cameras have sprung up online.

One of the better-known sites, Insecam, appeared to have gone offline after the warnings Thursday, but at least one site that publishes similar content was still available.

The websites show footage from security cameras used by businesses and in people's homes, including CCTV networks that secure buildings and even cameras built into baby monitors.

Earlier Thursday, the UK.'s data protection watchdog warned of a website based in Russia that accesses thousands of webcams using their default logins and passwords, which it said can be easily found online.

The US Federal Trade Commission also weighed in, warning users to ensure video feeds are encrypted and that wireless routers are protected by passwords.

"Once you've bought your IP camera, check its security settings and keep its software up-to-date," wrote Nicole Vincent Fleming, a consumer education specialist with the FTC in a blog post.

Security experts have long warned that not changing the default credentials on such devices can allow them to be accessed by hackers.

The domain name was registered through GoDaddy earlier this month, though whoever registered it chose to keep their registration details private in the "whois" domain directory.

The UK information commissioner has reportedly urged the Russian authorities to take down the site.

A similar website linked to in a Reddit discussion thread recently was still active Thursday and offers steams from around the world, searchable by country or by US state. That site says it finds the webcam streams unprotected on the Internet.

"We do not hack people's passwords," the site advised. "We simply locate cams hiding away in search engines, grab a snapshot, and present them to you here. The snapshots update every few hours."

One feed, titled "Living Room", shows an elderly woman in Seattle, apparently in her home. Another is from a barber shop in Tallahassee, Florida. It wasn't clear if some of the feeds are intended to be public or have been mistakenly left open.

Some webcam services use two-factor authentication, which requires a one-time passcode to access the service in addition to login credentials. That can help prevent unauthorized access if the login credentials are compromised.

"The ability to access footage remotely is both an internet cameras biggest selling point and, if not setup correctly, potentially its biggest security weakness," the U.K.'s information commissioner's office warned.

GoDaddy, where and were registered, said it's not responsible for the sites because the content is hosted on a different service.

"This means that any of the content appearing when you visit the website is not on our servers and we do not have control over it. Since we do not host the content of the website, users would need to file a complaint with the Web hosting provider," said GoDaddy spokesperson, Nick Fuller.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Trade CommissionsecurityInformation Commissioner's Officedata protectionmalware

More about Federal Trade CommissionFTCUS Federal Trade Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place