Hacktivist group releases security camera data of Tesla, Cloudflare in massive breach

An international 'hacktivist' collective called "APT 69420 Arson Cats" has revealed that it breached the security systems of Silicon Valley company Verkada.Inc, releasing live footage of over 150,000 client cameras including ones in Tesla plants and even prisons.

Verakada provides an artificial-intelligence powered system service called "People Analytics," which lets a customer "search and filter based on different attributes, including gender traits, clothing colour, and even a person's face."

The hacktivist collective led by hacker Tillie Kottmann claims it has access to security archives and states its objective is to expose "just how broadly we're being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit."

Speaking to Madhyamam, Kottmann expressed his concern at how apathetic the general population was to the surveillance and data collection being conducted by employers and companies around them.

"I think one of the big things here is how not only the people you know are surveilling you anyways have access to this stuff, and how trivial it is to breach surveillance systems," Kottmann said.

The group claims that they were able to access Verkada systems through a "super administrator" account whose username and password was left online, giving them "root" access to cameras meaning that they could view and access them at ease.

They alleged that 200 cameras were from Tesla factories and warehouses, and 330 cameras in Alabama's Madison County Jail. In the footage accessed by Bloomberg that first broke the news, hackers could also apparently view inside women's healthcare facilities, ICU rooms and even Verkada's own offices and the house of a Verkada employee.

According to a Reuter's report, Tesla China has denied any security breach in their branch in Shanghai and has said that the footage was limited to a single supplier in the Henan province. In a statement to Ars Technica, a spokesperson for data security company Cloudflare said that they had been alerted by the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised.

"The cameras were located in offices that have been officially closed for nearly a year. As soon as we became aware of the compromise, we disabled the cameras and disconnected them from office networks. To be clear, no customer data or processes have been impacted by this incident," the statement reads.

Verkada's spokesperson said that the company had notified law enforcement and that internal administrator accounts had been disabled to prevent remote access. Their internal security team and external security firm "are investigating the scale and scope of this issue," the spokesperson said.

Meanwhile, Kottmann's account has been suspended by Twitter over violations of policy which includes usage or distribution of materials obtained via hacking. "They're not a big fan of hacktivism," Kottmann laughs.

Kottmman has also been involved in previous hacktivism efforts, including a leak of over 20 GB worth of confidential information from manufacturer 'Intel' last year.