Are you sitting in front of an Internet connected IP webcam? Have you never bothered to change the default password? Are you naked? If the answer to all three of these questions is 'Yes,' then may I suggest you start to get slightly concerned.
A new website which offers a rather unethical and invasive use of webcam technology has just appeared online - and it doesn't exactly ask for the consent of its stars. Called Insecam, the website streams footage from approximately 73,000 Internet-connected IP cameras from around the globe. Many of them appear to show places of work, commerce and parking lots, but others also seem to be connected to personal computers in people's homes.
It seems at first glance to almost be something from an Orwellian dystopia, and is also slightly reminiscent of Batman's sonar surveillance technology in The Dark Knight. However, unfortunately, it seems the owners aren't in a hurry to destroy the technology, as he did.
How Does It Do It?
Insecam is fairly open - indeed perhaps brazen - about their 'work.' The majority of webcams which are accessed are apparently running on default security settings, meaning they have simple passwords such as "admin1" or "password." Insecam state on their homepage:
Sometimes administrator (possibly you too) forgets to change default password like 'admin:admin' or 'admin:12345' on security surveillance system, online camera or DVR. Such online cameras are available for all internet users. Here you can see thousands of such cameras located in a cafes, shops, malls, industrial objects and bedrooms of all countries of the world.
Internet connected webcams are different from CCTV in that they do not operate on a closed circuit. Instead, they stream footage onto a network without necessarily having to be connected to a recording device. Mic.com quote Ars Technica's Tom Connor to help explain the situation:
Once an IP camera is installed and online, users can access it using its own individual internal or external IP address, or by connecting to its [network video recorder] NVR (or both). In either case, users need only load a simple browser-based applet (typically Flash, Java, or ActiveX) to view live or recorded video, control cameras, or check their settings. As with anything else on the Internet, an immediate side effect is that online security becomes an issue the moment the connection goes active.
What's perhaps even worse, is that the website also reveals the location of the IP address using Google Maps, adding another invasive layer to this already insidious project.
Isn't This Illegal?
At the very least it is highly unethical, while at the most it is almost certainly illegal in some cases. While some of the webcams available to view are clearly meant to be watched by the public, many are not. Furthermore, even in cases when the camera is being used for surveillance in a store, members of the public likely only accept this surveillance on condition it is only watched or used by employees or representatives of the store they entered. Not some random dude on the internet.
Insecam attempts to justify this by stating the website is designed to draw attention to the importance of webcam security. However, even using default passwords to access a restricted area of a network is a violation of established laws. While talking to Motherboard, Attorney Jay Leiderman claimed Insecam is a "is a stunningly clear violation of the Computer Fraud and Abuse Act (CFAA)" despite its self-confessed altruistic intentions. Leiderman continues:
You put a password on a computer to keep it private, even if that password is just '1.' It's entry into a protected computer.
What Can Be Done?
Unfortunately, there doesn't seem to be a whole lot anyone can do about it. According to Gawker, the website is registered through GoDaddy to an IP address in Moscow. As I'm sure many of you know, Russia is kind of a dark-hub of various illegal websites, while the Russian authorities seem reluctant to do much about it.
However, it seems a simple way around all this is to change the default password on your camera to something difficult to guess. This should then protect you from the wandering eyes of internet voyeurs.