Who's hacking into home security cameras?
VANCOUVER -- A young girl alone in her home in Mississippi hears a creepy voice coming through a Ring security camera.
"I'm Santa Claus. Don't you want to be my best friend?"
She screams out for her mother.
In Cape Coral, Fla., a couple is subject to racial slurs as a hacker watches and talks to them through their home security system.
And in Georgia, a woman lying in bed is cursed at by someone hacking into her system.
All these recent attacks have been on Ring security camera systems.
"We have not evidence of an unauthorized intrusion or compromise of Ring's systems or network," Ring said in a statement to CTV News.
"In the case of Ring, the research that we've done, it appears that this is a password issue," said Robert Capps, vice-president of market innovation for NuData Security.
Ring believes hackers are using previously compromised login credentials that were exposed in past data breaches.
"Based on the things we've seen, it looks like people are just bored over the holidays and they're accessing whatever accounts they can and creating whatever havoc they can," added Capps.
Now Motherboard Tech by Vice is reporting that a group of about 200 hackers have been targeting Nest and Ring cameras and livestreaming the feeds to the Discord server, calling it the NulledCast, a show that "uses the cameras and speakers to talk to and harass their unsuspecting owners."
A prank – fun, maybe, for them, but not for the victims of the hacks.
"I watched the video and I mean, like, they could have watched them sleeping, they could have watched them changing," said Ashley LeMay, the mother of the Mississippi who was spied on.
Motherboard Tech by Vice is reporting that a software program to hack Ring cameras had become popular on the forum. It churns through previously compromised credentials to hack into accounts on a large scale.
"They're looking to see where that consumer has used that password in other places so they can access those accounts," said Capps.
There are a couple of websites that can help you find out if you've been compromised.
One is called Have I Been Pwned.
Another is Identity Leak Checker.
Both have been built by researchers who, like the hackers of the world, were able to obtain email address and passwords that had been amalgamated from data breaches and uploaded to the dark web.
That's why you need to change your passwords regularly. Many people use the same passwords across several accounts.
Some passwords tips from experts include:
- Never use personal data in a password like, a pet's name, birthdate, or family names.
- Don't reuse passwords.
- Don't recycle passwords by just modifying it by adding a letter or number.
According to Tech Insider, an 11-character password can be cracked by hackers in three days by using a computer program that can make 1,000 guesses per second, while a 25-character pass phrase can take up to 550 years to crack, using the same system.
The hacks come at a bad time for Ring but the good news is the hardware and security systems by Ring have not been compromised.
"The best part of these devices, because Amazon backs the organization that produces them, they're fixing these problems as soon as they're found," explained Capps.
"I don't think this is going to be a major hit to their brand. I think people will still buy the products, people will continue to use the products. They are still very good products in my opinion."
Apparently all the media attention has panicked some of the members of the the NulledCast group. According to Motherboard Tech by Vice, some members of the group have vowed to shut down and are circling the wagons and deleting evidence to avoid getting caught.