What happened?
Privacy fears were raised over a Russian website that streams webcam footage from thousands of homes and businesses around the world, including the UK.
The site exploits webcams that have been set up to be accessed remotely, for example as a security measure to view footage of your home over the internet while you’re away. Hackers have managed to gain access to these webcams because they are not properly secured and still use the default passwords.
The Russian site, called Insecam, scans the web for connected devices and tries default login credentials for thousands of makes of camera, including CCTV security cameras and baby monitors. If successful, it’s able to access and share video streams of office workers, children playing in nurseries and even people asleep in bed.
The UK's data watchdog, the Information Commissioner’s Office (ICO, www.ico.gov.uk), alerted the US Federal Trade Commission about the problem, to force Russia to take the site down. However, this was two months after the Mail on Sunday ran a story about the website on 20 September. At the time of writing, all webcam streams appear to have been removed from the site.
Information Commissioner Christopher Graham told the BBC that his office hadn’t known about the Mail on Sunday article and only became aware of the website after colleagues in Australia and Canada alerted the watchdog. The ICO then issued its warning the following day.
"We only knew about it 24 hours ago," Graham told the Guardian. "This is a very obscure website, run by Russians, registered in an offshore territory administered by Australia." He pointed out that taking down the website doesn’t protect users from other hackers, stressing that they need to change their default passwords and choose strong alternatives.
Graham said it was "spooky” that children were shown sleeping in their beds, but added that it was the parents’ responsibility to set a new password for a baby monitor.
How will it affect you?
If you use a webcam for any purpose, you should change the password from the default. In fact, you should do this with any hardware you own because default passwords can easily be found using a simple online search.
If this privacy breach sounds extreme and rare, don’t forget that it's happened before: earlier this year, a hacker gained access to baby monitors in the US and used the built-in speakers to yell at children. Also, attackers have previously targeted webcams built into laptops to spy on users.
It’s unclear exactly what the Russian site hopes to achieve, but some reports suggest it may be trying to highlight how poorly protected many web-connected devices are. As the so-called Internet of Things allows more and more home appliances to be online all the time, these problems will only increase.
What do we think?
It’s chilling to think that someone is spying on you. and also alarming that our own data watchdog does such a poor job of protecting us. We're surprised that the original report about the Russian website in such a high-profile national newspaper was missed by the ICO, and we hope that the watchdog pays closer attention to such stories in future so it can protect us from data breaches.
That said, the ICO has been slow to pick up on several privacy issues in the past: when Google's Street View cars were exposed for collecting Wi-Fi data as they photographed houses, the ICO waited until other countries’ privacy officials had come to a decision before making its own. It’s also failed to respond publicly to Edward Snowden’s revelations about government surveillance, which is undoubtedly the biggest privacy story of the past year.
As more data is collected about us, and more of our devices are connected to the web, we need an effective and reliable data watchdog. Right now, the ICO simply isn't effective enough, and it’s time for Christopher Graham and his office to step up or step aside and let another body tackle this tough job.