Britain urges Russia to shut down webcam spying site
LONDON - Agence France-PresseA Russian website offering thousands of live feeds peering into bedrooms and offices around the world by accessing poorly secured webcams should be taken down immediately, British officials said on Nov. 20.
The Information Commissioner's Office (ICO) said the site was taking advantage of devices like CCTV cameras and remote-access baby monitors that lack security protection or have weak passwords.
"I want the Russians to take this down straight away," Christopher Graham, the information commissioner, told BBC radio.
Graham said the first reports about the website, which has a domain name in the Australian-administered Cocos Islands, came from Macau and Hong Kong, then Australia and Canada.
Britain is now planning "very prompt action" with the Federal Trade Commission, the US consumer protection agency, "to get this thing closed down", Graham said without giving further details.
But a spokesman for Roskomnadzor, the Russian communications watchdog, denied that his country was responsible and said questions should be asked of webcam manufacturers.
"Most likely Russia has nothing to do with this," Roskomnadzor spokesman Vadim Ampelonsky told AFP Thursday evening.
"The domain is registered in the United States."
In Britain, the ICO said around 500 feeds had been targeted, including a gym in Manchester, a house in Birmingham, and an office in Leicester.
"The website, which is based in Russia, accesses the information by using the default login credentials, which are freely available online, for thousands of cameras," said Simon Rice, ICO group manager for technology.
"The footage is being collected from security cameras used by businesses and members of the public, ranging from CCTV networks used to keep large premises secure, down to built-in cameras on baby monitors," he said.
The site reveals the location and manufacturer of the device whose feeds have been accessed using software and search tools.
Chinese company Foscam was the most commonly listed manufacturer, followed by US firm Linksys and Japanese multinational Panasonic.
"We are still trying to determine which Linksys IP cameras are referenced on the site," a spokeswoman for the US company said.
"We believe they are older Linksys IP cameras which are no longer being manufactured. For these cameras we do not have a way to force customers to change their default passwords," she said.
All three stressed that customers were instructed to change the default passwords in order to secure their devices.
Mischa Dohler, wireless communications expert at London's King's College, said the site was not hacking in the traditional sense, and was just making use of search engines freely available on the Internet.
"It's as though you leave your house open, and people come inside. Is that OK or not OK? They're not touching anything or taking anything away," he told Sky News.
Given the broad range of devices affected and international scope of the website, an ICO spokesman admitted that it had no power to take it down.
"If a website in the UK did this we would take action against it because firstly it's a breach of the Data Protection Act because you are accessing people's information and you shouldn't be, and secondly there are also issues around the Computer Misuse Act," he said.
Data watchdogs across the world have already drawn attention to the site, which is hacking 4,591 cameras in the US, 2,059 in France and 1,576 in the Netherlands.
"We've got to grow up about this sort of thing. These devices are very handy if you want to check your child is OK and the shop's alright but everyone else can access that too unless you set a strong password," Graham said.
"If you value your privacy, put in the basic security arrangements."