LONDON, Nov 20, 2014 (AFP) – A Russian website offering thousands of live feeds peering into bedrooms and offices around the world by accessing poorly secured webcams should be taken down immediately, British officials said on Thursday.
The Information Commissioner’s Office (ICO) said the site was taking advantage of devices like CCTV cameras and remote-access baby monitors without security protection and with weak passwords.
"I want the Russians to take this down straight away," Christopher Graham, the information commissioner, told BBC Radio 4’s Today programme.
"We’ve known about this for about 24 hours but we’ve been working out how best to deal with it because we want to take regulatory action," he said.
Graham said that the first reports about the website, which has a domain name in the Australian-administered Cocos Islands, came from Macau and Hong Kong, then Australia and Canada.
Britain is now planning "very prompt action" with the Federal Trade Commission, the US consumer protection agency, "to get this thing closed down", Graham said without giving further details.
Roskomnadzor, the Russian communications agency, declined immediate comment.
In Britain, the ICO said around 500 feeds had been targeted, including a gym in Manchester, a house in Birmingham, and an office in Leicester.
– ‘Leave your house open’ –
"The website, which is based in Russia, accesses the information by using the default login credentials, which are freely available online, for thousands of cameras," said Simon Rice, ICO group manager for technology.
"The footage is being collected from security cameras used by businesses and members of the public, ranging from CCTV networks used to keep large premises secure, down to built-in cameras on baby monitors," he said.
The site reveals the location and manufacturer of the device whose feeds have been accessed using software and search tools.
Chinese company Foscam was the most commonly listed manufacturer, followed by US firm Linksys and Japanese multinational Panasonic.
"We are still trying to determine which Linksys IP cameras are referenced on the site," a company spokeswoman told the BBC.
All three stressed that customers were instructed to change the default passwords in order to secure their devices.
Mischa Dohler, wireless communications expert at London’s King’s College, said the site was not hacking in the traditional sense, and was just making use of search engines freely available on the Internet.
"It’s as though you leave your house open, and people come inside, is that ok or not ok? They’re not touching anything or taking anything away," he told Sky News.
Given the broad range of devices affected and international scope of the website, an ICO spokesman admitted that it had no power to take it down.
"If a website in the UK did this we would take action against it because firstly it’s a breach of the Data Protection Act because you are accessing people’s information and you shouldn’t be, and secondly there are also issues around the Computer Misuse Act as well," he said.
Data watchdogs across the world have already drawn attention to the site, which is hacking 4,591 cameras in the US, 2,059 in France and 1,576 in the Netherlands.
"We’ve got to grow up about this sort of thing. These devices are very handy if you want to check your child is ok and the shop’s alright but everyone else can access that too unless you set a strong password," Graham said.
"If you value your privacy, put in the basic security arrangements."