A Russian-based website is snooping on thousands of homes, invading the most private of personal spaces, watching your baby sleep, your most intimate moments, all without you being aware of the invasion.
The website, which Newsmax has declined to identify for reasons of privacy, has penetrated as many as 4,600 locations in the U.S., including private homes, by remotely activating cameras in computers and computer-connected baby monitors,
The Washington Post has revealed.
The advertising-supported website is peeping into more than just homes in the U.S. – the Post estimates that 2,000 web cameras in France, 1,576 in Holland, 870 in Japan, 584 in Britain and homes in Mozambique, Gambia and Bahrain are being viewed daily by users of the site.
Vulnerable to the spying are computer webcams and computer-connected baby monitors when users have not changed the default passwords from the standard passwords supplied by manufacturers, which are readily available and well known to hackers, the
British Information Commissioner's Office (ICO) noted.
And it's not only homes which are being targeted – malls, pubs and business offices also are online on the site, the ICO says, in countries such as Nicaragua, Pakistan, Kenya, Paraguay and Zimbabwe.
"The danger of using weak passwords has been exposed again this month after a new website was launched that allows people to watch live footage from some of the insecure cameras in the world,” the ICO warned. "The website, which is based in Russia, accesses the information by using the default login credentials, which are freely available online, for thousands of cameras."
Camera manufacturers such as Foscam, Hikivision, Panasonic, IP Camera and Linksys have been targeted, and China-based Foscam's chief executive Chase Rhymes
told the BBC that "an analogy best describing this would be just because someone leaves their window open, it does not give permission for an authorized individual to set up a camera outside their window and broadcast the feed worldwide."
In all, there are 152 countries represented on the website, which contains a disclaimer stating: "This site has been designed in order to show the importance of the security settings,"
Vice.com noted.
Matthew Green of the Department of Computer Science at John Hopkins, told Vice.com, "what is different about this is that there are actual victims; that they are individuals. The real problem is that the people who are the victims – the people who are being observed – are not necessarily being notified that this is happening."
Several laws blatantly are being broken by the website – the Computer Fraud and Abuse Act in the U.S. and the Data Protection Act and Computer Misuse Act in the UK – but because the site is based in Russia, legal action is unlikely, experts told the BBC and the ICO.
A person claiming to be the administrator of the website contacted Vice.com by email and said: "This problem (easy remote access to webcams) was in darkness for many years. Most people still do not know about the problem."