Horror Baby? Hackers, Baby

Ever see Paranormal Activity? One of the creepier scenes involves ghostly/demonic activity swirling around a baby’s crib, caught on camera. Recently, a Minnesota couple went through similar eerie behavior in real life, with a baby cam that played music, moved, swiveled and…seemed to be watching…all on its own.

It started with the music. “We were sleeping in bed, and basically heard some music coming from the nursery, but then when we went into the room, the music turned off,” the Rochester, Minn. mother told the NBC affiliate.

Later, they noticed that the camera never seemed to stay put – as a test, they pointed it against the wall, only to come back later to find that it had swiveled back around.

Creepy stuff indeed. But before rushing off to call the priest (or the Ghost Adventurers crew), the couple suspected a more down-to-earth explanation – and one that is perhaps creepier than any potential spiritual cause.

It turns out that the baby monitor had been hijacked by hackers – for the purpose of posting pics online for would-be voyeurs. “We were able to track down the IP address through the Foscam software, and found out that it was coming from Amsterdam,” said the mom. “That IP had a web link attached to it.”

And the couple was not alone – tens of thousands of feeds from IP-attached endpoints around the world are on offer. And there’s surveillance to suit every sick fancy.

“There’s at least 15 different countries listed and it's not just nurseries – it's people's living rooms, their bedrooms, their kitchens,” she added. “Every place that people think is sacred and private in their home is being accessed.”

And, site visitors can sort the picture by country and type of room.

"This isn't just you know Rochester, Minnesota,” she said. “It’s pretty sick.”

Needless to say, the family disconnected the monitors immediately. But the local news crew covering the story plugged the camera back in to see what would happen. An hour later, pictures from the nursery were already online at the site. Clearly, the hackers have automatic sensors for when cameras are online.  

Unfortunately, this isn’t an isolated case. Last fall, hundreds of feeds from baby monitors, CCTV cameras and webcams from UK homes and businesses were discovered to have been hacked and uploaded onto a Russian website.

 “The Russian site currently shows what is believed to be a child’s bedroom in Birmingham, a gym in Manchester, an office in Leicester, and a shop interior in London, among others,” UK newspaper the Independent reported.

Obviously, to avoid peering eyes – and spine-tingling real-life horror scares – any and all video devices that connect to the internet need to be relieved of their default passwords immediately upon installation.

In fact, the Russian site’s administrator said that the purpose of the UK hack was to highlight poor security and password practices – and that the feeds will end “only when all cameras will be password protected.”

What’s Hot on Infosecurity Magazine?