Four people charged over scheme, where internet-connected surveillance cameras were hacked

Four people in South Korea were charged with hacking 120,000 cameras for sexually exploitative footage. Photo / Getty Images

Four people have been charged in South Korea with hacking into tens of thousands of private video cameras in homes and businesses in search of sexually exploitative footage, authorities said.

The Korean National Police Agency said the suspects stole footage from about 120,000 cameras, illegally manipulating and selling hundreds of videos to an overseas-based website.

Two of the suspects combined had contributed more than half of the content on the website, the release said.

They were investigated between November last year and October and did not know each other, Kim Young-woon, chief of the agency’s cyber terror investigation unit, said in an interview.

One of the suspects is charged with producing sexually exploitative content of children and adolescents. Police allege that the footage stolen by that suspect had been stored but not sold.

All four are charged with hacking internet-connected surveillance cameras, and two are charged with selling illegally filmed sexually exploitative material.

Distributing or selling pornography is largely illegal in South Korea. The charge of sexual exploitation is for taking footage of a person’s body against their will, Kim said.

Illegally filmed videos have been a major issue and catalyst for the feminist movement in South Korea – where authorities have cracked down on hidden cameras, known as “molka,” in public places such as swimming pools, hotels and public bathrooms.

One suspect is alleged to have been paid about US$24,000 ($41,000) worth of virtual assets in exchange for the stolen videos and another about US$12,000.

Authorities are also investigating the website operator and people who viewed the footage, the release added.

The hacked cameras were internet protocol (IP) cameras, network-connected cameras that are often cheaper than those that use an analogue closed-circuit system, but that can be less secure because data is transferred over IP networks such as those connected to home Wi-Fi.

The networks that had been broken into were protected with names and passwords that were “found to be simple, consisting of repeated characters or combinations of sequential numbers or letters”, the release said, calling for users of IP cameras to regularly change their passwords.

There have been numerous cases worldwide of IP cameras being hacked.

In Mississippi, the United States, in 2019, a man hacked into a Ring camera in a family home that was installed in a child’s bedroom and spoke to her, including repeatedly directing a racial slur at the child and trying to persuade her to misbehave, according to a copy of the video obtained by the Washington Post.

The family was among several users of the smart cameras nationwide who reported that year that their security systems were infiltrated by hackers who harassed them through Ring’s two-way talk function.

In those cases, the Ring users had set the same usernames and passwords on their accounts as had been exposed in a data breach of another service, the company said at the time.

Sign up to Herald Premium Editor’s Picks, delivered straight to your inbox every Friday. Editor-in-Chief Murray Kirkness picks the week’s best features, interviews and investigations. Sign up for Herald Premium here.