Hacking Civilian Cameras: A New Tactic in Modern Warfare

Recent research from Tel Aviv-based security firm Check Point has unveiled numerous hacking attempts targeting consumer-grade security cameras across the Middle East, coinciding with Iran's missile and drone strikes on countries such as Israel, Qatar, and Cyprus. These efforts, attributed to a hacker group linked to Iranian intelligence, suggest that Iran's military is leveraging civilian surveillance cameras to identify targets, plan attacks, or assess damage from retaliatory strikes against US and Israeli bombings.

This tactic is not unique to Iran. The Israeli military reportedly accessed traffic cameras in Tehran, in collaboration with the CIA, to facilitate an airstrike that killed Iran’s supreme leader, Ayatollah Ali Khamenei. Similarly, in Ukraine, officials have accused Russia of hacking surveillance cameras to guide strikes and monitor troop movements, while Ukrainian hackers have used Russian cameras for similar purposes.

The exploitation of networked civilian cameras is becoming a standard military practice worldwide. Sergey Shykevich, head of threat intelligence research at Check Point, notes that hacking cameras offers direct visibility without the need for costly military resources like satellites, often providing better resolution. This method is straightforward and cost-effective for attackers planning military activities.

Check Point identified attempts to exploit five vulnerabilities in Hikvision and Dahua security cameras, which have been patched but remain due to users' failure to update their systems. These hacking attempts were mainly observed during significant military activities, such as US and Israeli airstrikes on Iran in late February and early March, and protests in Iran in mid-January. Check Point linked these activities to three groups believed to be of Iranian origin, using servers and VPNs previously associated with the Iranian hacker group Handala.

Israel's own cybersecurity efforts have revealed extensive penetration of Tehran's camera systems, aiding in military operations. Israeli intelligence reportedly used traffic camera data to understand the movements of Iranian security around Khamenei, demonstrating the depth of their surveillance capabilities.

The use of hacked civilian cameras as surveillance tools first gained prominence during Russia's war in Ukraine. Ukrainian officials reported Russian forces hacking cameras in Kyiv to gather data for strikes. In response, Ukraine disabled thousands of internet-connected cameras to prevent Russian military use. However, Ukraine has also employed similar tactics, using hacked cameras to monitor Russian military movements.

Peter W. Singer, a military researcher, highlights the advantages of using civilian camera networks for military purposes, noting their cost-effectiveness and the unique perspectives they provide compared to satellites or drones. Hacked cameras offer stealth and ground-level views that are invaluable for reconnaissance and damage assessment.

The challenge in addressing this issue lies in the fact that those capable of securing these cameras often do not experience the consequences of their misuse. Beau Woods, a security researcher, points out that the manufacturers and owners of these devices are not the victims of the surveillance, leaving them with little incentive to address the vulnerabilities.