Image: Verkada
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Advertisement
From the spreadsheet itself, it is not clear which specific customers are deploying Verkada's facial recognition capabilities. But those features appear to be basic functions of the camera, and not add-ons. Verkada's website advertises that "all" of its cameras include "Smart Edge-Based Analytics," referring to the cameras' facial recognition, person identification, and vehicle analysis tools. It adds the cameras can detect “meaningful events,” which can mean unusual activity and “unusual motion” as determined by the camera’s AI. After detecting faces, a companion web app allows the camera’s administrator to search over time for footage that includes that specific person.Kottman dubbed the group responsible for the hack "APT-69420 Arson Cats," in the online chat with Motherboard.In October, Motherboard reported on how Verkada employees abused their own surveillance cameras installed in the company office to harass coworkers, including joking about women colleagues identified by the cameras and making sexually explicit jokes about them. Initially, the company did not fire the respective employees. In the wake of that article, Verkada's CEO and co-founder Filip Kaliszan said the company had changed its decision and terminated the employees.In recent months, Verkada has advertised its cameras as a useful tool for offices who are returning to work during the COVID-19 pandemic, arguing that its cameras can be used to detect when rooms are over a certain capacity, can be used to restrict access to meeting rooms, and can be used for contact tracing.A Verkada spokesperson told Motherboard in an email that "We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement."Update: This piece has been updated to include a statement from Verkada.Subscribe to our cybersecurity podcast CYBER, here.Do you know anything else about the Verkada breach, or any other surveillance company? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.