A duo of young hackers have connected to a dozen connected doorbells to send false alarms to the police. They then broadcast the interventions on social networks.
This is a textbook case of piracy. Two young men were arrested last December in the United States after taking control of a dozen connected doorbells from the Ring brand, a subsidiary of Amazon. They then had fun sending false alerts to the police and broadcasting their intervention on social networks from the cameras integrated into these security devices. We are talking about swatting to designate this type of “hoaxes”, which sometimes turn out to be fatal.
To ensure that the police arrive with guns in hand, the hacker duo use the pretext of emergency situations such as parents ready to kill each other or people held hostage. On the spot, the teams discover a family having dinner calmly, under the laughter of the pirates who insult the forces of order through the loudspeaker of the doorbell.
A connection to Yahoo accounts
How two men aged 20 and 21 took control of twelve different devices? By logging into the victim’s account, simply with their username and password. The defendants, Christian Nelson and James Thomas Andrew McCarty claim on the social network Telegram to have used the “brute force” technique: software tries to authenticate itself on a site by testing billions of different combinations until it finds the right one.
You can’t take the young criminals at their word. The American judge indicated that the hackers connected from the Yahoo accounts of the victims. Data leaks leave billions of identifiers on forums and the darknet, and one can perfectly try to connect through the data provided in a file, sometimes for free. Yahoo being one of the oldest email services on the web makes it that much easier to find free access passwords. Both defendants face a maximum sentence of five years in prison.
Several lessons can be learned from this case. The password recommendations, repeated all day long by the media and public services, are not grandmother’s advice to be taken lightly. A complex combination or modified after massive data leaks prevent us from infiltrating our accounts. Then, the proliferation of connected objects increases piracy scenarios. Beyond the hoax, the two hackers could spy on families and harass them on a daily basis. Amazon patched vulnerabilities on Ring devices last August, but as secure as a device can be, once hackers have the credentials in hand, they’ll have no trouble getting in.
