A Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private videos from vulnerable "wallpad" cameras in 400,000 private households.
The 41-year-old man, who has not been officially named, succeeded in remotely accessing 638 apartment complexes in South Korea. He exploited over 400,000 smart home devices used by residents to operate their video security systems and other domestic functions.
In a posting on a hacking forum in November 2021, the man said he had hacked "most of the apartments in South Korea" and uploaded 45 photos and two videos he had stolen from apartment owners to prove his claims.
The hacker requested 0.1 Bitcoin for video footage from one single day in someone's home.
As news of the data breach spread, a list of claimed hacked apartments was shared widely online. The hacker's content included videos of everyday activities and intimate sexual scenes, prompting people to cover their wallpad cameras, even if their apartment complexes were not known to be affected.
In an attempt to hide his identity, the hacker attempted to cover his digital footprints by using overseas servers to communicate with potential purchasers of the private, sexually-explicit material.
The hacker was arrested by South Korea's national police agency at the end of 2022. Investigators seized computer equipment and found 213 videos and 400,000 photos that had been illegally filmed inside homes through hacked wallpad cameras.
During the court hearing it was revealed that the same man had actually given an interview in Feburary 2019, in which he had demonstrated how simple it was to hack into wallpads - describing them as something that "middle schoolers with basic knowledge of computers can easily hack."
At trial, the man's defense argued the data leak was to publicise the security vulnerabilities of the wallpads, but the Uijeongbu District Court ruled that argument was not accepted as the man had attempted to profit from the stolen sexual footage.
The man has been ordered to complete a sexual crime prevention program and is prohibited from working in institutions related to children, youth, and the disabled for four years, in addition to serving a four-year prison sentence.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 19, 2024
November 14, 2024