ADT techie admits he peeked into women's home security cams thousands of times to watch them undress, have sex One-time ADT security engineer Telesforo Aviles, 35, pleaded guilty to computer fraud in the US after spying on women through their home surveillance cameras. As we reported last year, Aviles added himself as an admin user, using his personal email address, to the accounts of customers' home security systems, giving him full …
Warrants? We ain't got no warrants! We don't need no warrants! I don't have to show you any stinking warrants!
It never fails to amaze that people will pay to install cameras in their bedrooms and bathrooms, and yet are horrified when the footage is abused. I mean if you have to have security / sexurity cameras there then face them to the doors and the windows and remove the microphones.
Equally, when some tawdry tech commits thousands of crimes then they either use their own email address, ip address or credit card. I assume not every miscreant is this daft and the exposed morons are the tip of the iceberg.
Don't blame the users or the cameras, blame the techie (and jail him) and blame ADT.
I don't use a security service but if I did the logical place to break into my house is a rear window. These include the bedroom and bathrooms. They have to include microphones to detect breaking glass.
But the feeds shouldn't be accessible by a random techie when there is no evidence that a break-in has occurred. Plus, a camera model should be available for private areas that is mounted in the ceiling and has limited view.
Of course, that would cut into ADT's profits. I don't have a problem with that but I suspect they would.
You don't need a microphone that records the full range of audio to detect breaking glass. Companies like ADT have been installing audio-based "glass breakage" detectors in security systems for at least the last 20 years from my own personal experience in commercial security systems - as a subscriber, not an installer.
IIRC (from 20 years ago) the sensor listens for some distinct frequency(ies) that shattering glass makes or some such.
This is how security companies have been able to move away from placing sensors on glass or in glass to detect their breakage.
And in some states, it is illegal to record audio inside a business or place of residence without the explicit permission of everyone in there. I won't disclose the state that I am familiar with, but this state is not the only state with such laws.
I had a client who installed some Nest cameras in their business years ago... I knew what the camera's capabilities were at the time, and informed the business owner that its deployment there placed the business in jeopardy of state law. And we won't go into how microphones, accounting departments and PCI-DSS comes in to play....
Indeed, glass break detectors can be quite sensitive. I discovered this our first winter with one when a pot fell off the drying rack, and landed on the kitchen floor about three feet down. I noticed also the next or a later summer when I forgot to turn off the security system before I tapped down the lid on a paint can, and woke the household.
Indeed, glass break detectors can be quite sensitive.
Yup, they can make people jump. Like me, when detectors were being installed in an office I worked in. Installer had a gizmo that played the sounds of various glass breaking. Which sounded like someone was having a really bad (or fun) day smashing up everything in the kitchen. EvilMe(tm) promptly pondered what fun one could have with said gizmo, if detectors would trigger when it was played outside a window.
I had an uncle who was one of those "Dilbert" type engineers and built a glass breakage based home security system. It worked quite well, detecting glass breakage and sounding a Klaxon designed for a much larger space. There was an easy to use control box in the kitchen to turn it off. One morning my aunt wandered into the kitchen, and being half-asleep forgot to turn off the alarm. She went over to the Mr. Coffee, got herself a cup, and sat down at the table. Lifted the china cup, took a sip, and set it down on the china saucer. Well the resonance of the coffee in the cup with the noise of the cup hitting the saucer it sounded just like breaking glass, and on went the Klaxon. In less than a second the coffee was broadcast all over the kitchen, the china cup and saucer was shattered, aunty was on the floor, and in came my uncle with his big-gigantic pistol ready for business. Nothing bad came of the episode, but from then on aunty drank coffee from a plastic mug and the Klaxon was replaced by something less noisy.
Well sure, just as you can rightfully blame the car thief for stealing your car - but if you parked it unlocked in a dark alley with the keys in the ignition, you must also bear a large amount of responsibility for an occurance that was foreseeably very likely.
If you have cameras that are connected directly or indirectly to the Internet, then you should work on the assumption that anyone will be able to access them, and set them up accordingly. If you really believe it is necessary for them to monitor areas where people will want to have privacy, then ensure that they are only switched on when those rooms are unoccupied.
If explicit videos of your family appear on a sordid web site, then you can try explaining to them that it is not your fault for installing cameras in their bedrooms and bathroom, but I have a feeling that they will blame you nevertheless, and you could well find yourself without a family.
Besides which, if a visitor notices that you have a camera set up to view them when they use your bathroom, you could find yourself being prosecuted no matter how innocent your motives. After all, just how comfortable would *you* feel if you see a camera in a hotel bathroom while taking a shower?
but your security company.
Signing up with a security company is an act of trust. You trust the company and all of its employees to respect your privacy and protect your belongings.
This is a case of a rogue techie. One asshole does not change my opinion of the security industry in general - they are there to help, for a fee.
I have an alarm system installed, some of the motion detectors have cameras. I have been told that the surveillance personnel cannot access the cameras, they only get the pictures that are sent by the detector when the alarm system is active. I trust that they are telling me the truth.
Aside from that, the detectors are not installed in any given room. They are covering hallways, the garage, the living room, the dining room, etc. Places where thieves have to cross, or will go to because that's where the loot is (TV, audio, etc).
Why would you put a motion detector in the bedroom ? The thief has to go through the hallway to get there and that's all you need to know.
It would be best to give Aviles a couple of months in jail, then all the abused users will sue ADT. If they get sued then ADT will have to work hard at making sure this can never happen again. Jailing Aviles for years means that ADT will say that it wasn't their fault and don't have to make sure it doesn't happen again.
This is not an "anti-ADT" comment, it's a universal comment that applies everywhere.
Why not both? Not jailing him for a sufficient length of time will send a message of condoning that conduct. And ADT can probably reduce their liability somewhat but I suspect a good plaintiff's lawyer will find evidence pointing to his predatory nature.
Maybe a short time in jail will persuade him to behave better when he's released - he will learn that he was stupid and have to live with the consequences so he's likely to try and move on in life, not backwards.
Punishing someones stupidity with a long jail sentence is better than cutting their hands off, but not that much of an improvement in persuading them to reform their behavior.
If you read the tid bit, they *ARE* suing ADT and jail time is pretty much a certainty.
If you want a home security system that isn't accessible by anyone else.. you need to build it yourself. or go with systems from SimplySafe where you get to decide what components are being put in place and where in the house.
Of course SimplySafe itself has issues and risks too. But the whole point of the system is to act as a deterrence because most crooks will go to what seems to be an unprotected house.
Note: A 60lb furry friend w teeth can also act as deterrent too. ;-)
Some people want the security of always on. And alerts when there's a motion detector going off. Of course the notion of no one can see unless the alarm went off is BS. The camera is on.
And no, I wouldn't put a camera in the bedroom either.
> You trust the company and all of its employees to respect your privacy and protect your belongings.
Even it you happen to do, it is not enough. You also need to trust the manufacturers of all involved equipment to not put any stupid backdoors there and support it the entire lifetime and fix bugs when they are – inevitably – found. You need to trust the company to not be hacked or just acquired by another company. You need to believe the backdoors that were installed upon requests from three letter agencies to be not misused. Etc.
Once something is digital, it will leak. The only exception is precious data you did not back up – then it will become corrupted and you will find the entire multiverse does not contain another copy.
"Why would you put a motion detector in the bedroom ? The thief has to go through the hallway to get there and that's all you need to know."
You seem to be assuming that every bedroom is somewhere other than the ground floor. Sometimes bedrooms are on the ground floor. That's the most likely place to find jewellery etc.
Bedrooms should preferably not be accessible except by going through the house. If not, then maybe put burglar bars on the windows or otherwise prevent access. It is far better to prevent access in the first place than to detect the crime after the event.
And you just cut off your fire escape route.
You're also assuming a house rather than a flat.
I have IP enabled cameras, but the recording is all on site.
I am currently also monitoring a building site - with again, the recording on site, but with images pulled off to other servers under my control at regular intervals, and a backup disk removed from the site at regular (but less frequent) intervals.
I am also painfully aware that having non monitored CCTV is of relatively little use, at least in terms of crime prevention. Once we don't have builders on site regularly I can set up active monitoring so that we can look at the images as and when we get an alert (or better yet, check the image in the email and the video clip uploaded to an offsite server). Being able to phone the police and tell them a crime is in progress is much more useful than saying that you have footage from a week ago.
Even more - I am very aware that my IT skills are what make the above possible. For most people it simply isn't an option, so they have to trust a dedicated security company (and ADT would be amongst those most would consider trustworthy).
Got to wonder what the point of such a security system actually is. If you've got it linked to a 3rd party company acting on your behalf whenever someone breaks in, in a rapid response style then I can understand it. But in that scenario you're effectively letting them into your home 24 hours a day so that's a huge amount of trust you're placing in them. You've got to acknowledge that they'll see a lot of your private life. If the cameras are just for recording for evidence then should be closed circuit but I can't see the benefit in that either as any burglar is going to be wearing a disguise.
That ADT staff member was naughty though, but people will be.
"any burglar is going to be wearing a disguise"
You overestimate the intelligence of most burglars. They aren't even smart enough to wear a black striped shirt and eyemask most of the time.
Once indoors a 1080p camera is reasonably good, but outdoors the picture quality is great until you need to zoom in to something the size of a face when your camera covers a 40m wide field of view...
"
... it should simply be impossible to access by anyone else..
"
Once you have a camera that is capable of streaming or recording video, then there is no such thing as "impossible". Even if it is a closed system, others will be able to tap into it or steal copies of the recordings, so you are looking at probabilities rather than possibilities.
A government is bound by a different set of laws, all grounded in the Constitution (at least here in the States). A private person or company isn't, as exemplified by all the commotion with Fecesbook/Twatter/Farter in recent weeks.
A government should be free to use whatever sources of information that is out there, be it from commercially available information or through their own intelligence gathering. However, they must abide by same rules for either with respect to building a case against a person. The reason is that if the same rules aren't applied in both cases, we open ourselves to allow the Government to idly surveil citizens without cause and without oversight by the courts by allowing them unfettered access to private data.
Otherwise, the government will simply bypass our (the citizen) Constitutional protections against search by going to a commercial entity for all its intelligence gathering, instead of going through the obviously more difficult process of seeking a Court's permission to gather evidence and build a criminal case against someone.
As to your last point... that's a wonderful question and really is at the crux of the matter here.
The government is bound by the same laws that we also follow.
(You need to learn more about the law.) The laws may govern different entities differently based on their classification, but its still the same law.
What you fail to grasp are the laws governing the 4th, 5th and if memory serves the 14th as well.
In the 70's SCOTUS ruled that there was no expectation of privacy because the metadata is owned by the phone company and its used for multiple purposes. (e.g. your itemized usage bills)
The Carpenter ruling is an interesting case. Roberts apparently got it wrong. (Again)
There is no expectation of privacy for the same reasons. But at the same time... there could be a certain amount of reasonableness as to how much data could be provided without a warrant.
The issue isn't as clear cut as one would think. And your simplification is just plain wrong.
Sorry.
Because governments have to abide by stricter rules than individuals, because they can do a lot more harm with that information than an individual can. The same is true of companies (the Data Protection Act does not apply to individuals for example). If you invite a neighbour into your home, they will not commit a crime if they were to look through your cupboards and drawers without permission, but if you invite a police officer into your home, they are not permitted to do the same unless they have a search warrant.
I don't see the problem. If the police have a *valid* reason for needing the data, then they can easily get a warrant, after which they can get the data either through official channels or from the commercial services.
Exactly.
If the company is legally selling the information, then you have no expectation of privacy and therefore they didn't break any laws or infringed on your constitutional rights.
Don't blame the DIA but blame Congress.
But if you want to dig deeper...
There are SCOTUS cases from the 70's that dealt with this issue.
What makes it interesting is that your cellphone tracks more information that wasn't relevant in the days of static lines. Meaning that they already knew the position of the telephone number in question.
If you get mad at the actions of the DIA... why not get mad at Google, FB or any of the other major tech players who capture much more information on you?
I have a friend that has Amazon kit spying on everything she does in the house. I have given up pointing out the security risks. Her answer is on the lines of “but I have a password” followed up by “who would be interested in me anyway?” and then (depressingly quickly) “oh well” and carries on regardless. The thing is most people just don’t care or don’t want to care. It’s the same psychology that lets googlies and faecesbook thrive. As a species we absolutely deserve to die out - stupidity and wilful ignorance seems to be the norm
But who would ever guess the password "DoNotL00k!"
If you want it to be private and it doesn't have 2FA then passwords will be guessed.
Maybe not today, maybe not tomorrow but at some stage your super secret password that's 20 characters long that only you could remember will be lost in a password dump and it and all the obvious variations will be childsplay.
Last time I got a hair cut the young and attractive hairdresser was idly chatting (seems to be a job requirement) about her new Alexa device in her bedroom. I commented that it must overhear a lot when her boyfriend visits and she went bright red and the older hairdresser just laughed.
She really had not thought through what those devices are capable of.
There's also a distinct social component to the (flawed) decision processes going on here, and needs to be accounted for.
Here in America the Great, Stupid Unwashed have been brainwashed for DECADES that Business is Good (tm). So, a *business* offering in-house security cameras, *in private rooms*, to assist in negating your deepest [paranoid] fears?
Sign me up.
But the government? Placing cameras in vulnerable locations to oversee you?
We need to doubt.
In Europe, the brainwashing isn't complete (yet). Alexa? Private corporations 'looking out for your interests'?
In a pigs eye I'll believe that immediately.
So you still have a healthy scepticism of promises attached to profit motives.
Not so much in America.
So the fools love to sign on those dotted lines.
The thing is, it's not even a case of not thinking it through. Amazon openly states that they have thousands of people employed for the sole purpose of listening to your recordings, and that those recordings frequently occur at essentially random times without any intended activation. Indeed, the fact that unintended activations happen is a large part of the reason they need to have real people listen to them to figure out how to make it happen less often. In addition, they been forced to own up several times to sending private recordings to other random users when some system or another has screwed up.
So it's not that no-one has realised what could potentially happen, they willfully ignore what they have explicitly been told is happening. As another commentard noted, any explanation of the problems is very quickly met with an "Oh well" shrug and everyone just carries on regardless. It's a fundamental issue with human psychology - we're utterly terrible at risk assessment and management, and the more abstract the risk is, the worse we are at recognising and handling it. Everyone claims to care about their personal information, but try pointing out that a device they've actively paid money for is openly recording them and sending their private conversations to strangers right now, and the brain just blanks the whole thing out and carries on without a care in the world.
Camera is in home.
Camera is internet connected.
Camera is serviced by third-party.
Join the dots, it's not hard, no matter WHAT measures the company takes, it's going to happen.
So stop doing one of the three.
(P.S. Just bought TPLink Tapo cameras cheap on Amazon. Cloud-capable (but not required). Full local RTSP stream. And they all face AWAY from my house.)
My car.
My entrance to the property.
The exterior to the property, including window access.
Let me simplify this for you: If someone is already inside the house, it's game-over, whether you're at home or not.
I manage CCTV as part of my job, and 90+% of cameras are external, the rest are on entrances that you have to cross to get to the internal buildings. Not quite sure what you think recording of the inside of your own house is going to show/do, to be honest.
Or are you one of those people who thinks that a single frame of CCTV will instantly and conclusively identify the burglar with zero investigation needed? Hint: 20 years managing work CCTV systems, a dozen police-related incidents with submitted evidence, zero convictions. It's called a black hoodie and don't-look-at-the-camera.
My own personal home system has a better record than that, with random incidents in its scope like neighbours being burgled and cars damaged, etc.
I detest blaming the victim because people should be allowed to be as silly as they like without being taken advantage of. At the same time consider me unsurprised.
There have been plenty of warnings that this would happen the second you allow cameras and/or microphones into your home, but the claims by corporations that this couldn't happen should be part of the criminal investigation as well as the one employee who did wrong/got caught.
There's absolutely no need for the camera images to be accessible outside the house, live or otherwise. Being able to watch the burglars live isn't going to be of any help. The images can be used later for evidence.
Some may say that live access by the alarm company helps mitigate against calling Police out to false alarms. But that seems like a very, very expensive method of reducing false alarms, money that would be better spent perfecting the systems themselves. Of course, this doesn't matter to the alarm company, because they outsourced the costs to the customer under the guise of "look, shiny! You can watch your house being burgled live on your mobile phone!"
There's absolutely no need for the camera images to be accessible outside the house, live or otherwise. Being able to watch the burglars live isn't going to be of any help. The images can be used later for evidence.
I kind of disagree, an offsite backup* of these data would be very sensible, A burglar could well pinch your PC or NAS recording the images; or even pinch the camera if it records to an SD card.
* Of course I mean a system with decent security, not one that lets a pervy employee watch.
"* Of course I mean a system with decent security, not one that lets a pervy employee watch."
That goes without saying of course :-) On the other hand, if it's a professionally installed system, then it's not going to storing to your personal PC or NAS, It's going to be storing to a supplied box which ought to be secured somewhere safe. All part of building a proper secure system if, as per the article, you are going for a commercial, 24/7 monitored system.
@John Brown
I'm not convinced by your dismissal of the use of live video to reduce unnecessary responses to false alarms. It's not excessively expensive and isn't restricted to commercial monitoring services. For example if my Ring alarm system tells me it's detected motion in my hallway when I'm away from home, there's little I can do with just that information apart from worry until I can get home. However, if I can remotely check a live video feed of my hallway, I can then either relax and carry on with what I was doing, or call the police.
And I don't see how money that consumers might spend on CCTV relates to money spent by manufacturers on alarm system development.
"
I detest blaming the victim because people should be allowed to be as silly as they like without being taken advantage of.
"
I agree. And there should be World peace. And we should not have to watch out for idiots on the road. And there should never be any famines. People in third World countries should get the same medical care as we do. All governments should be benevolent. Everyone should have the same opportunities in life.
But you would be wise to behave in accordance with reality rather than how you would like things to be.
I thought this business of buying information from private brokers dated back to 2001, this was one of the things that came out of the World Trade Center attacks. Obviously nobody was paying attention to what government spokespeople were saying at that time. Government had realized back then that data brokers had far more and better quality information than the best spy networks so why waste the effort when the product is already ready made?
Using private companies has several benefits. Take ANPR, for example. This is routine in the UK -- government collects license plate information and store it to track where you've been and whether you're behaving yourself. This isn't possible in the US because of our Bill of Rights. However, there's absolutely nothing stopping a private corproation from collecting ANPR data, storing it for as long as they want and then selling it to governments as they need it. Which is exactly what happens in the US -- we were only late to the ANPR party because mandating machine readable license plates would have run into legal challenges so we had to wait for technology to catch up a bit. Its probably the same with facial recognition -- government can't collect and track faces but corporations can. Quite the win/win for everyone (except maybe 'we, the people').
"most users of websites like MyFreeCams would undoubtedly prefer to remain anonymous"
Just use an email address that is specific to the site rather than the one you share with you wife, then only Google will know about your browsing habits through your gmail account, telemetry from your browser and because you Googled the site rather than typed the link.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
