The FBI has released a statement regarding pranksters taking over Internet-connected home security video devices in order to live-stream swatting incidents. Swatting is the practice of falsely reporting crimes at the victims’ residence in order to elicit a police response from law enforcement. By accessing the smart devices located at the victims’ residences, pranksters are able to live-stream the victims’ reactions. The FBI warns that threat actors have accessed the video devices via online portals by entering the victim’s commonly used passwords, often because the same password was used for some other service that was previously hacked and leaked on a criminal forum.
As pranksters were gaining access to these accounts through the use of weak credentials or credential reuse, the best solution is to implement stronger practices of authentication. First, Binary Defense recommends using strong, entirely random passwords of at least 16 characters. Instead of trying to memorize passwords, use a password manager such as LastPass or KeePass to store passwords securely. This ensures that users don’t need to remember more passwords than the master password that controls their password manager. Finally, enable Multi-Factor Authentication (MFA) as a requirement to access any important resource, including email accounts and security video monitoring services. If a security product allows online access but does not have an option for MFA, consider switching to a different service.
FBI Alert: https://www.ic3.gov/Media/Y2020/PSA201229
ZDNet coverage: https://www.zdnet.com/article/fbi-pranksters-are-hijacking-smart-devices-to-live-stream-swatting-incidents/
TechSpot coverage: https://www.techspot.com/news/88118-fbi-warns-hackers-taking-over-smart-devices-livestream.html