Title seems a bit disingenuous; a professional pen tester getting a live feed from a camera on a police car does not constitute a "hacker pwning a police cruiser", and whether he would live to tell the tale doesn't appear to have been in doubt.
If I write a blog post about going to the grocer's, should I post it to HN with the title "hacker infiltrates local business, lives to tell the tale"?
> If I write a blog post about going to the grocer's, should I post it to HN with the title "hacker infiltrates local business, lives to tell the tale"?
If you want to get a lot of points on HN, then I guess that's what you should do. Alternatively, here are some other ideas:
Every time I feel like I've got a grasp on just how insecure things are on the Internet, it's like someone hits me over the head with slice of lemon, wrapped around a large gold brick.
To be fair, 90% of them are just webcams of tourist destinations, they're probably linked from travel agency homepages. Google has to get to them somehow.
Sometimes though, you get one of someones office. Just very occasionally, you hit one with the controls to move the thing around, and you can make it wave at people and watch them freak out.
Found a live one of a busy intersection. Started panning around, then the camera moved on its own, and went black - right before I caught a brief image of a hand grabbing it.
Heh - it was easy to bypass ww.com's security in the past to view private cams (sorry jacquesm - don't know if that's still the case - we're talking 5ish years ago ;)). Being a voyeur is far too simple with the state of technology.
Our company had a security system installed with cameras and DVR. About a week after it was installed I scanned the internal network and found the device. Googled for the open port detected and found the software to access the device. Upon connecting to the device it asked for a user and password. I didn't enter any and it logged me in. I had control of the device. It's scary what "security" companies install on your network.
Which would be quite entertaining if what you encountered was really a honeytrap, looking for the identities of the more, um, inquisitive folks on the local network.
What troubles me about this story is not so much the lack of security protecting the camera's and the DVR, but the fact the police department was wasting scarce IPv4 addresses on laptops and security cameras. These devices should have been on a private internal network with private IP addresses.
So it would give us another month or two until some LIR would exhaust their IPv4 pool?
All this "save the scarce IPv4" thing is just a procrastination to delay the inevitable. While the transition is painful, we just can't keep IPv4 forever. Numbers are cruel sometimes.
"The ability for civilians to secretly spy on officers responding to calls could have serious consequences for their safety."
These are public employees performing a public duty. Unless there are extenuating circumstances, maybe a SWAT raid or something, the public should have access to this data to ensure that public employees are serving the public good. At the bare minimum it should be available within hours of it's creation.
Routine traffic stops? Police abusing their powers? This should definitely be made available to the public if it is recorded. Justice must not only be done, it must be seen to be done.
We have the technology to go big brother on government, why are we letting them go big brother on us?
Maybe I'm mistaken, but I detect a note of disparagement toward our civil servants who have signed up for a job that puts them in harm's way. Maybe, as a military veteran, I'm over-sensitive/biased, but the tone is unnecessary to your point.
That said, I totally agree, and the thought occurred to me, too, while reading tfa that these recordings should be publicly available if not broadcast in real time.
I thought of that, too, and yeah, you'd probably need a kill-switch for situations like that, but a panopticon for uniformed police strikes me as a great way to let everyone watch the watchmen, a badly needed check on an easily abusable authority. Maybe you're right, though, I guess real-time isn't really necessary.
You're certainly not mistaken, I'm not a believer in that dulce et decorum est pro patria mori stuff.
I'd be pretty pissed off too if I was a military vet. The recruiters tell a bunch of lies to young idealistic kids who've been put through 13 years of indoctrination from a system designed to train them to be soliders and factory workers. Then the recruiter comes and tells them they can be a hero to their country and maybe get to attend college. When the kid gets back with their legs blown off no one gives a shit because they were sent off to fight a war that no one but civil servants believe in.
All this so that a defense contractor has an excuse to sell weapons.
It's frankly disgusting. I'm sorry if our system suckered anyone into a raw deal, I had nothing to do with it's establishment. Upon a plain reading of the constitution one who was going to serve in the military would believe that they could only be deployed by consent of congress which is not what happens in practice.
You've presented justifications for jaded cynicism toward the system, but none for disparagement or condescension to those who serve.
Yes, I was a young idealistic kid. Yes, I was lied to by recruiters. Sure, I was arguably indoctrinated by the system. You're free to be cynical about whatever you wish, of course, but that doesn't preclude you from acknowledging and respecting the special sacrifice I and many others have chosen, does it?
Please don't take this as an emotionally loaded attack; I'm not actually particularly offended by your sentiment, but I am interested in the perspective from which it comes.
My background is Bavarian, my grandfather served in WW2. He sacrificed himself for his country, but the sacrifice was not in aid of humanity. My family spoke openly about the disdain for the gov't of Germany and what they made everyone go through and the tough choices that need to be made between their allegiance to their country and their allegiance to humanity.
I never got to speak to my Grandfather about the details of it how to juxtapose service for one's country but against humanity. Suffice it to say that my father refused Canadian citizenship because he felt the idea of swearing allegiance to a person (the Queen) was abhorrent and that no person should be regarded in that esteem. To swear allegiance to the Queen was to undermine every reason why my family left Germany. It was very difficult for me to sign my passport because I knew that to do so would be to bind myself to the Queen and the idea that not all men are created equal, but I also knew that after 9/11 I could never leave Canada with out doing so. So I swallowed my principles like my grandfather before me and went along with the system.
The lesson to me was you don't ally yourself to a country, you ally yourself to humanity.
My father also spoke of the generosity of American soldiers and giving him candy bars, and always held America in high regard for things like the Marshall Aid plan. He also told me about hiding during bombing raids, but always felt it was a necessary evil, even when a bomb landed in the front of his apartment block. It was never in anger but it was an unspoken understanding that this was a necessary evil to eliminate a greater evil. Especially since my dad lived in Regensburg at the time and it had a ball bearing factory so it was essential that the factory be destroyed.
It sounds to me like you're somewhat conflicted, but your overall point is that your respect for sacrifice is contingent on the thing the sacrifice is for. That's totally fair.
I'm an immigrant to the US and enlisted in no small part because I believe that the interest of the US is largely aligned with the interest of humanity, because at the core of the US are ideals that have been a beacon of light in the world. I know historically that the light has been very obscured many times, and as an infantryman on the ground, I've personally walked in those shadows, and they are dark, but I can keep my head high because I know that light is there somewhere.
That may be so but the ability to also modify the feed is a huge problem. It jeopardizes our law enforcement system by bringing into question the chain of custody for the evidence presented in a case.
Here's an old (2005) video of Kevin Rose building and demonstrating a handheld "war spying" device to sniff wireless security cameras. http://revision3.com/systm/warspyingbox/ Some vulnerabilities are just a lot of fun to exploit :)
If I write a blog post about going to the grocer's, should I post it to HN with the title "hacker infiltrates local business, lives to tell the tale"?