Cloudflare himself explains the case where all surveillance cameras in Cloudflare were hacked
by
Verkada , a startup that operates surveillance cameras installed in large companies such as Cloudflare and Tesla and public institutions such as hospitals, police, and schools, was hacked and the images of all surveillance cameras operated by the company were leaked. It has occurred. The victim Cloudflare himself explains the circumstances and damage situation of this incident.
About the March 8 & 9, 2021 Verkada camera hack
https://blog.cloudflare.com/about-the-march-8-9-2021-verkada-camera-hack/
On March 8, 2020, an incident occurred in which the startup Verkada, which handles cloud management services for surveillance cameras, was hacked and images from surveillance cameras such as Coudflare, Tesla, hospitals, prisons, and schools were leaked. One of the criminal groups claimed to have access to full recorded data as well as real-time footage from all surveillance cameras.
150,000 surveillance cameras such as Tesla and Cloudflare were hacked and video leaked, damaging not only companies but also schools and hospitals --GIGAZINE
Regarding this incident, Cloudflare posted a report on the circumstances and damage situation of the incident on its blog on March 11, 2021.
Although some reports reported that customer data and databases were leaked, hackers could only access the 'surveillance camera related' part, and Cloudflare's customer data and databases were not affected at all. Cloudflare is clear. In addition, regarding the report that 'Cloudflare uses the face recognition function of the surveillance camera made by Verkada', 'I do not use it at all'.
Regarding its own security, Cloudflare emphasized that the internal system was protected by 'Zero Trust ', which requires authentication and authorization for each access and confirmation of reliability. Cloudflare also provides customers with services that employ Zero Trust, so it is a form that strongly insists on the usefulness of Zero Trust.
Cloudflare also 'refuted' the criminal group's allegations. At the time of writing the article, the tweet in question could not be confirmed because the account was frozen, but Tillie Kottmann, who belongs to the criminal group, claimed on Twitter that he 'accessed the laptop of Matthew Prince, CEO of Cloudflare' immediately after the incident. was doing.
However, according to Cloudflare, this claim is considered a lie. First, because CEO Prince hasn't been to the San Francisco office as part of his response to the new coronavirus infection, this attack on the San Francisco office won't give him access to his laptop. .. Second, even if a hacker can access your laptop, it's impossible
'I got a root shell in Cloudflare's network,' Kottmann said.
In this regard, Cloudflare says, 'It sounds scary, but we don't believe in corporate networks. We use products like Cloudflare Access to control access to resources. Networks are important. Access control is important, not the case, 'he said, saying that even if he had a root shell in the network, it wouldn't affect many people as long as he adopted Zerotrust.
It also explains the video leaked by Cloudflare. According to Cloudflare, the hacker downloaded video recordings of two surveillance cameras installed in the lobby of Cloudflare's San Francisco office in an attack on Verkada. The downloaded video recording was until July 13, 2020, and the still image was as follows.
Tesla, which was mentioned with Cloudflare as a large company damaged by the Verkada incident, said, 'In China, only one factory in Henan province owned by a contracted supplier was damaged in Shanghai. Giga factory and showroom is irrelevant ' comment has been.
In response to a series of incidents, Bloomberg reported the testimony of a former employee that 'Verkada was able to access privileged administrator accounts even for sales department employees and internship students.' It raises questions about the company's security awareness.
Related Posts:
in Web Service, Security, Posted by darkhorse_log