WikiLeaks discloses CIA IP camera hack

The whistleblower organization’s news that CIA was targeting IP cameras highlights how vulnerable they are to exploits.

Brian Buntz

August 8, 2017

2 Min Read
Wikileaks' camera hack disclosure

Many heist movies have a familiar plot device. A savvy criminal team, with an eye on jewels or a bank vault, will identify a surveillance camera guarding their target. They will then devise a plan to spoof camera footage, fooling unsuspecting security guards into believing that everything is normal as the thieves make off with their loot. The basic script is so familiar in the heist genre that it has become a cliché.

But it just so happens that the CIA has used a similar technique, which it code-named Dumbo, according to documents released by WikiLeaks. The Dumbo instruction manual explains that, before the spy agency sends a team of officers into a building, they can shut off Internet Protocol (IP) cameras or microphones within, corrupt video footage or “deter home security systems that may identify officers or prevent operations.” The last of the files on the WikiLeaks website relating to the IP camera hack date from July 2015 while the earliest documents are from 2012.

It is not the first IoT-related exploit that WikiLeaks has recently released related to the CIA. Earlier this year, the whistleblower agency released a trove of other files purportedly from the CIA, including malware known as Weeping Angel that gives intelligence officials the ability to secretly listen to the microphone found within Samsung smart TVs. The documents for both the Dumbo and Weeping Angel exploits explain that a USB thumb drive is required to launch the attacks.

[IoT Security Summit, co-located with Blockchain360 and Cloud Security Summit, explores how industry-wide security, privacy and trust can be established to unlock the full potential of IoT. Get your ticket now.]

Earlier, WikiLeaks announced it had posted a CIA document dating from 2014 mentioning the agency’s intent to potentially target vehicles, industrial control systems and, more broadly, “The Things in the Internet of Things.”

It’s perhaps not surprising that the CIA would develop exploits for IP cameras. Security experts have been working on IP camera hacks for years.

In 2013, Craig Heffner, a security researcher who formerly worked at the National Security Agency found vulnerabilities in IP cameras from a range of vendors. “It’s a significant threat,” he told Reuters. “Somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.”

Two years later, independent cybersecurity engineers Van Albert and Zach Banks demonstrated at the Defcon security conference how they were able to loop surveillance cameras hooked up to an Ethernet cable.

IP cameras, along with routers and DVRs, were also one of the most common types of devices behind the 2016 Mirai botnet, which caused significant internet outages in the United States and Europe.

About the Author(s)

Brian Buntz

Brian is a veteran journalist with more than ten years’ experience covering an array of technologies including the Internet of Things, 3-D printing, and cybersecurity. Before coming to Penton and later Informa, he served as the editor-in-chief of UBM’s Qmed where he overhauled the brand’s news coverage and helped to grow the site’s traffic volume dramatically. He had previously held managing editor roles on the company’s medical device technology publications including European Medical Device Technology (EMDT) and Medical Device & Diagnostics Industry (MD+DI), and had served as editor-in-chief of Medical Product Manufacturing News (MPMN).

At UBM, Brian also worked closely with the company’s events group on speaker selection and direction and played an important role in cementing famed futurist Ray Kurzweil as a keynote speaker at the 2016 Medical Design & Manufacturing West event in Anaheim. An article of his was also prominently on, a website dedicated to Kurzweil’s ideas.

Multilingual, Brian has an M.A. degree in German from the University of Oklahoma.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like