Bureze Security News for 10-25-2018

10 Weirdest Things Caught On CCTV

Examining CCTV Videos of the Saudi Consulate in Istanbul Connected to Khashoggi’s Disappearance

On October 8, a photograph spread throughout WhatsApp showing Jamal Khashoggi, a Saudi journalist living in Turkey, entering the Saudi consulate in Istanbul through a rear entrance. Later, a video that this photograph was taken from was broadcast on Turkish television, showing that Khashoggi entered the consulate at 1:14 p.m on October 2, assuming the CCTV timestamp is correct. Khashoggi’s fiancee has confirmed that the man in the footage is indeed him. Bellingcat’s Christiaan Triebert has geolocated this footage, verifying that it did indeed show the rear entrance of the Saudi consulate in Istanbul. Geolocation shows it is indeed the north entrance of the Saudi consulate in Istanbul, #Turkey. 

A clearer map showing the location can be found in the New York Times’ timeline of Khashoggi’s disappearance, highlighting the rear entrance to the consulate. While there has not been any evidence that this vehicle was involved in the disappearance of the Saudi journalist, its license plate further verifies the leaked CCTV video. There is another Mercedes vehicle – a Vito – that is allegedly involved with Khashoggi’s murder or kidnapping. This Mercedes Vito left the consulate and arrived at about 200 meters away at the Consulate General’s residence at 3:09pm, about two hours after Khashoggi entered the Saudi consulate. The license plate of this second van, the Mercedes Vito, is 34 CC 1865, with the same four digits and letters as the other van, being registered to an Istanbul consulate. 

With Istanbul being one of the world’s largest and connected cities, there is likely undiscovered digital evidence showing these two vans around the time of Khashoggi’s disappearance and afterwards. If you have findings related to the Khashoggi disappearance – especially with the vans used by the Saudi consulate in Istanbul – tweet at us, message us on Facebook, or email us, and we will amplify and gather contributions across our social media platforms. 

Keywords: [“consulate”,”Khashoggi”,”van”]
Source: https://www.bellingcat.com/news/mena/2018/10/15/examining-cctv-videos-saudi-consulate-istanbul-connected-khashoggis-disappearance/

Closed Circuit Television

Closed Circuit Television is vital in the prevention and detection of crime and antisocial behaviour within town centres. The control room is able to direct police officers to a potential incident whilst broadcasting live images to local police stations and Police HQ to provide an effective and supportive service to the police which ultimately serves the public by reducing crime within the area. Our CCTV operators are vetted at NPPV2 Level to operate the Police airwaves. All operators additionally must qualify and be in possession at all times of their SIA Licenses which allow them to operate a CCTV camera for Public Space Surveillance. The training standards for these licenses are set and governed by the Security Industry Authority who are the issuing authority of all CCTV operator licenses. 

Purpose of CCTV. All CCTV systems are registered with the Information Commissioner. Still images obtained from the recorded data are only produced to help identify persons or property for specific incidents or other permitted data uses, and are subject to the same security of data and destruction rules when no longer required by the data requestor as recorded video data. A large percentage of the cameras monitored by our control room are PTZ cameras and can be controlled by the operator through the use of a joystick and keypad. If cameras are not PTZ then they will be static and fixed on a position where there are high levels of crime or positioned for the protection of assets. 

Under the Data Protection Act everyone has the right to view CCTV images if they themselves are the subject. Arrangements are in place for CCTV to be accessed by the police if it is necessary during a criminal investigation. Please note we cannot provide CCTV footage to you in relation to an investigation that is taking place by the police, you should make your request directly to the police. To make a complaint about the CCTV scheme email: customer. 

Keywords: [“CCTV”,”police”,”data”]
Source: https://www.westsuffolk.gov.uk/community/crime_and_safety/cctv.cfm

World’s largest CCTV maker leaves at least 9 million cameras open to public viewing The Register

Another IoT device vendor has been found to be exposing their products to attackers with basic security lapses. This time, it’s Chinese surveillance camera maker Xiongmai named and shamed this week by researchers with SEC Consult for the poor security in the XMEye P2P Cloud service. Among the problems researchers pointed to were exposed default credentials and unsigned firmware updates that could be delivered via the service. As a result, SEC Consult warns, the cameras could be compromised to do everything from spy on their owners, to carry out botnet instructions and even to serve as an entry point for larger network intrusions. Enabled by default, the P2P Cloud service allows users to remotely connect to devices via either a web browser or an iOS/Android app and control the hardware without needing a local network connection. 

SEC Consult explained, shortcomings in both the devices themselves and the service, such as unencrypted connections and default passwords mean that in many cases, accessing and compromising camera could be a cinch. SEC Consult notes, the Xiongmai devices do not require that firmware updates be signed, meaning it would be possible for an attacker to install malware-laden firmware updates to build a botnet or stage further attacks on the local network. On top of it all, SEC Consult accuses Xiongmai of a pattern of ignoring security warnings and failing to take basic precautions. The research house claims that not only were its latest warnings to the company ignored, but Xiongmai has a history of bad security going all the way back to its days as fodder for the notorious Mirai botnet. The researchers advise companies stop using any OEM hardware that is based on the Xiongmai hardware. 

The devices can be identified by their web interface, error page, or product pages advertising the EMEye service. 

Keywords: [“Xiongmai”,”Consult”,”update”]
Source: https://www.theregister.co.uk/2018/10/09/xiongmai_cctv_fail/
Leave a Reply

Your email address will not be published. Required fields are marked *