They violated video surveillance systems to spy on homes and gyms. Then they sold the videos for 20 euros on Telegram: under investigation- breaking latest news

They entered the network of surveillance cameras installed in homes and common areas of gyms and swimming pools. In this way they were able to “divert” the images to external servers and resell via chat all over the world, to several thousand customers, the videos showing intimate moments or stolen sex scenes. Among the images also those of children so much so that the Milan prosecutor’s office is evaluating possible crime profiles related to child pornography (currently not contested). There are eleven suspects, for various reasons, for abusive access to the computer system and criminal association. Ten searches were carried out on the morning of Wednesday 8 June in various Italian locations (Rome, Ragusa, Trieste, Milan, Maranello, Alessandria). However, one of the suspects, of Ukrainian origin, is nowhere to be found. This is the result of the “Rear Window” operation of the postal police coordinated by the Milan prosecutor’s office.

“VKontakte”

Two criminal groups spied on unsuspecting citizens and the images were then sold online for 20 euro through chats created on «VKontakte», abbreviated VK, known as the Russian version of Facebook and Telegram. By paying another 20 euros it was then possible to access a “Vip” version that allowed users to directly obtain the passwords for accessing the individual cameras violated in a sort of personalized voyeurism direction. On the Telegram chat, the group was presented to users in this way: “Welcome to the first channel in Europe dedicated to spycams. A maxi archive dedicated to the world of cameras where you can find unique material: apartments, nudist beaches, hotels, gyms, swimming pools, nightclubs, bathrooms … ».

Ten cities in Italy

Payments could be made via Paypal or cryptocurrency: «Access costs 20 euros and is forever. The channel is constantly updated », the creators advertised it. Postal investigators have discovered the phenomenon thanks to a citizen’s report who recognized a video shot in the locker room of a swimming pool in Brianza and the developments of the forensic analysis carried out on the smartphone seized from one of the suspects in another criminal case on child pornography crimes that started from the New Zealand police report.

Criminal association

Within the two criminal groups, the suspects had well-defined roles and tasks. The most experienced in computer science scanned the net at the search for video surveillance systems connected to the internetonce identified, they attacked them and, under certain conditions, discovered the passwords of the NVRs (the digital video recorders to which video surveillance cameras are normally connected) and accessed the private systems. Once the access credentials were collected, it was the task of other members of the criminal groups check the type of systems, the environments framed and the quality of the footage, to identify cameras that film particularly “intimate” places, such as bathrooms and bedrooms.

Changing rooms for gyms and swimming pools

The ultimate goal was to steal images that portrayed the victims during sexual intercourse or acts of autoeroticism. In some cases, the images referred to cameras installed in hotels, doctors’ offices and locker rooms in gyms and swimming pools. At the end of the selection, the access credentials were entrusted to other accomplices who, through online “showcases” created ad hoc, put them up for sale on the network. Illicit proceeds were reinvested in the purchase of ever more up-to-date software for carrying out cyber attacks. One group had also invested 50,000 euros in bitcoin.

The searches

Upon completion of the searches, the investigators have 10 smartphones, 3 workstations, 5 laptops, 12 hard disks and various cloud spaces were seized, for a total storage capacity of over 50 terabytes. “This is a worrying and particularly widespread phenomenon. This is just the tip of the iceberg “, said the deputy prosecutor Eugenio Fusco:” The cameras can be easily hacked, especially the cheaper systems. In this way the organization could enter into the most intimate life of the people ».

The investigation

The investigation was also coordinated by the deputy prosecutor Letizia Mannella and by the substitutes Bianca Maria Baj Macario, Giovanni Tarzia and Francesca Gentilini. Some of the suspects incorrectly boasted of the inefficiency of the investigations, arguing that even in the event of a “report” the police forces would have avoided embarking on complex computer investigations. The leaders of the Milan postal police, Tiziana Liguori and Rocco Nardulli, have also drawn up a sort of decalogue aimed at citizens who have surveillance camera systems connected to the network. One of the most risky aspects concerns passwords that are often not changed compared to the default installation ones, but also system updates that are not carried out by users.

Installing the cameras

Another risk factor is the place of installation of the cameras: «Avoid bedrooms, bathrooms and sensitive rooms». And the postal service does not recommend using these systems for child surveillance: «Better to rely on specific products produced for that purpose that are not connected to the Internet». The current video surveillance systems, in fact, are in effect computer systems connected to the Internet and, as such, are exposed to the physiological dangers of the network.

Software updates

The systems therefore require constant software updates to eliminate system vulnerabilities and, of course, must be configured appropriately. For example, it is preferable to inhibit web access for remote control of cameras and opt for “peer to peer” systems via the cloud (provided, however, that you are oriented towards devices made by leading companies in the sector, absolutely avoiding products that can be purchased online at low cost). “Furthermore, even if it may seem obvious and trivial, it is always recommended to change the default password for access to the configuration interface – choosing a strong one, containing at least eight characters, with lowercase, uppercase letters (possibly not at top), numbers and special characters – and orient the cameras so as not to frame bathrooms, bedrooms and other “sensitive” environments for the intimacy of people.

If you want to stay updated on news from Milan and Lombardy, subscribe for free to the Corriere Milano newsletter. It arrives every Saturday in your mailbox at 7am. That’s enough
click here.