In yet another classic case of where physical security and cybersecurity intersect, attackers were able to break in to a surveillance camera system at a prison in Thailand and then broadcast what was going on via YouTube.
Authorities in Thailand said they are investigating the online break-in last week that allowed the live broadcast from inside a prison in the country’s southern region. The video prisoners’ activities from several different security cameras.
While not an incident that occurred in the manufacturing automation sector, the incident does point to the intersection of physical and cyber security where the distinction between digital and physical worlds is vanishing.
A Corrections Department official confirmed the security camera system at Lang Suan Prison in the southern province of Chumphon was hacked by an unknown person from outside Thailand.
A YouTube account called BigBrother’s Gaze live streamed prisoners’ activities for several hours on Google’s video sharing platform, according to a published report.
Corrections Department Director-General Police Col Narat Sawettanan ordered the prison to turn off the surveillance camera system and investigate the incident. He also ordered the prison commander to file a complaint with the police.
The live feed was no longer available by Christmas day.
The owner of the YouTube channel said the footage wasn’t obtained as a result of a breach, but he did advise everyone to change the default passwords when setting up surveillance cameras.
This issue just underscores there is a growing need to understand the risks associated with connectivity on the physical and cyber side of the manufacturing sector that have accelerated the need for new protections in all aspects of the segment.
Without adequate cyber protection to connected physical security systems protecting critical infrastructure, OT environments may end up exposed and vulnerable. Every connection and connected device is an entry point, and a golden opportunity for a breach.
Everyone must understand attackers will leverage anything they can get their digital hands on to gain access to an OT system, including those within the enterprise security system itself to potentially infiltrate a manufacturing enterprise.