Warning on webcam 'spying' site
A Russian website allowing voyeurs to watch people in their homes via their own webcams may take some time to shut down, the Information Commissioner has warned.
Christopher Graham said he had limited powers to tackle the site because of its location in Eastern Europe and urged anyone whose remote-access cameras may be at risk to immediately change their passwords.
The site currently has 584 feeds from UK premises, showing children's bedrooms, lounges and kitchens, and business premises such as offices, factories and shops.
It targets cameras whose owners are still using the manufacturer's default password, providing information needed to hack into people's private camera systems, plus GPS locations and postcodes.
Mr Graham said it was quick and simple to get off the site or avoid going on it by changing passwords immediately and making them complicated.
"It may take longer to get the site taken down," he added.
"It is not within my jurisdiction, it is not within the European Union, it is Russia. I will do what I can but don't wait for me to have sorted this out.
"The action is in your own hands if you have one of these pieces of kit."
As well as the almost 600 British cameras, there are more than 10,000 others from around the world on the website.
Mr Graham said he was working with foreign agencies including the US Federal Trade Commission, as the website appeared to be using an Australian domain name bought via an American company. The alarm was originally raised by agencies in Australia and Canada.
With an estimated 350,000 remote-access cameras sold in the country last year, the ICO warned that those without password protection or with weak passwords could be vulnerable to hackers.
Mr Graham said that people should ask themselves whether they needed to use the remove access feature of the webcams and if they did not, to turn it off. And if they did, to make sure their password was complex, with lower and upper case letters, numbers and symbols.
"We are only half secure on this sort of thing," he said.
"We think 'that's a good piece of kit, I could do that, that's cool'.
"But if you don't set a password, you are setting yourself up for remote access, not by you to see how your business premises or babies are getting on, but by anyone who cares to hack your system."
The website says on its homepage that it is "fully legal", adding: "This site has been designed in order to show the importance of the security settings.
"To remove your public camera from this site and make it private the only thing you need to do is to change your camera default password."
Experts said the public needed to take action to make sure they were secure.
Emma Carr, director of Big Brother Watch, said: "Few people would leave their front doors unlocked, yet failing to password protect your devices carries the same risks to both their privacy and security.
"As the capability of these devices becomes increasingly sophisticated, it is inevitable that users will inadvertently expose themselves and their lives to hackers.
"This warning from the ICO should come as a timely wake up call that the public need to start educating themselves about the technology they are bringing into their homes and how to keep it secure."
Mark James, security specialist at Eset, added: "It is down to the individual to decide where to place th e camera - once placed, a decision should be made as to what is made available for online streaming.
"I totally understand why you would want to stream your front drive or even the alleyway providing access to the back of the house but honestly, in what situation would you need to stream your children's bedroom outside of your private residence?"
Mr Graham added that his office would be contacting businesses they could identify from the website as they were "putting third parties at risk" and may have broken the Data Protection Act.