Security camera footage from a maternity ward in an Indian hospital was circulated and sold on Telegram, prompting police in the western state of Gujarat to investigate what they say is a wide cybercrime network involving tens of thousands of hacked cameras.
Radhika Makadiya, who oversees cybercrime investigations in Gujarat, said the videos were sold for 800 to 2,000 rupees (about 30 to 70 shekels). Some Telegram channels also offered live access to security camera feeds through paid subscriptions.
Police learned earlier this year from media reports that YouTube users had posted videos filmed inside a maternity hospital in an unspecified city. Some clips showed pregnant women undergoing medical exams and receiving injections in intimate areas. Links attached to the videos directed viewers to Telegram channels selling longer footage.
The hospital director told the BBC the cameras were installed for the protection of doctors. None of the women recorded in the footage filed a complaint.
Investigators say the case exposed a cybercrime network that stole sensitive footage from at least 50,000 security cameras across India. Lavina Sinha, who heads the Ahmedabad cybercrime unit, said the hackers broke into camera systems at hospitals, schools, colleges, corporate offices and even private bedrooms in several states.
Police have filed charges that include violating patient privacy, publishing obscene material, voyeurism and cyberterrorism, an offense that does not allow suspects to be released on bail. Officers said they contacted Telegram and YouTube and the videos were removed.
Since February, police have arrested eight people, including four from Maharashtra and others from Uttar Pradesh, Gujarat, Delhi and Uttarakhand. All remain in judicial custody. An attorney for three of the suspects, Yash Koshti, denied the accusations and said someone else carried out the breach.
Security cameras have become common across India, from malls and offices to hospitals, schools, apartment complexes and private homes. Experts warn that poorly installed or poorly managed systems can leave users vulnerable, especially in facilities where staff lack cybersecurity training. Some locally manufactured camera models are reportedly easy to hack.
Two years ago, a YouTuber said his home security camera had been breached after private clips spread online. Last year, the federal government told states not to buy cameras from suppliers with records of security failures and set new rules to improve cybersecurity for camera systems. Despite the guidance, cyber incidents continue to be reported.
Cybercrime investigator Ritesh Bhatia said weak security settings make camera systems and home networks easy targets. He said hackers can often decode an internet-connected camera’s IP address and default password, allowing them to view or record footage, download it or disable the system. He recommended changing default passwords, using strong combinations of letters, numbers and symbols, and scheduling regular security audits. He also said manufacturers should clearly warn consumers about replacing default passwords, similar to warnings on cigarette packs.
This report was prepared with the assistance of Alchemiq’s news analysis system.