November 5, 2025

RAJKOT: Imagine this — a single, easy password “admin123” gave hackers the keys to a secret treasure chest of CCTV footage! This shocking cyber theft happened at Payal Maternity Hospital, Rajkot, but that’s just the tip of the iceberg. Over nine months, clever hackers stole at least 50,000 video clips from around 80 CCTV dashboards across India, including major cities like Pune, Mumbai, Surat, and Delhi. How did they pull this off? The hackers combined weakness and technology in a spicy mix. First, many CCTV cameras were left with factory-set passwords like “admin123”—basically an open invitation for trouble. Using a website called suIP.biz, the lead hacker Parit Dhameliya grabbed public IP addresses of cameras in Gujarat. Then, with a lightning-fast tool called Masscan, they scanned for open network doors (ports). Next, the attackers used SWC software to snatch camera IDs, passwords, and IPs if the devices were vulnerable. The stolen keys let them log in through a real remote app called DMSS, operated by accused Rohit Sisodiya and others, fooling the system into thinking they were authorized users. But here’s the clever twist — they didn’t watch all footage themselves. Automation was the magic wand. Scripts and bots logged in, grabbed clips, and logged out in seconds. From January to December 2024 alone, over 11,000 successful break-ins were recorded, showing just how automated this was. Then came the cash game! Clips were teased on YouTube channels like “Megha Mbbs” and “cp monda.” Customers paid between Rs 700 and Rs 4,000 per clip to private Telegram groups like “Megha Demos Group” and “labour room.” Investigators named alleged masterminds such as Prajwal Teli, Vaibhav Mane, and others. Incredibly, police arrested core members within just 39 hours after filing the FIR. To hide their tracks, hackers used VPNs, making it look like sessions came from places like Bucharest and New York. Targets weren’t just hospitals — schools, offices, factories, cinemas, and private homes across 20 states were hit. What can save us? Simple, powerful steps: Change default passwords right away, use strong unique passwords, turn on multi-factor authentication (MFA), never expose cameras directly to the internet, and keep software updated. Also, separate CCTV networks from regular business networks and keep an eye on unusual logins. This Rajkot case isn’t one-of-a-kind. The formula is simple: default password → mass scan → steal credentials → automate footage download → sell for money. But the fix is just as clear. Hospitals, companies, and homes must lock their cameras tight from the start. Because until they do, these eyes meant to protect us will be easy marks for cyber thieves hungry for profit.

Read More at Timesofindia →

Tags: Cctv Hacking, Default Passwords, Cybersecurity, Telegram, Automation, Privacy breach,