ADT technician hacked hundreds of customers' security cameras

A former security technician for home security company ADT admitted he secretly accessed customers' home security cameras more than 9,600 times over more than four years, particularly in homes of women to spy on them.

Telesforo Aviles, a 35-year-old former ADT employee, pleaded guilty to computer fraud on Thursday before Magistrate Judge David Horan. According to plea papers, Aviles admits that contrary to company policy, he routinely added his personal email address to customers’ “ADT Pulse” accounts, giving himself real-time access to the video feeds from their homes. In some instances, he claimed he needed to add himself temporarily in order to “test” the system; in other instances, he added himself without their knowledge.

“This defendant, entrusted with safeguarding customers’ homes, instead intruded on their most intimate moments,” said Acting U.S. Attorney Prerak Shah. “We are glad to hold him accountable for this disgusting betrayal of trust.”

Aviles took note of which homes had attractive women, then repeatedly logged into these customers’ accounts in order to view their footage for sexual gratification, he admits. Plea papers indicate he watched numerous videos of naked women and couples engaging in sexual activity inside their homes.

Over a four and a half year period, Aviles secretly accessed roughly 200 customer accounts more than 9,600 times without their consent, he admits.

Brandon Hoffman, Chief Information Security Officer at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, says, “This incident once again highlights the continued growth of privacy concerns among consumers. As consumers continue to purchase and utilize connected systems, especially service dependent systems, privacy is a core issue. With the rising exposure of privacy intrusions by basic connected devices, home device buyers should beware of systems like this that have active intrusion capability. While designed with the purpose of security or providing additional services, it's important to understand the detail of access these systems provide and measure the benefits versus the risk (of privacy invasion). Additionally, there is a glaring lack of discussion and availability on protective measures against intrusion from these systems that are common or basic enough to be understood and used by non-deeply technical users.”

“The defendant used his position of employment to illegally breach the privacy of numerous people. The FBI works with our law enforcement partners to thoroughly investigate all cyber intrusions and hold criminals accountable for their actions,” said FBI Dallas Special Agent in Charge Matthew J. DeSarno. “Cyber intrusions do not only affect businesses, but also members of the public. We encourage everyone to practice cyber hygiene with all their connected devices by reviewing authorized users and routinely changing passwords. If you become the victim of a cybercrime, please contact the FBI through ic3.gov or 1-800-CALL FBI.”

Maria Henriquez joined Security Magazine in 2019 as its Associate Editor. Since then, she has been covering the security industry and reporting on issues affecting enterprise security leaders, to include cybersecurity, leadership and management, risk and resilience and pressing security challenges facing the industry.

Security’s digital transformation is now entering stage 5. Complex security technologies are connected to HR systems, global security operations centers, and other building technologies in a world where employees now work in two places: home and the corporate office.

Service reliability underpins every modern business. Without reliable services, organizations cannot build the trust required to keep their customers loyal or free up time to focus on product innovation and differentiation.