ADT technician hacked hundreds of customers' security cameras

A former security technician for home security company ADT admitted he secretly accessed customers' home security cameras more than 9,600 times over more than four years, particularly in homes of women to spy on them.

Telesforo Aviles, a 35-year-old former ADT employee, pleaded guilty to computer fraud on Thursday before Magistrate Judge David Horan. According to plea papers, Aviles admits that contrary to company policy, he routinely added his personal email address to customers’ “ADT Pulse” accounts, giving himself real-time access to the video feeds from their homes. In some instances, he claimed he needed to add himself temporarily in order to “test” the system; in other instances, he added himself without their knowledge.

“This defendant, entrusted with safeguarding customers’ homes, instead intruded on their most intimate moments,” said Acting U.S. Attorney Prerak Shah. “We are glad to hold him accountable for this disgusting betrayal of trust.”

Aviles took note of which homes had attractive women, then repeatedly logged into these customers’ accounts in order to view their footage for sexual gratification, he admits. Plea papers indicate he watched numerous videos of naked women and couples engaging in sexual activity inside their homes.

Over a four and a half year period, Aviles secretly accessed roughly 200 customer accounts more than 9,600 times without their consent, he admits.

Brandon Hoffman, Chief Information Security Officer at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, says, “This incident once again highlights the continued growth of privacy concerns among consumers. As consumers continue to purchase and utilize connected systems, especially service dependent systems, privacy is a core issue. With the rising exposure of privacy intrusions by basic connected devices, home device buyers should beware of systems like this that have active intrusion capability. While designed with the purpose of security or providing additional services, it's important to understand the detail of access these systems provide and measure the benefits versus the risk (of privacy invasion). Additionally, there is a glaring lack of discussion and availability on protective measures against intrusion from these systems that are common or basic enough to be understood and used by non-deeply technical users.”

“The defendant used his position of employment to illegally breach the privacy of numerous people. The FBI works with our law enforcement partners to thoroughly investigate all cyber intrusions and hold criminals accountable for their actions,” said FBI Dallas Special Agent in Charge Matthew J. DeSarno. “Cyber intrusions do not only affect businesses, but also members of the public. We encourage everyone to practice cyber hygiene with all their connected devices by reviewing authorized users and routinely changing passwords. If you become the victim of a cybercrime, please contact the FBI through ic3.gov or 1-800-CALL FBI.”

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.