The Korean National Police have arrested four individuals suspected of hacking over 120,000 IP cameras across the country and then selling stolen footage to a foreign adult site.

Although the suspects or the websites haven’t been named, the police are already taking action against viewers of the illicitly gained content, as well as the operators of the website, through international collaboration.

“The National Office of Investigation announced that four suspects who hacked over 120,000 IP cameras installed in private homes and commercial facilities and sold the stolen footage on an overseas illegal website have been arrested,” reads an announcement from the National Office of Investigation.

“Investigations are also underway against the website’s operators as well as buyers and viewers of illegal sexual-exploitation materials. Protection measures are being carried out simultaneously to prevent additional harm to the victims.”

The four suspects were very prolific, each hacking tens of thousands of cameras, and/or holding large volumes of video feeds from unsuspecting users. The announcement summarizes their actions as follows:

1. Suspect B (unemployed) – Hacked 63,000 IP cameras and produced and sold 545 illegal sexual videos for 35 million KRW ($23,800) worth of virtual assets.
2. Suspect C (office worker) – Hacked 70,000 IP cameras and produced and sold 648 illegal sexual videos for 18 million KRW ($12,300) worth of virtual assets.
3. Suspect D (self-employed) – Hacked 15,000 IP cameras and produced illegal content, including underage people.
4. Suspect E (office worker) – Hacked 136 IP cameras.

It is unclear if some cameras were hacked multiple times.

The investigators mention that the website hosting the illegal material, which is dedicated to voyeuristic and sexual-exploitation content submitted from multiple countries, received 62% of all content uploads last year from suspects B and C alone.

Three individuals who purchased such content from the illegal website have already been arrested, facing up to three years in prison, and the police are collaborating with foreign investigators to identify the site’s operators and shut down the platform.

Regarding the victims, the authorities identified and notified 58 affected locations, urging users to reset their passwords and advising them on how to submit takedown requests.

The police promised an aggressive response to secondary harm against victims.

“Viewing or possessing illegal sexual-exploitation videos is also a serious criminal offense, and we will investigate it actively,” warned Park Woo-hyun, Director of Cyber Investigation Policy at the National Police Agency.

As a general recommendation, users of IP cameras should change the default administrator password with a strong, unique one, disable remote access when not needed, and apply the latest firmware updates.