What do eBay, body cameras, and hackers have in common?
They are linked by this unique story about activism, encryption, and the data life cycle.
What was discovered on old police bodycams?
Once upon a recent time, a hacker with the Twitter moniker d0tslash bought a police body camera on eBay. Actually, this story begins long before d0tslash.
In 2014, as with 2020, uproar surrounding the killings of unarmed Black people ignited a movement for police accountability, driven by the Black Lives Matter movement.
Police body camera companies like Axon capitalized on the activism by promoting their products as one of many reform-based solutions.
Unfortunately, the ending was far from storybook, as Vice explains:
"Since then, police killings of unarmed civilians have continued undeterred, with police departments across the country often obscuring or deleting footage. With the recent uprisings over the murders of George Floyd and Breonna Taylor, activists have pointed out that even video evidence isn’t enough to produce systemic change."
With that backdrop, enter d0tslash.
According to Vice, the Twitter user purchased a used Axon-brand camera from eBay. While searching the camera, he found some shocking footage.
"Based on screenshots of the extracted footage—which include people in military fatigues searching a home and an officer filling out paperwork—the camera appears to belong to military police at Fort Huachuca, a U.S. Army installation in southeast Arizona."
How did d0tslash access that data? Vice described the process:
"d0tslash copied the raw disk image from an internal SD card mounted inside the device. He then used an old U.S. Air Force forensics tool from the early 2000’s called foreMost, which successfully located video files within the mass of unencrypted data. The device in question appears to be an older version of the Axon Body, which normally transfers video data to a computer after being docked in a proprietary cradle."
And according to d0tslash himself, the task was noticeably simple for one primary reason:
"Zero encryption. [It] was just in the raw."
d0tslash's experiment caught on among other hackers, too, as used police body cameras are commonly available for sale online. Another Twitter user, DJ Ir0ngruv, also gave it a shot.
"The type of footage on them covered the range from traffic stops, responding to calls at retail stores, calls to houses, etc. I skimmed through enough to find out that they weren't from a military installation because that is super toxic.”
According to him, it was "stupid easy."
How does your organization handle the data life cycle?
In the case of police body cameras, a lack of encryption could potentially have consequences for all sides.
It raises a key question that should be asked in privacy and cybersecurity circles: do you have an end of life policy for the data and devices at your organization?
Do your employees understand what that policy is and how to properly dispose of that data?
Many organizations don't have plans for this. With data-rich police body cams floating around eBay, it seems clear that many policing organizations do not either
How can you develop a plan and manage your organization's data lifecycle?
SecureWorld has a complimentary web conference available on-demand about this very subject.
"All data follows a lifecycle. Understanding the data lifecycle and looking at it through the lens of a data lifecycle model helps you identify opportunities to improve data usage, governance, and compliance. So, what's the best way for you to improve the use and management of data from the perspective of security, cost, governance, and regulatory compliance?"