A former home security technician has admitted habitually hacking into customers’ home surveillance cameras to spy on people without their consent.
Telesforo Aviles accessed the accounts of around 200 customers more than 9,600 times over a period of four and half years while employed by security company ADT.
The 35-year-old carried out the cyber-intrusions for his own sexual gratification. He made a note of which camera feeds were linked to the homes of women he deemed attractive, then logged into these feeds repeatedly.
Aviles admitted watching numerous videos of naked women and couples engaging in sexual activity inside their homes.
“Mr. Aviles admits that contrary to company policy, he routinely added his personal email address to customers’ ‘ADT Pulse’ accounts, giving himself real-time access to the video feeds from their homes,” said the Department of Justice in a statement. “In some instances, he claimed he needed to add himself temporarily in order to ‘test’ the system; in other instances, he added himself without their knowledge.”
Aviles pleaded guilty yesterday in federal court to charges of computer fraud, according to the US Attorney’s Office for the Northern District of Texas. He now faces a maximum sentence of five years in prison.
ADT officials told the Dallas Morning News that it “deeply regrets” the incidents and that affected customers have been informed of the intrusion on their most private moments.
Brandon Hoffman, chief information security officer at Netenrich, said that Aviles’ criminal activity highlighted the continued growth of privacy concerns among consumers.
“With the rising exposure of privacy intrusions by basic connected devices, such as Alexa and Google, home devices buyers should beware systems like this that have active intrusion capability,” Hoffman told Infosecurity magazine.
“While designed for the intent of security or providing additional services, it’s important to understand the detail of access these systems provide and measure the benefits versus the risk of privacy invasion.
“Additionally, there is a glaring lack of discussion and availability on protective measures against intrusion from these systems that are common or basic enough to be understood and used by non-deeply technical users.”