ADT Tech Hacks Home-Security Cameras to Spy on Women | Threatpost

Former ADT employee Telesforo Aviles took note when there were attractive women at a home he serviced in the Dallas area. Then he would add his personal email address to their accounts so he could have around-the-clock access to their most private moments, according to the U.S. Attorneys’ Office.

Now Aviles faces up to five years in federal prison for accessing roughly 200 accounts more than 9,600 times without consent, over a four-and-a-half year period.

“This defendant, entrusted with safeguarding customers’ homes, instead intruded on their most intimate moments,” said Acting U.S. Attorney Prerak Shah. “We are glad to hold him accountable for this disgusting betrayal of trust.”

Aviles admitted to regularly adding his own email address to customers’ ADT Pulse accounts so he could watch customers in real time without them knowing. The U.S. Attorney’s Office said Aviles would watch women naked and couples engaged in sexual activity for his own sexual gratification, they said.

“The defendant used his position of employment to illegally breach the privacy of numerous people,” FBI Dallas Special Agent in Charge Matthew J. DeSarno. The FBI works with our law-enforcement partners to thoroughly investigate all cyber-intrusions and hold criminals accountable for their actions. Cyber-intrusions do not only affect businesses, but also members of the public. We encourage everyone to practice cyber-hygiene with all their connected devices by reviewing authorized users and routinely changing passwords.”

ADT was made aware of the issue on April 23, when a customer called to report an unauthorized email on their account, the company said.

“Unfortunately, our investigation revealed that during a service visit, one of our Dallas-area technicians had added his personal email address to this customer’s account to gain unauthorized access, and he had done the same thing during service visits with other customers in the Dallas area.”

ADT Reaction 

As soon as the company was made aware Aviles was terminated and reported to law enforcement.

ADT also contacted each of the customers impacted and the company is doing what they can to address their concerns.

“We apologize to the customers affected by the actions of this former employee and deeply regret this incident,” ADT’s statement said. “The ADT mission is to help protect and connect people with the things they love most. Fully earning this trust back may take time, but nothing is more important to us and to those who have served our customers under the ADT banner for the last 145 years.”

ADT joins the ranks of many other companies dealing with insider threats on security. Ticketmaster was recently on the receiving end of a $10 million fine after several employees hacked a rival company’s computer systems.

Forrester researchers recently explained that the uptick in work-from-home and remote employees is likely to amp up the rise of insider threats across all industries.

As for ADT, the company is relieved to have this case behind them, announcing the U.S. Attorney’s decision to charge their former employee.

“We are grateful to the Dallas FBI and the U.S. Attorney’s Office for holding Telesforo Aviles responsible for a federal crime.”

Download our exclusive FREE Threatpost Insider eBook Healthcare Security Woes Balloon in a Covid-Era World, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!