How Rajkot hospital CCTV footage ended up on porn sites due to weak password
The scandal came to light in February when revealing footage of women from Payal Maternity Home in Rajkot was uploaded to porn sites.
Investigation into a hacking racket that uploaded CCTV footage of women undergoing gynaecological checkups at a hospital in Gujarat to porn sites revealed the real extent of the sinister network spanning across the country.
The scandal came to light in February this year when revealing footage of women from Payal Maternity Home in Rajkot was uploaded to porn sites and floated in Telegram groups for sale. At the time, the hospital authorities stated that their CCTV servers had been hacked.
"I don't know how the hospital videos went viral. Our CCTV server seems to have been hacked. However, we are also unaware of why this happened and will inform the police," Dr Amit Akbari, who works at the hospital, had said.
Some hackers were arrested in February, although the videos were reportedly available for sale on Telegram until at least June. Investigation has revealed that the racket was not confined to just one hospital but spanned at least 20 states, including cities like Delhi, Pune, Mumbai, Nashik, Surat, and Ahmedabad. Footage from at least 80 dashboards, including hospitals, schools, offices, shopping malls and even private residences, made its way into the criminals’ hands.
How did hackers obtain the footage?
According to the investigation, the criminals hacked into the CCTV dashboards of various places across the country due to a lack of digital housekeeping.
Investigators stated that most of the hacked locations had retained the default password for the CCTV dashboard, which was admin123. The hackers used a brute force attack to gain access to the system, using combinations of words, numbers and symbols. The default password being retained made the job easy.
Parit Dhameliya, the lead hacker in the operation, a BCom graduate, employed three different software programs to obtain the login credentials, the TOI report added. Another accused, Rohit Sisodiya, used a tool meant for legitimate remote viewing to input stolen login details and gain access to the dashboards.
Videos up for sale on Telegram
The criminals obtained nearly 50,000 clips from across the country over a nine-month period in 2024. Teasers of the videos were uploaded to several YouTube channels, including “CP Monda” and “Megha MBBS”, with links leading users to Telegram channels where the full videos were available for sale within the range of ₹700 to ₹4000, The Times of India reported.
Experts said the hacking reinforces the need for strong passwords and the use of two-factor authentication where available. Institutions need to enforce this even more because the data of others, including footage of women in the hospital's case, is at stake.
