TEL AVIV, Israel (AP) — Israel’s hijacking of Iranian street cameras and the killing of the country’s top leader underscores how surveillance systems are increasingly targeted by adversaries during wartime.
Hundreds of millions of cameras are installed above shops, in homes and on street corners around the world, many of which are connected to the internet but have poor security. Recent advances in artificial intelligence enable militaries and intelligence agencies to sift through vast amounts of surveillance footage and identify targets.
On Feb. 28, Israel tracked Iranian leader Ayatollah Ali Khamenei with the help of Tehran’s own street cameras, providing a vivid demonstration of the potential for such systems to be hacked and used against adversaries — despite repeated warnings that Iran’s surveillance systems had been breached, according to interviews and AP reviews of leaked data, public statements and news reports.
An intelligence official familiar with the operation and another person briefed on the operation described to The Associated Press the use of hacked surveillance cameras and other intelligence in the operation to kill Khamenei. Neither was authorized to speak to the media and both shared the information on condition of anonymity.
Iran has installed tens of thousands of cameras across the capital in response to waves of protests, most recently in January, when massive nationwide demonstrations ended in a bloody crackdown that left thousands of Iranians dead.
It’s no secret that Tehran’s cameras have been hacked: cameras in the city have been hacked multiple times starting in 2021, and last year a senior Iranian politician publicly warned that the cameras had been hacked by Israel and posed a threat to national security.
Conor Healy, research director at surveillance research publication IPVM, said Khamenei’s killing showed the pressing security dilemma facing governments seeking to suppress dissent.
“Ironically, the infrastructure that autocratic states build to make their rule unassailable may make their leaders most visible to those who would try to kill them,” Healey said. “Do you believe who is watching?”
warning sign
Cybersecurity experts have warned for years that cameras could be hacked in connection with warfare.
In 2019, security engineer Paul Marrapese discovered that he could easily hack millions of cameras from the comfort of his home office in California.
Despite repeated outcry since then, the number of unprotected cameras continues to grow. Marapes told The Associated Press that scans of unprotected camera feeds this year found nearly 3 million hits from nearly every country in the world, including nearly 2,000 cameras in Iran alone.
“There are millions of people like this around the world,” Marapes said. He added that many things are vulnerable to hacking: “They’re just silly little things… like fish in a barrel.”
The company advertised cameras that were connected online and could be accessed via mobile phones, whose information could easily be transferred by hackers. Much software is installed with minimal security by unskilled users who are unable to set passwords or install security patches. Securing your cameras requires constant vigilance, but attacking them only requires identifying an exposed vulnerability, such as an outdated system or a common password like “1234.”
Even surveillance systems set up by governments on networks isolated from the Internet are vulnerable: It only takes an internal traitor to compromise them.
“Human beings are the weakest link,” Marapes said. “There’s really only so much you can do.”
Eyal Hullata, Israel’s former national security adviser and a senior fellow at the Foundation for Defense of Democracies, said Israel continues to suffer cyberattacks from Iran but has so far been able to defend itself.
“All cyber fronts are on high alert,” he said.
For years, camera hacking for war purposes remained theoretical. But in 2023, Hamas hacked into surveillance cameras in southern Israel ahead of the Oct. 7 attack, allowing the group to monitor Israeli army patrols and assist in the attack, according to Israeli media reports. That same year, a Ukrainian official told reporters that Russia tried to hijack cameras near missile targets, a trend that continued when Russians hacked cameras in Kiev in 2024 and at border crossings last year.
Experts say advances in artificial intelligence have allowed the military to overcome a key hurdle in weaponizing hacked footage: sifting through vast amounts of video to identify people, vehicles and other targets, a task that once took teams of analysts weeks or months but can now be done in real time. With a simple keyword search, AI can scan the feed and return results almost instantly.
“In the past, you could hack cameras, but humans had to do the real work to figure out where the person was,” said cryptographer and security expert Bruce Schnell. “With an AI system… you can automate more things.”
The Tyrant’s Dilemma
Iranian cameras have been hacked several times over the past few years.
In 2021, an Iranian exile group leaked footage of abuse at Tehran’s notorious Evin prison. In 2022, another group claimed it had hacked more than 5,000 cameras around Tehran, leaking gigabytes of surveillance footage and internal data on a Telegram channel.
Last summer, Israel used Tehran’s cameras to track and bomb a meeting place of Iran’s Supreme National Security Council during a 12-day war, wounding Iranian President Masoud Pezeshkian, according to Iranian lawmakers and an Israeli documentary.
“All the cameras at our intersections are in Israeli hands,” Mahmoud Nabavian, deputy chairman of the Iranian parliament’s national security committee, told Iranian media in September. “Everything on the internet is in their hands… If we move, they’ll find out.”
The breaches come amid increased use of surveillance cameras in Iran following a series of protests. For example, subway cameras are used to detect if women are not wearing the country’s mandatory hijab or headscarf, and use facial recognition to identify violators.
But Michael Castor, a researcher investigating China’s sale of surveillance technology to Iran, said the data collected to consolidate control creates a ripe target for hackers.
“It’s easier for a malicious party to gain access,” Castor said.
Iran in particular, long under Western sanctions, faces difficulties in obtaining the latest hardware and software, often relying on Chinese-made electronics or older systems. Pirated versions of Windows and other software are common. This makes it easier for potential hackers to target the country.
The Financial Times earlier reported on the use of cameras during Khamenei’s killing.
People familiar with the operation who spoke to The Associated Press said that nearly all traffic cameras in Tehran had been hacked over the years and the information transferred to servers in Israel. Two people familiar with the matter said at least one camera angle could allow Israel to track people’s daily movements, such as where they park their cars near the Iranian leader’s compound.
Algorithms helped provide information including people’s addresses, routes to work and who was protecting them, according to people familiar with the operation. The attack had been planned for months but was accelerated once it was confirmed that Khamenei and his top officials would be at the leadership compound that morning, the person said.
Israel’s prime minister’s office did not respond to a request for comment.
Col. Amit Assa, a former official in Israel’s Shin Bet internal security service, said such operations are supported by many intelligence sources, such as undercover agents and eavesdropping on conversations.
However, Assa said cameras play a key role because they allow intelligence officials to identify people, providing critical confirmation in deciding whether to launch an attack.
He said when you see a person’s face on a screen in the command center, it helps make the decision to “put your finger on the yellow button.”
More cameras, more coverage
Cyber threat intelligence group Check Point Research said hacking of cameras has surged in Iran since the war began, with activity surging in Israel and Gulf states such as Bahrain and the United Arab Emirates.
Gil Messing, chief of staff at Check Point Research, said such hacks could help Iran monitor targets and assess damage after a missile attack.
“The more people who install cameras … the more area those cameras cover,” Messing said. “It’s very easy to use and allows more people to focus on different places.”
Analysts estimate there are more than 1 billion security cameras installed worldwide, three times as many as a decade ago. Hundreds of millions are installed every year.
Oil-rich Gulf states like Qatar have long known that their oil facilities could be targets of war, so their systems are heavily protected, said Muhannad Salloum, assistant professor of security studies at Doha Graduate School. But until recently, officials in the region realized that street cameras could also be weaponized.
“I don’t think anyone anticipated that these traffic cameras would become a targeting tool … with alerts everywhere,” Sallum said. “Why was the entire leadership of Iran beheaded on day one? … That’s a topic that’s being discussed.”
Across the region, governments are on high alert.
The Gulf monarchy banned residents from filming or live-streaming footage of Iran’s attacks, and the UAE arrested dozens of people for sharing videos of the clashes online. Selloum said that while part of the purpose was to protect the country’s reputation, the bans were also driven by concerns that such footage could be exploited by the Iranian military.
Earlier this month, Israel’s National Cyber Authority said it had issued warnings to hundreds of camera owners targeted by Iran and urged the public to change passwords and update software to ward off attacks.
Ali Vaez, Iran program director at the International Crisis Group, said that while hacking has long been a concern in the Middle East, the increase since the war began is “a wake-up call.”
However, he said there is only so much that can be done to patch the vulnerabilities.
“It’s whack-a-mole,” Watts said.
—-
Kang reported from Beijing.
—-
Contact AP’s global investigative team at investigative@ap.org or https://www.ap.org/tips/.
