TREVISO, September 4, 2025 – Yarix, the cybersecurity competence center of Var Group, has identified a portal on the clear web, easily reachable through common search engines, that hosts thousands of audio-video recordings, mainly pornographic in nature, illegally stolen from over 2,000 home surveillance cameras and locations such as beauty salons or medical offices. Active since at least December 2024, the portal allows users to view short excerpts of recordings for free and offers the possibility to purchase access to the camera, enabling further content viewing or even control of the device itself.

Accessible without registration, it offers paid plans with prices varying depending on the popularity and number of views of the videos. Through a custom-built Telegram bot, users can purchase access to one or more cameras. Prices range from about $20 to $575 per camera, depending on the number and views of the public videos related to that device; some of these videos have been viewed over 20,000 times.

The videos are classified by location, room, people, and recorded activities. Content can be browsed through a search bar with tags, just like on a regular search engine, filtering results based on user requests.

By analyzing the camera IDs—unique codes that unequivocally identify each device—it was possible to determine that the recordings originate from numerous European and non-European countries, such as France, Germany, Russia, Ukraine, Mexico, and Argentina. For Italy, around 150 videos have been identified so far. The number of accessible cameras is also growing.

The portal’s domain is registered in Tonga, in the South Pacific. The use of non-EU domains, or domains tied to certain countries, is likely motivated by reasons linked to the site operator’s anonymity and legal flexibility: some states do not require strict identity checks for domain registration, making it easier to register without leaving obvious personal traces. Furthermore, they often lack legal cooperation agreements with other countries or have looser regulations on privacy and online content. This makes it harder for foreign authorities to obtain data or shut down such a site.

As stated in the “About” section of the site, the declared goal is to “draw public attention to the issue of personal data leaks caused by flaws in hardware and software.”

Following this discovery, Yarix promptly reported the case to the Veneto Cybersecurity Operations Center (C.O.S.C.) in Venice, which in turn notified the Postal Police of Veneto. Yarix has had a memorandum of understanding with them since 2016 and has already collaborated on several investigations, such as the Miano vs. Ministry of Justice case.

The Cyber Threat Intelligence team is monitoring the portal and conducting further analyses that may aid the investigation, which will also determine whether all the videos come from hidden cameras and unaware victims. It is not excluded that, alongside authentic videos, staged recordings and live streams with actors are being used to generate traffic to the site, attracting more users and subscriptions in a business model aimed at maximizing sales.