The Weaponization of Civilian Surveillance: How Hacked Security Cameras Have Become a New Frontier in Modern Warfare

For decades, military intelligence gathering relied on a hierarchy of expensive and complex assets: high-altitude spy planes, sophisticated reconnaissance satellites, and covert human intelligence networks. Today, however, that paradigm has shifted toward the mundane. In an era defined by the proliferation of the Internet of Things (IoT), the front line of global conflict has migrated to the unassuming, internet-connected security cameras mounted on residential porches and city street corners. As these devices become increasingly interconnected, they have transformed from simple crime-prevention tools into critical nodes within the military "kill chain," allowing belligerents to conduct real-time reconnaissance, target acquisition, and post-strike damage assessment from thousands of miles away.

The Emerging Playbook of Digital Espionage

Recent research from Tel Aviv–based cybersecurity firm Check Point has brought this unsettling reality into sharp focus. The firm’s analysis of hundreds of intrusion attempts across the Middle East reveals a coordinated effort to hijack civilian-grade security cameras. These operations appear to be intrinsically linked to the recent surge in regional hostilities, specifically the retaliatory missile and drone strikes exchanged between Iran and its adversaries, including Israel, Qatar, and Cyprus.

Check Point’s findings suggest that Iranian-linked threat actors—most notably the hacking group Handala, which has long been suspected of operating on behalf of the Iranian Ministry of Intelligence and Security—have systematically targeted cameras manufactured by companies such as Hikvision and Dahua. The goal is not merely disruption, but strategic visibility. By gaining unauthorized access to these feeds, military planners can bypass the limitations of satellite imagery, which is often subject to atmospheric conditions and orbital revisit times, to obtain high-resolution, street-level perspectives of military installations, troop movements, and critical infrastructure.

A Chronology of Surveillance Warfare

The weaponization of civilian cameras is not an isolated phenomenon; it represents a tactical evolution observed across several major conflicts.

• June 2024: During a twelve-day period of heightened tension between Israel and Iranian proxies, Israeli officials reported that hackers had successfully compromised street-level cameras near the Weizmann Institute of Science. The breach allowed the attackers to monitor activity in the vicinity, effectively using the civilian network as a forward-deployed observation post prior to a precision strike.
• January 2024: In the ongoing war in Ukraine, the Security Service of Ukraine (SSU) issued a stark warning that Russian intelligence had successfully hijacked two webcams in Kyiv. These devices were reportedly used to adjust the trajectory of missile strikes against Ukrainian air defenses. In response, the SSU initiated a nationwide campaign to disable or disconnect over 10,000 public-facing webcams, urging citizens to stop live-streaming street activity.
• February–March 2025: During the most recent escalation in the Middle East, Check Point identified a surge in hacking attempts targeting networks in Bahrain, Cyprus, Kuwait, Lebanon, Qatar, and the United Arab Emirates. These attempts were timed precisely to coincide with the launch of US and Israeli air strikes inside Iranian territory.
• The Assassination of Ayatollah Ali Khamenei: Perhaps the most significant demonstration of this capability occurred when Israeli intelligence, working in concert with international partners, reportedly gained access to the traffic camera network in Tehran. Sources indicated that this footage was used to map the daily routines of the supreme leader’s security detail, facilitating the precision of the strike that ultimately eliminated him.

Technical Vulnerabilities and the Persistence of Risk

The ease with which these networks are compromised stems from a chronic failure in the security lifecycle of consumer electronics. Check Point analysts noted that the vulnerabilities exploited in recent campaigns—such as outdated firmware and hardcoded administrative credentials—are neither novel nor sophisticated. In many cases, these security holes were identified and patched by manufacturers as early as 2017.

The persistence of these threats is largely due to the "set it and forget it" nature of IoT devices. Many camera owners remain entirely unaware that their devices require periodic firmware updates, and in many instances, the devices are installed in remote or inaccessible locations, making physical maintenance difficult.

"The manufacturer of the device and the user of the device are rarely the ones who suffer the consequences of this surveillance," explains Beau Woods, a former advisor to the US Cybersecurity and Infrastructure Security Agency (CISA). "Because the victim is not in a position to control the tool used by the adversary, we have a massive accountability vacuum."

The Strategic Value of Civilian Eyes

The appeal of hacked cameras to military planners is rooted in two primary factors: cost-efficiency and tactical proximity. Satellites and high-altitude drones are multi-million dollar assets that are easily tracked and vulnerable to anti-access/area-denial (A2/AD) measures. In contrast, a hacked civilian camera is essentially a "free" asset that is already embedded in the urban landscape.

"Hacking cameras has become a standard part of the military playbook," says Sergey Shykevich, lead of threat intelligence at Check Point. "You get direct, high-definition visibility without using expensive military hardware. For an attacker, it is a straightforward, low-risk, high-reward investment."

Beyond reconnaissance, these cameras are increasingly used for "Battle Damage Assessment" (BDA). After a strike, attackers can use the very cameras they have compromised to monitor emergency response efforts, assess the structural integrity of a target, or identify which defenses have been depleted. This provides a level of immediate feedback that was previously only available to the most advanced global powers.

The Global Response and Ethical Implications

As the use of civilian infrastructure in warfare becomes more frequent, international organizations and national governments are beginning to grapple with the legal and ethical implications. In the United States, concerns regarding the security of Hikvision and Dahua equipment have led to effective bans on their use in federal facilities. However, these restrictions do little to mitigate the threat posed to private businesses and residential areas, where the majority of these cameras are located.

The Ukrainian experience serves as a case study in mitigation. By calling on citizens to act as "digital sentinels" and report unauthorized broadcasts, the SSU attempted to decentralize the security effort. Yet, this has also led to a counter-tactical response, where belligerents have begun using the same techniques. For instance, reports suggest that Ukrainian hacktivist groups have successfully targeted Russian surveillance cameras to monitor the transit of military materiel across the Kerch Bridge, effectively turning the Russian surveillance architecture against itself.

Future Outlook: A Permanent Feature of Conflict

The integration of civilian IoT into the military apparatus is likely to continue for the foreseeable future. As Artificial Intelligence (AI) and automated threat-hunting software become more accessible, the speed at which these cameras can be scanned for vulnerabilities and hijacked will increase.

The dilemma for policymakers remains: how to secure a global network of billions of devices that are not designed for the rigors of modern intelligence warfare. Without a concerted, global effort to enforce security standards at the manufacturing level—and a shift in public awareness regarding the risks of internet-connected home devices—the next conflict will almost certainly be fought in the shadows of the very cameras meant to protect us. As military experts often note, the battlefield is no longer defined by geography, but by the connectivity of the devices we leave powered on. The "kill chain" now begins on the front porch.