The camera over your front door exists to answer one small question: who’s outside? On July 11, the Netherlands’ two intelligence services answered a much bigger one: who else is watching through it?

In a joint advisory, the Dutch General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD) disclosed that Russian state-backed hackers have been systematically compromising civilian internet-connected cameras across Europe — traffic cameras, business security systems, and yes, residential smart doorbells — and using them to monitor military logistics routes carrying equipment and weapons to Ukraine. A number of the compromised cameras sat directly on transit routes inside the Netherlands itself.

This is not a hypothetical raised in a security conference talk. It is a working, state-run surveillance network assembled out of other people’s consumer electronics.

How the operation worked

The mechanics, as described by the Dutch services and subsequent reporting, are depressingly simple:

  • Target selection by geography. The hackers didn’t want cameras in general — they wanted cameras with sightlines onto specific roads, rail corridors, and ports used to move NATO military cargo. The Netherlands is a priority target precisely because it’s a key transit country for Ukraine-bound equipment and a major military supporter.
  • Entry through neglect. Most of the compromised devices were running default passwords, outdated firmware, or factory settings. Many were inexpensive Chinese-made Hikvision and Dahua units — the same hardware that fills homes, shops, and municipal poles across the continent — including consumer smart doorbell systems.
  • Automated analysis at scale. The feeds weren’t watched by analysts in a room. According to the reporting, the video is run through image-recognition software that automatically flags military vehicles and identifies cargo types — what weapons systems, in what quantities, moving in which direction.

Recorded Future’s analysis of the broader campaign found that NATO logistics and Ukrainian troop movements are the top subjects of Russian camera-hacking activity. The Dutch services said they have notified affected organizations and urged them — with what one imagines is considerable restraint — to strengthen their security.

The privacy story hiding inside the espionage story

It would be easy to file this under “war news” and move on. That would be a mistake, because what the AIVD and MIVD documented is the clearest demonstration yet of an argument privacy advocates have been making for a decade, usually to eye-rolls:

Every camera you install is a capability, and capabilities don’t care who holds them.

The homeowner who mounted a €40 doorbell camera thought they were buying package-theft deterrence. What they actually deployed was a networked, internet-reachable, always-on optical sensor at a fixed geographic point — and then left the admin password as admin. The fact that they only wanted it for porch pirates is irrelevant to the GRU. The device does what the device does, for whoever controls it.

The same logic applies far beyond wartime espionage:

  • Compromised home cameras have long been harvested for voyeurism and extortion, with feeds from bedrooms and living rooms aggregated and sold on forums.
  • Hacked cameras are recruited into botnets — Mirai, built substantially from cameras and DVRs with default credentials, knocked out large parts of the internet in 2016, and its descendants are still active.
  • Law enforcement in multiple countries has normalized warrantless or consent-based access to doorbell camera networks, turning private devices into an ad-hoc public surveillance grid with none of the oversight that would apply to government-owned cameras.

The Russian operation is simply the state-actor version of the same pattern, executed with more patience and better software.

Cheap hardware, expensive consequences

There’s an uncomfortable industrial-policy layer here too. Hikvision and Dahua devices are ubiquitous in Europe because they’re cheap, and they’re cheap partly because security engineering is where the corners get cut. Both companies have been sanctioned or restricted in the US and elsewhere over surveillance concerns — and yet their hardware remains the default choice for cost-conscious homeowners, small businesses, and even municipalities across the EU.

The result is a continent-wide install base of poorly secured, rarely updated, internet-facing cameras — a standing resource for anyone with a scanner and a password list. The Dutch advisory notes the attackers didn’t need zero-days. The front door was unlocked, at scale.

What you can actually do

If you own an IP camera or smart doorbell — any brand — the checklist is short and genuinely effective, because the attacks are this unsophisticated:

  1. Change the default password. This single step would have defeated most of this campaign. Use something unique and long.
  2. Update the firmware, and if the device no longer receives updates, replace it. An unpatchable camera is a liability, not a bargain.
  3. Take it off the open internet. Disable UPnP and port forwarding; if you need remote viewing, use the vendor’s authenticated relay or, better, put the camera behind a VPN. If you can reach your camera from anywhere by typing an IP address, so can everyone else.
  4. Think about sightlines. A camera that covers your porch is one thing. A camera that happens to cover a road, a rail line, or your neighbors is contributing to a picture you don’t control.
  5. Segment your network. Cameras belong on a guest or IoT VLAN, where a compromised device can’t pivot to your laptops and phones.

The bigger lesson

The Dutch services framed this as counter-espionage, and it is. But it’s also the answer to a question every smart-home skeptic gets asked: what’s the worst that could happen with a doorbell camera?

This. This is the worst — or at least the current worst. Millions of people bought a small convenience and collectively assembled a sensor network that a hostile intelligence service could requisition without asking. Nobody consented to that, nobody was told, and the only reason we know is that two spy agencies decided publication served their interests.

The cameras were never just yours. Act accordingly.