NVR4108-4KS Recordings Paused by Thieves

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I can tell you with 100 percent certainty that the thieves did not disable the NVR. Likely a reboot or other system error. This is why you should have SD cards in your cams. This is not Oceans 11.
 

civic17

Getting the hang of it
Joined
Dec 7, 2018
Messages
175
Reaction score
60
Location
Canada
Any chance they went into your home and unplugged/replugged? If you unplug power to the NVR wait a few minutes, then plug it back what does it show in the event logs?
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Any chance they went into your home and unplugged/replugged? If you unplug power to the NVR wait a few minutes, then plug it back what does it show in the event logs?
Zero chance. This is the real world. Not TV.
Lets think this through, this high tech special ops team determines that all neighbors with cams are away, goes to each neighbors house with cams, disables the alarm if equipped, finds the NVR, unplugs it, deletes the video of their entry into those homes, confirms the cameras dont have sd cards, confirms there is no cloud recording, confirms there is no secondary recording device. They commit the theft and as a courtesy, because they are gentlemen, go back and plug the NVR back in but make their getaway before the NVR can boot and record them leaving?
None of this is real, there was no tampering with the NVR, the NVR was simply malfunctioning.
 
Last edited:

aabs

Getting the hang of it
Joined
Mar 19, 2017
Messages
101
Reaction score
32
Location
UK
Could be a remote coincidence but very remote as I have never lost a recording in the past.
Extremely wierd that this malfunction took place at the exact time scale the theft. I guess time will tell......
 

redfive

Pulling my weight
Joined
Apr 13, 2016
Messages
509
Reaction score
205
Yes, more or less, as the same chances as win the lottery (even if, actually, someone should win :)).
Is possible to see some kind of log on the cameras ?
Cheers,
 

aabs

Getting the hang of it
Joined
Mar 19, 2017
Messages
101
Reaction score
32
Location
UK
No logs I could find.
SOCO have taken the NVR now along with my neighbours as he cannot log into his as the password is saying invalid, so we will see what they can can find.
 

redfive

Pulling my weight
Joined
Apr 13, 2016
Messages
509
Reaction score
205
Your neighbors do have the video surveillance system as well, and their seems hacked ?
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
SOCO have taken the NVR now along with my neighbours as he cannot log into his as the password is saying invalid
Maybe we'll see them on here if they need a hand with that ...
It will be interesting to hear how they get on.

How are your cameras hooked up to the LAN?
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Could be a remote coincidence but very remote as I have never lost a recording in the past.
Extremely wierd that this malfunction took place at the exact time scale the theft. I guess time will tell......
Yes, more or less, as the same chances as win the lottery (even if, actually, someone should win :)).
Is possible to see some kind of log on the cameras ?
Cheers,
Its likely that the NVR was malfunctioning before the incident. You only noticed it because you looked for a specific event. There is absolute zero chance, that the NVR was tampered with by the same folks who took the car.
 

MakeItRain

Pulling my weight
Joined
Aug 7, 2017
Messages
401
Reaction score
218
What if the robbery was just a CIA front? The CIA was able to hack into his NVR and briefly disable the camera for the amount of the time necessary for the operation to continue. Once the operatives completed their mission, an analyst remotely accessed the OP's NVR and re-enabled access.

:)
 

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
15,521
Reaction score
22,657
Location
Evansville, In. USA
What if the robbery was just a CIA front? The CIA was able to hack into his NVR and briefly disable the camera for the amount of the time necessary for the operation to continue. Once the operatives completed their mission, an analyst remotely accessed the OP's NVR and re-enabled access.

:)
They do this on The Black List every episode. ;)
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
13,670
Reaction score
22,777
Hi @aabs

Wow, what a puzzle.

Quick feed back on items:
1) Your cameras watching your cars appears to be mounted too high to get a good ID image.
2) UPS - get a UPS to backup the power of your cameras


I have seen a lot of thieves in the UK using relay attacks to get into cars and drive off with them.

Is it possible?: That they are now also using a tool kit in their laptops to disrupt security alarm and camera systems via WiFi?

The way to counter this would be to isolate your systems from the WiFi, or find ways to harden your WiFi and further isolate your security systems.

This way, whichever tools and methods they are using you've reduced the chances for them to get in.
 

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,342
Reaction score
3,524
Went into the events log and saw that my system had been logged into at that time but HOW ?
I have a guest wifi which has no access to LAN and password protected.
I have my wifi which does have access to LAN and is also password protected.
Reason for guest wifi is for visitors so I don't give access to my LAN.
I'm a dam more careful than most !!
I suspect if you reboot the nvr with all the devices present that were in your house last night and checked the logs you'd see a similar "user logged in" messages. Likely one of your phones, tablets, or computers is running an app that connects to the nvr.

I'm skeptical someone maliciously managed to knock your cameras offline, but here are some things you should do:
1. Install micro sd cards in your cameras and set them up to record to the sd cards. In the event the NVR is offline for some reason and PoE power is unaffected, when it comes back it will automatically download missing footage from the cameras.
2. Disable UPnP on your router and delete any forwarding rules.
3. Disable WPS on your rotter (if you can't disable it, set it to push button instead of pin)
4. Change your WPA2 network key and use something long and truly random. You could set up a RADIUS server using certificates if you're really paranoid.
5. Put the NVR on an uninterruptible power supply.

If the thieves were actually skilled enough to actually knock people's cameras offline, I'd expect them to only go after very high end targets or have jobs that pay well enough that they wouldn't resort to criminal activity.

In the log the reboot flag is actually the more interesting than the login which might even just be the NVR connecting to the cameras. I don't know what 0x11 is supposed to mean, but you could attempt some experiments to see what 'reboot flags' are generated
 
Last edited:

nbstl68

Getting comfortable
Joined
Dec 15, 2015
Messages
1,399
Reaction score
321
So his 1st screen shot shows user log-in...Does that occur automatically when rebooted or only through a manual log in by someone? If rebooted, wouldn't the log also indicate that just prior to the log in event?
 

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,342
Reaction score
3,524
If someone can get on your LAN, there is a real possibility of knocking a camera or NVR offline.
I accidentally knocked a Dahau camera offline last year. However, I still think it's very unlikely that thieves disabled your nvr.
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
13,670
Reaction score
22,777
So his 1st screen shot shows user log-in...Does that occur automatically when rebooted or only through a manual log in by someone? If rebooted, wouldn't the log also indicate that just prior to the log in event?
Hi @nbstl68

We would need more info, ideally on most unix / linux systems there are a number of log files that can be used to determine login attempts as well as other files which we can inspect for intrusions. ( this also applies to MS Windows systems )
 
Top