Find the thief - Hikvision log attached

[kashutos]

We have recently installed hikvision cameras in our house. We noticed that sometimes device was getting shutdown automatically , then we approached hikvision team to fix it. They fixed camera on 6th July and it worked fine for one week. Then suddenly it got turned off on 12th July at 4:40 PM around and same night theft happened in the house . Unfortunately no one was in home at that time. I saw the log of device and cant find any useful information and seems like there was a automatic device failure on a bad day. I verified all the footage of recording and seems no one entered on house on 12th July before 4:40 PM. Camera dvr wifi setup everything is inside the house. I am attaching entire log after the cameras were installed. Any insight from log from anyone would be appreciated.

Thank you
Ashutosh

 

[fullboogie]

There's a series of illegal login attempts towards the end of the log. Strange there's no associated IP address with those attempts - they certainly show up in my logs. No idea if these attempts mean anything.

 

[Securame]

There's a series of illegal login attempts towards the end of the log. Strange there's no associated IP address with those attempts - they certainly show up in my logs. No idea if these attempts mean anything.

No associated IP means it was done locally, with monitor and mouse. Shortly after the failed login attempts there was a login done right, so it was just a failed password by the local user.

 

[fullboogie]

He said nobody was home at the time. Then we have multiple failed logins right there at the home. Then a theft. Hmmm.....

 

[Securame]

The illegal logins are from 18/Jul/21, a few days later.

On 12/Jul/21 the device seems to be working fine until 16:41. After that, it comes back to life on 13/Jul/21 11:26 with an "Abnormal Shutdown" message, so basically the DVR was out of power for about 19 hours.

 

[SpacemanSpiff]

If others can access the NVR from the Internet, you should give serious consideration to making it less vulnerable.

How are you accessing the NVR from outside of your home network?

Great WIKI available... How to Secure Your Network (Don't Get Hacked!)

 

[looney2ns]

It could very well that it is because of it being WIfi, wifi was not designed for for high load through put such as a camera.
You should avoid Wifi at all cost's for any security cam. Use Ethernet cable.

 

[kashutos]

@Securame
you are absolutely right. On the 13th device was power-on by the operator after we found theft has happened(around morning 11:30 AM) . Log says abnormal shutdown. I am the only root user for remote access, though I can expect there is a root user password breach that happened through a family member to the cam operator.

@
looney2ns

I am suspecting that someone might have logged into wifi. Wi-fi was enabled with normal device admin and password(default password comes with the device). Wifi password was written in back of the device and it was never changed and only operator knew password. Since I am not in home so I wasn't able to configure it by myself.

Now the question is, is it possible to shutdown the device abnormally from outside the home if someone does illegal access to the wifi network? Or again it is a link/network/hardware failure on that day particularly.

Thanks a lot guys, your input really helps.

 

[Securame]

@Securame
you are absolutely right. On the 13th device was power-on by the operator after we found theft has happened(around morning 11:30 AM) . Log says abnormal shutdown. I am the only root user for remote access, though I can expect there is a root user password breach that happened through a family member to the cam operator.

The "Abnormal shutdown" is given when the device powers comes back. The unit says "Hey, I just turned on, but I see I did not power down normally last time, so somehow I was shutdown abnormally."

Noone shut down the device over network. Noone accessed the device. Power was down, so the unit was turned off.

 

[CCTVCam]

Spaceman has a good point. How are you accessing your cameras - VPN tunnel (not VPN service) or Port Forwarding? If the latter than intrusion becomes a very real possibility.