Getty Images / Aurich Lawson
A home security technician has admitted that he has repeatedly broken into cameras he has installed and seen customers engaging in sex and other intimate acts.
Telesforo Aviles, a 35-year-old former employee of the home and small office security company ADT, said he had accessed the cameras on around 200 customer accounts more than 9,600 times over a five-year period – all without customer permission or knowledge. He said he took note of homes with women he found attractive and then looked at their cameras for sexual gratification. He said he has seen naked women and couples having sex.
Aviles was filmed Thursday in the US District Court for the North Texas District, where he was guilty of a number of computer fraud and a number of invasive visual recordings. He must expect a maximum of five years in prison.
Aviles told prosecutors that he routinely added his email address to the list of users authorized to access customers' ADT Pulse accounts. This allows customers to remotely connect to the ADT home security system to turn lights on or off, activate or deactivate alarms. and view feeds from security cameras. In some cases, he told customers that he would need to add himself temporarily to test the system. Another time he added himself without her knowledge.
More legal implications
An ADT spokesman said the company made prosecutors aware of the illegal behavior last April after learning that Aviles gained unauthorized access to the accounts of 220 customers in the Dallas area. The security company then contacted each customer "to correct this". The company has already settled disputes with some customers. ADT published and updated this statement last April.
"We are grateful to the Dallas FBI and the US Attorney's Office for holding Telesforo Aviles responsible for a federal crime," the company wrote in an update released on Friday.
After the breach was discovered, ADT was involved in at least two proposed class action lawsuits, one on behalf of ADT customers and one on behalf of minors and others in the home. A plaintiff in one of the lawsuits allegedly was a teenager at the time of the violation. ADT told her family that the technician spied on their home nearly 100 times according to legal proceedings.
In the suits, it was alleged that ADT was marketing its camera systems so parents could use smartphones to check in children and pets. ADT, according to plaintiffs, did not implement any security measures – including two-factor authentication or text warnings when new parties access the accounts – that could have alerted customers to the invasion. The breach was discovered when a customer noticed an unauthorized email sent to addresses that were authorized to access the security system.
The unveiling of an electronic peeping tom is a good reminder of the risks of installing network-connected cameras around the house or in any other location where there is a reasonable need for privacy. Individuals who accept these risks should take the time to study the use, configuration, and maintenance of the equipment. One of the first things to check is the list of users who have been granted access and who have actually logged into the system.