The future of cyber arrives, but old failures persist: Best infosec long reads 6/6/26

Happy Saturday to all!

Full access to Metacurity's curated infosec long reads is available to paid subscribers. Our goal is simple: make it financially viable to keep investing the time and expertise required to find, vet, and contextualize the most important security journalism each week. Free readers will still get highlights, but subscribers will get the complete, deeply curated set.

Please help support Metacurity in achieving our goal by upgrading your subscription to gain full access to this issue and all content published on Metacurity, including the archives.

6/6/2026: This week's long reads explore a world in which advantage increasingly belongs to those who can adapt fastest, whether in the race for technological leadership, the development of novel cryptographic techniques, or the creation of AI-powered malware that generates attacks on the fly. Yet the hacking of a hospital CCTV system in India serves as a reminder that even as cyber science advances, many organizations remain vulnerable to the same basic security failures that have plagued the internet for decades.

Cyber terror in labour room: Curtains left open, weak passwords, eight hackers, and viral clips

The Indian Express's Brendan Dabhi tells a chilling tale of how Indian police invoked cyberterrorism charges against eight men accused of hacking a maternity hospital’s CCTV system—left protected by a default password—and selling footage of women in labor and undergoing medical examinations through Telegram and YouTube networks, exposing broader security failures affecting tens of thousands of internet-connected cameras.

The hospital in question is housed in a four-storey commercial building. Couples sit in joined metal chairs in the waiting room, many with medical reports in their hands. A video playing on a screen shows “success stories” of couples leaving the hospital with new-born babies in their arms.

The hospital administrator recollected the shock of discovering the crime last year. “A patient had just gone into labour, and the staff was busy. In the middle of that, a reporter approached us and said footage of our hospital was being shown on the Internet. We were horrified… We didn’t know,” the administrator said.

“We immediately went to the police station. The Rajkot City police told us they were already aware and an FIR had been registered by the Cybercrime Branch in Ahmedabad City. We had no facts, other than knowing that CCTV footage from our labour room was being sold online,” he said.

But it wasn’t just one video, and not just one hospital. Investigators soon found that several clips from CCTV footage of women patients in the labour room were being sold on closed Telegram groups, with “trailer” clips advertised on YouTube for potential “buyers”. Prices ranged from Rs 800 to Rs 2,000, depending on the nature of the content.

Staff and patients at the hospital were questioned for days, and CCTV footage was scanned for clues. “The police were here for three-four days,” the hospital administrator said. “They interviewed staff, took our electronic gadgets and spoke to patients… We cooperated, we even went to Ahmedabad a couple of times as part of the investigation. Eventually, they concluded that the CCTV system had been hacked from outside the hospital.”

On February 18, 2025, the Ahmedabad City Cybercrime Branch found videos on three YouTube channels. They wrote to Google seeking details of the operators of the channels, and following a prompt response from Google, identified people based in Maharashtra and Uttar Pradesh.

Teams were sent to both states, and three accused were apprehended. At a press conference on February 19, 2025, Ahmedabad City Police Joint Commissioner (JCP) Sharad Singhal, DCP (Cybercrime) Lavina Sinha, and DCP (Crime) Ajit Rajian announced that Prajwal Ashok Teli (23) had been arrested in Latur, Maharashtra, Praj Rajendra Patil (19) in Sangli, Maharashtra, and Chandraprakash Phoolchand (33) in Prayagraj, Uttar Pradesh.

Singhal said the men used virtual numbers to communicate with hackers in Romania and Atlanta in the US. The police alleged that CCTV feeds of several hospitals, malls, and commercial buildings had been hacked. The accused allegedly clipped videos of women patients while they were being examined, uploaded snippet-like teasers on YouTube, and offered them for sale. Singhal stressed that prima facie, no hospital staff appeared to be involved.

“The phones of the arrested accused revealed contacts of the other accused persons. We also found videos, groups, and financial transactions on their electronic devices,” an investigator said.

The police unearthed 22 channels that were being run under a Telegram group, ‘Megha Demos’, where videos were categorised by “kinks” such as voyeurism and exhibitionism. Police also found several other Telegram groups — ‘Demo CCTV’, ‘CCTV Injection Group’, ‘CCTV Demo Premium’, and ‘CCTV Group’. While previews were shared on the ‘Demo Group’, videos were sold on the ‘Premium Group’, police officers said. They estimated that the accused may have earned more than Rs 8 lakh from the sale of these videos before the racket was busted.