The cameras watching Europe’s roads have been watching for someone else. The Netherlands’ two intelligence services — the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) — disclosed this week that at least one Russian intelligence service has been systematically compromising internet-connected cameras in the Netherlands, other NATO and EU member states, and Ukraine, turning ordinary civilian security infrastructure into a distributed espionage network.
The goal, according to the joint advisory, is intelligence of direct military value: activity on military transport routes, and the movement of weapons shipments destined for Ukraine.
Cameras as a Kill Chain
The most alarming element of the disclosure is not the surveillance of Dutch highways — it is what the same technique has enabled inside Ukraine. According to the Dutch agencies, hacked cameras there have in some cases been used to locate Ukrainian military personnel, with the resulting intelligence subsequently supporting attempts to kill soldiers and destroy equipment.
That transforms a compromised €80 IP camera from a privacy problem into a component of a targeting cycle. A camera positioned near a rail junction, a border crossing, or a staging area produces exactly the kind of persistent, timestamped visual intelligence that satellite passes and human sources struggle to deliver continuously.
How the Operation Works
The tradecraft described in the advisory is not exotic — and that is precisely the point. The attackers:
- Scan the internet for exposed devices, identifying IP cameras by manufacturer fingerprints
- Exploit weak security: default passwords, outdated firmware, and out-of-the-box configurations that were never hardened
- Automate the analysis: video feeds are processed with image-recognition software to identify military vehicles and classify their cargo
No zero-days are required when hundreds of thousands of cameras across Europe sit on the public internet with factory credentials. The Russian service simply industrialized what hobbyist tools like Shodan have demonstrated for over a decade.
The Netherlands as a Transit Target
The Dutch agencies confirmed that a small number of cameras located directly on military logistics routes in the Netherlands were compromised. The owners of those devices have been notified and are taking security measures.
The Netherlands is a natural priority target. As a key transit country — home to the port of Rotterdam and major road and rail corridors feeding Germany and points east — it sits on the physical path that Western military aid travels before reaching Ukraine. Its intelligence services have also been among the most publicly aggressive in Europe at exposing Russian operations, from the 2018 disruption of a GRU close-access operation against the OPCW in The Hague to repeated attributions of Sandworm and APT28 activity.
A Pattern, Not an Incident
This campaign fits a well-documented Russian playbook. Ukrainian authorities have repeatedly warned since 2022 that Russian forces hijack residential webcams and traffic cameras to observe air-defense operations and calibrate missile strikes — Kyiv at one point ordered thousands of publicly accessible cameras taken offline for exactly this reason. What the Dutch advisory confirms is that the same technique has been running quietly inside NATO territory, aimed at the alliance’s logistics rather than its front lines.
It also lands amid a broader European reckoning with Russian hybrid operations — sabotage of rail infrastructure in Poland and the Baltics, GPS jamming over the Baltic Sea, and reconnaissance drones over military sites in Germany. Camera compromise is the cheapest layer of that stack: deniable, scalable, and powered entirely by the target’s own neglected devices.
What Camera Owners Should Do
The advisory’s implicit message is aimed at every organization operating internet-facing cameras near anything of strategic value — ports, rail corridors, airports, defense contractors, or government facilities:
- Get cameras off the public internet. If remote viewing is required, put it behind a VPN or zero-trust gateway.
- Change default credentials and enforce unique passwords per device.
- Patch firmware — many exploited devices run software years out of date, often from vendors that no longer ship updates.
- Segment camera networks from corporate IT; a camera should never be a pivot point.
- Audit placement: know which of your devices can see roads, rails, or facilities an adversary would care about.
The uncomfortable truth in the Dutch disclosure is that this espionage network cost Russia almost nothing to build. Europe installed the sensors, connected them to the internet, and left the passwords on default. Moscow just logged in.
Sources
- NL Times — Dutch spy agencies: Russia hacked cameras to spy on military routes
- The Record — NATO logistics, Ukrainian troops are top subjects of Russian camera hacks
- DutchNews.nl — Russia hacked Dutch cameras to spy on Ukraine arms routes
- The Defense Post — Russia Uses Hacked Dutch Security Cameras to Monitor Military Aid for Ukraine



