Ransomware Attack Left DC Police Surveillance Blind Shortly Before The Innauguration

from the feeling-safer-yet? dept

Once exclusively the domain of hospitals with comically-bad IT support, crippling ransomware attacks are increasingly beginning to impact essential infrastructure. Just ask the San Francisco MTA, whose systems were shut down entirely for a spell last fall after a hacker (with a long history of similar attacks) managed to infiltrate their network, forcing the MTA to dole out free rides until the threat was resolved. Or you could ask the St. Louis public library network, which saw 16 city branches crippled last month by a bitcoin-demanding intruder.

We’ve also seen a spike in ransomware attacks on our ever-expanding surveillance and security apparatus, DC Police acknowledging this week that 70% of the city’s surveillance camera DVRs were infected with malware. The infection was so thorough, DC Police were forced to acknowledge that city police cameras were unable to record much of anything during a three day stretch last month:

“Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump?s inauguration, forcing major citywide reinstallation efforts, according to the police and the city?s technology office. City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday.

Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized.

Right. An intruder managed to effectively blind law enforcement in the nation’s capital for three straight days — eight days before the inauguration of a new President, but hey — no big deal. Fortunately the city was able to purge the malware and reboot the system without paying a ransom, though they still don’t appear to have actually tracked down the intruder or his or her point of origin:

“Archana Vemulapalli, the city?s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site. An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks.”

These intrusions are usually courtesy of an employee downloading something stupid, but the paper-mache grade security and default administrative credentials common on DVRs and other network-connected hardware also plays a starring role. The end result is an absolute laundry list of similar stories popping up all around the globe, from the Austrian hotel whose customers were locked inside their rooms thanks to a ransomware intruder, to the Texas police station that lost years of video evidence courtesy of poor security standards and a lack of redundancy.

And it’s worth remembering that these are only the intrusions in which the intruder actually wants to make their presence known.

Overall, poorly secured internet-connected devices have not only contributed to a spike in ransomware attacks, but poorly-secured hardware is increasingly being infected and used as part of DDoS botnets, resulting in some of the largest and most devastating attacks we’ve seen to date. The IT security 2017 prediction du jour is a crippling attack that brings the internet to its knees sometime this year, with a loss of human life on some scale also seen as an inevitability. As several security analysts like Bruce Schneier have noted, our casual treatment of device security has created a security and privacy dumpster fire, and the spike in these DDoS and ransomware attacks is simply the check coming due.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Ransomware Attack Left DC Police Surveillance Blind Shortly Before The Innauguration”

Subscribe: RSS Leave a comment
27 Comments
Roger Strong (profile) says:

Re: Coming soon to a car near you.

Google’s self-driving cars heavily use cloud computing. The police will inevitably want access. To order cars to pull over or duck down side-streets when emergency vehicles approach. Or to order cars away from an emergency scene.

Given the 360-degree camera coverage in each car, the police might command a few hundred of them to take part in an instant surveillance network to supplement police CCTVs. NOW imagine the D.C. police surveillance camera network being hit by ransomware…

Anonymous Coward says:

Re: I have a question:

I can’t speak to the difficulties of tracking down normal offshore bank account owners, but you might go do some research on bitcoin. If the people using the ransomware are demanding bitcoins, it could be quite the feat to track that down. And if you do manage to track them down, there’s a good chance they live in a country that the US doesn’t have any working extradition treaty with.

zboot (profile) says:

Re: I have a question:

I mean, if a ransomware program is intended to collect money, whether it be electronic transfer or bitcoin or whatever, surely the programs can be disassembled and the location the money’s being sent to located?

Given that the code isn’t transferring the money, how would disassembling it show you where money is being sent? I think you don’t understand how electronic transfers or bitcoin works.

Roger Strong (profile) says:

…from the Austrian hotel whose customers were locked inside their rooms thanks to a ransomware intruder

Contrary to some reports, no-one was locked in their rooms. Nor were any doors remotely locked.

What happened is that with the computer encrypted, they couldn’t program keycards for new guests checking in. And even then, according to the hotel’s managing director:

…even with hotels like Jaegerwirt that use electronic keycards, there are always failsafes so people can get in and out of rooms. “The police wouldn’t ever let [us] lock the rooms via computers,” he told The Verge.

Anonymous Coward says:

Re: Locked inside rooms?

Hotel rooms can be locked/unlocked from the inside. You can’t lock someone inside a hotel room any more than you can be locked inside your own house.

By fire code you’d have to be able to open the door from inside the room (I hope a software flaw couldn’t prevent that, and that inspectors are able to verify this). That’s not the same as being able to lock/unlock the door. The door might remain locked such that you wouldn’t be able to get back in once it closed, or it’s entirely possible a software flaw could leave it in an always-unlocked state.

And if you had a double-cylinder deadbolt you could be locked inside your house. It’s probably not legal as a sole exit door but nobody’s checking private residences.

JustMe (profile) says:

The hotel story

I read it when it came out and something isn’t right about being locked ‘inside’ their rooms.

The door locks aren’t normally connected to the internal network. Instead, each door is preprogrammed to accept a valid keycode (which would use something similar to certificates in an idea world, but then you have the problems of revocation and non-repudiation because the device isn’t networked).

Additionally, since when would a certification agency or the local fire department allow a safety device like a door handle inside the room to ‘fail locked’ in any scenario (door locked, power outage, etc.)?

Roger Strong (profile) says:

Re: "closed" circuit

Why would any of this be online to begin with?

  • Automatic software updates.
  • Remote troubleshooting by the vendor.
  • The ability to access live video or play back video from remote locations. Including from an accident scene by investigators, or from lawyers’ offices and courts.
  • The ability to use existing internet infrastructure rather than having to build your own city-wide network.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...