Ransomware Attack Left DC Police Surveillance Blind Shortly Before The Innauguration
from the feeling-safer-yet? dept
Once exclusively the domain of hospitals with comically-bad IT support, crippling ransomware attacks are increasingly beginning to impact essential infrastructure. Just ask the San Francisco MTA, whose systems were shut down entirely for a spell last fall after a hacker (with a long history of similar attacks) managed to infiltrate their network, forcing the MTA to dole out free rides until the threat was resolved. Or you could ask the St. Louis public library network, which saw 16 city branches crippled last month by a bitcoin-demanding intruder.
We've also seen a spike in ransomware attacks on our ever-expanding surveillance and security apparatus, DC Police acknowledging this week that 70% of the city's surveillance camera DVRs were infected with malware. The infection was so thorough, DC Police were forced to acknowledge that city police cameras were unable to record much of anything during a three day stretch last month:
"Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, according to the police and the city’s technology office. City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday.
Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized.
Right. An intruder managed to effectively blind law enforcement in the nation's capital for three straight days -- eight days before the inauguration of a new President, but hey -- no big deal. Fortunately the city was able to purge the malware and reboot the system without paying a ransom, though they still don't appear to have actually tracked down the intruder or his or her point of origin:
"Archana Vemulapalli, the city’s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site. An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks."
These intrusions are usually courtesy of an employee downloading something stupid, but the paper-mache grade security and default administrative credentials common on DVRs and other network-connected hardware also plays a starring role. The end result is an absolute laundry list of similar stories popping up all around the globe, from the Austrian hotel whose customers were locked inside their rooms thanks to a ransomware intruder, to the Texas police station that lost years of video evidence courtesy of poor security standards and a lack of redundancy.
And it's worth remembering that these are only the intrusions in which the intruder actually wants to make their presence known.
Overall, poorly secured internet-connected devices have not only contributed to a spike in ransomware attacks, but poorly-secured hardware is increasingly being infected and used as part of DDoS botnets, resulting in some of the largest and most devastating attacks we've seen to date. The IT security 2017 prediction du jour is a crippling attack that brings the internet to its knees sometime this year, with a loss of human life on some scale also seen as an inevitability. As several security analysts like Bruce Schneier have noted, our casual treatment of device security has created a security and privacy dumpster fire, and the spike in these DDoS and ransomware attacks is simply the check coming due.