Ransomware Attack Left DC Police Surveillance Blind Shortly Before The Innauguration
from the feeling-safer-yet? dept
Once exclusively the domain of hospitals with comically-bad IT support, crippling ransomware attacks are increasingly beginning to impact essential infrastructure. Just ask the San Francisco MTA, whose systems were shut down entirely for a spell last fall after a hacker (with a long history of similar attacks) managed to infiltrate their network, forcing the MTA to dole out free rides until the threat was resolved. Or you could ask the St. Louis public library network, which saw 16 city branches crippled last month by a bitcoin-demanding intruder.
We’ve also seen a spike in ransomware attacks on our ever-expanding surveillance and security apparatus, DC Police acknowledging this week that 70% of the city’s surveillance camera DVRs were infected with malware. The infection was so thorough, DC Police were forced to acknowledge that city police cameras were unable to record much of anything during a three day stretch last month:
“Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump?s inauguration, forcing major citywide reinstallation efforts, according to the police and the city?s technology office. City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday.
Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized.
Right. An intruder managed to effectively blind law enforcement in the nation’s capital for three straight days — eight days before the inauguration of a new President, but hey — no big deal. Fortunately the city was able to purge the malware and reboot the system without paying a ransom, though they still don’t appear to have actually tracked down the intruder or his or her point of origin:
“Archana Vemulapalli, the city?s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site. An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks.”
These intrusions are usually courtesy of an employee downloading something stupid, but the paper-mache grade security and default administrative credentials common on DVRs and other network-connected hardware also plays a starring role. The end result is an absolute laundry list of similar stories popping up all around the globe, from the Austrian hotel whose customers were locked inside their rooms thanks to a ransomware intruder, to the Texas police station that lost years of video evidence courtesy of poor security standards and a lack of redundancy.
And it’s worth remembering that these are only the intrusions in which the intruder actually wants to make their presence known.
Overall, poorly secured internet-connected devices have not only contributed to a spike in ransomware attacks, but poorly-secured hardware is increasingly being infected and used as part of DDoS botnets, resulting in some of the largest and most devastating attacks we’ve seen to date. The IT security 2017 prediction du jour is a crippling attack that brings the internet to its knees sometime this year, with a loss of human life on some scale also seen as an inevitability. As several security analysts like Bruce Schneier have noted, our casual treatment of device security has created a security and privacy dumpster fire, and the spike in these DDoS and ransomware attacks is simply the check coming due.
Filed Under: cameras, cctv, dc, inauguration, malware, ransomware, surveillance, surveillance cameras
Comments on “Ransomware Attack Left DC Police Surveillance Blind Shortly Before The Innauguration”
Coming soon to a car near you.
Please pay 1 Bitcoin to regain control of your car. Failure to comply will result in you being delivered to us where we will extract payment in other forms. If you attempt to contact the police your car will be involved in a very tragic crash.
Re: Coming soon to a car near you.
Google’s self-driving cars heavily use cloud computing. The police will inevitably want access. To order cars to pull over or duck down side-streets when emergency vehicles approach. Or to order cars away from an emergency scene.
Given the 360-degree camera coverage in each car, the police might command a few hundred of them to take part in an instant surveillance network to supplement police CCTVs. NOW imagine the D.C. police surveillance camera network being hit by ransomware…
This is why you DO NOT connect critical infrastructure to the Internet, but keep it on a private network. However I can see the authorities using this to justify imposing more draconian controls over the Internet, and the devices that can connect to it.
Re: Re:
Won’t stop a thing, just slow it down. Even if the critical infrastructure has a complete air gap these attacks will still happen. You still get employees compromising the network through the use of hacked USB devices or phones.
I have a question:
Why is it apparently so hard to track down and apprehend people using ransomware?
I mean, if a ransomware program is intended to collect money, whether it be electronic transfer or bitcoin or whatever, surely the programs can be disassembled and the location the money’s being sent to located?
Re: I have a question:
I can’t speak to the difficulties of tracking down normal offshore bank account owners, but you might go do some research on bitcoin. If the people using the ransomware are demanding bitcoins, it could be quite the feat to track that down. And if you do manage to track them down, there’s a good chance they live in a country that the US doesn’t have any working extradition treaty with.
Re: Re: I have a question:
It’s also increasingly likely that the demand for bitcoins you read isn’t from whoever infected your computer.
Apparently there’s a way for hijacked PCs to be hijacked by OTHER hackers. A new ransom note gets substituted telling you send bitcoins to someone who has no idea what the decryption key is.
Re: I have a question:
Re: I have a question:
Re: Re: I have a question:
Honestly? No, I haven’t got a clue. I have no idea if it’s possible to track bitcoins or forge them or if it’s possible to link an electronic address to a physical location or what.
…Oh, wait, onion routing and zombie computers would make the latter nigh-impossible…
Re: I have a question:
Bitcoin is hard to track even normally. To make things even more fun there are services on the darknet where you put coins in and they get mixed with everyone else’s coins. Then when you pull coins out your new coins are nice and clean.
Waitaminnit!!
We’re being told constantly that threats are too sure, too serious for proper review and due process. TLAs and LEOs and LemonPie-Os need this surveillance now, Now, NOW!
But three days’ loss of surveillance? “the safety of the public or protectees was never jeopardized.”
Re: Waitaminnit!!
We should try a surveillance diet for a year or two and see just how a lack of that placebo affects things.
Re: Re: Waitaminnit!!
I imagine the public would do just fine from a diet like that.
The ‘Collect it all, know it all’ junkies on the other hand would probably go through some serious withdrawals inside of a week, and would only get more frantic as time passed. They need their fix dammit, turn those cameras back on!
“Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized.”
I was under the impression that this system was there to protect the public. If having it down doesn’t jeopardize the public, then let’s save some cash and leave it off.
shoulda used linux. jusk ask bill gates who prohibited windows in redmond.
Re: Re:
The days when virus writers ignored Linux are long gone. There’s ransomware affecting the OS directly. And of course ransomware affecting apps running on it, like the ransomware that hit over 10,000 MongoDB databases last month.
Riiiiiight.
Re: Re: Re:
Very true – also, devices that use embedded Linux, such as Synology and QNAP NAS’s have been specifically targeted.
Re: Re: Re: Re:
Except that there are 300+ linuxes out there, what makes task way more difficult. Just ask James clapper or Ed Snowden .
Contrary to some reports, no-one was locked in their rooms. Nor were any doors remotely locked.
What happened is that with the computer encrypted, they couldn’t program keycards for new guests checking in. And even then, according to the hotel’s managing director:
Locked inside rooms?
Hotel rooms can be locked/unlocked from the inside. You can’t lock someone inside a hotel room any more than you can be locked inside your own house.
Re: Locked inside rooms?
By fire code you’d have to be able to open the door from inside the room (I hope a software flaw couldn’t prevent that, and that inspectors are able to verify this). That’s not the same as being able to lock/unlock the door. The door might remain locked such that you wouldn’t be able to get back in once it closed, or it’s entirely possible a software flaw could leave it in an always-unlocked state.
And if you had a double-cylinder deadbolt you could be locked inside your house. It’s probably not legal as a sole exit door but nobody’s checking private residences.
The hotel story
I read it when it came out and something isn’t right about being locked ‘inside’ their rooms.
The door locks aren’t normally connected to the internal network. Instead, each door is preprogrammed to accept a valid keycode (which would use something similar to certificates in an idea world, but then you have the problems of revocation and non-repudiation because the device isn’t networked).
Additionally, since when would a certification agency or the local fire department allow a safety device like a door handle inside the room to ‘fail locked’ in any scenario (door locked, power outage, etc.)?
San Francisco MTA?
I grew up in the City. Municipal Transit in SF is called the “Muni” by people living there. I have never heard it called the Municipal Transit Authority.
"closed" circuit
> “the city paid no ransom and resolved the problem by taking the devices offline”
Why would any of this be online to begin with?
Re: "closed" circuit
[url=”http://kishmishorganic.com/”]Organic skin care products[/url]
[url=”http://kishmishorganic.com/”]Natural skin care products[/url]
[url=”http://kishmishorganic.com/”]Herbal skin care products[/url]