Ransomware Attack Left DC Police Surveillance Blind Shortly Before The Innauguration

from the feeling-safer-yet? dept

Once exclusively the domain of hospitals with comically-bad IT support, crippling ransomware attacks are increasingly beginning to impact essential infrastructure. Just ask the San Francisco MTA, whose systems were shut down entirely for a spell last fall after a hacker (with a long history of similar attacks) managed to infiltrate their network, forcing the MTA to dole out free rides until the threat was resolved. Or you could ask the St. Louis public library network, which saw 16 city branches crippled last month by a bitcoin-demanding intruder.

We've also seen a spike in ransomware attacks on our ever-expanding surveillance and security apparatus, DC Police acknowledging this week that 70% of the city's surveillance camera DVRs were infected with malware. The infection was so thorough, DC Police were forced to acknowledge that city police cameras were unable to record much of anything during a three day stretch last month:

"Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, according to the police and the city’s technology office. City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday.

Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized.

Right. An intruder managed to effectively blind law enforcement in the nation's capital for three straight days -- eight days before the inauguration of a new President, but hey -- no big deal. Fortunately the city was able to purge the malware and reboot the system without paying a ransom, though they still don't appear to have actually tracked down the intruder or his or her point of origin:

"Archana Vemulapalli, the city’s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site. An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks."

These intrusions are usually courtesy of an employee downloading something stupid, but the paper-mache grade security and default administrative credentials common on DVRs and other network-connected hardware also plays a starring role. The end result is an absolute laundry list of similar stories popping up all around the globe, from the Austrian hotel whose customers were locked inside their rooms thanks to a ransomware intruder, to the Texas police station that lost years of video evidence courtesy of poor security standards and a lack of redundancy.

And it's worth remembering that these are only the intrusions in which the intruder actually wants to make their presence known.

Overall, poorly secured internet-connected devices have not only contributed to a spike in ransomware attacks, but poorly-secured hardware is increasingly being infected and used as part of DDoS botnets, resulting in some of the largest and most devastating attacks we've seen to date. The IT security 2017 prediction du jour is a crippling attack that brings the internet to its knees sometime this year, with a loss of human life on some scale also seen as an inevitability. As several security analysts like Bruce Schneier have noted, our casual treatment of device security has created a security and privacy dumpster fire, and the spike in these DDoS and ransomware attacks is simply the check coming due.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cameras, cctv, dc, inauguration, malware, ransomware, surveillance, surveillance cameras


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Machin Shin (profile), 6 Feb 2017 @ 1:51pm

    Coming soon to a car near you.

    Please pay 1 Bitcoin to regain control of your car. Failure to comply will result in you being delivered to us where we will extract payment in other forms. If you attempt to contact the police your car will be involved in a very tragic crash.

    link to this | view in chronology ]

    • icon
      Roger Strong (profile), 6 Feb 2017 @ 2:15pm

      Re: Coming soon to a car near you.

      Google's self-driving cars heavily use cloud computing. The police will inevitably want access. To order cars to pull over or duck down side-streets when emergency vehicles approach. Or to order cars away from an emergency scene.

      Given the 360-degree camera coverage in each car, the police might command a few hundred of them to take part in an instant surveillance network to supplement police CCTVs. NOW imagine the D.C. police surveillance camera network being hit by ransomware...

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Feb 2017 @ 2:12pm

    This is why you DO NOT connect critical infrastructure to the Internet, but keep it on a private network. However I can see the authorities using this to justify imposing more draconian controls over the Internet, and the devices that can connect to it.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Feb 2017 @ 2:37pm

      Re:

      Won't stop a thing, just slow it down. Even if the critical infrastructure has a complete air gap these attacks will still happen. You still get employees compromising the network through the use of hacked USB devices or phones.

      link to this | view in chronology ]

  • identicon
    Daydream, 6 Feb 2017 @ 2:22pm

    I have a question:

    Why is it apparently so hard to track down and apprehend people using ransomware?

    I mean, if a ransomware program is intended to collect money, whether it be electronic transfer or bitcoin or whatever, surely the programs can be disassembled and the location the money's being sent to located?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Feb 2017 @ 2:52pm

      Re: I have a question:

      I can't speak to the difficulties of tracking down normal offshore bank account owners, but you might go do some research on bitcoin. If the people using the ransomware are demanding bitcoins, it could be quite the feat to track that down. And if you do manage to track them down, there's a good chance they live in a country that the US doesn't have any working extradition treaty with.

      link to this | view in chronology ]

      • icon
        Roger Strong (profile), 6 Feb 2017 @ 3:09pm

        Re: Re: I have a question:

        It's also increasingly likely that the demand for bitcoins you read isn't from whoever infected your computer.

        Apparently there's a way for hijacked PCs to be hijacked by OTHER hackers. A new ransom note gets substituted telling you send bitcoins to someone who has no idea what the decryption key is.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Feb 2017 @ 2:52pm

      Re: I have a question:

      > surely the programs can be disassembled
      Whoa, slow down there Giuliani.

      link to this | view in chronology ]

    • icon
      zboot (profile), 6 Feb 2017 @ 3:48pm

      Re: I have a question:

      >I mean, if a ransomware program is intended to collect money, whether it be electronic transfer or bitcoin or whatever, surely the programs can be disassembled and the location the money's being sent to located?

      Given that the code isn't transferring the money, how would disassembling it show you where money is being sent? I think you don't understand how electronic transfers or bitcoin works.

      link to this | view in chronology ]

      • identicon
        Daydream, 6 Feb 2017 @ 11:16pm

        Re: Re: I have a question:

        Honestly? No, I haven't got a clue. I have no idea if it's possible to track bitcoins or forge them or if it's possible to link an electronic address to a physical location or what.

        ...Oh, wait, onion routing and zombie computers would make the latter nigh-impossible...

        link to this | view in chronology ]

    • icon
      Machin Shin (profile), 6 Feb 2017 @ 7:11pm

      Re: I have a question:

      Bitcoin is hard to track even normally. To make things even more fun there are services on the darknet where you put coins in and they get mixed with everyone else's coins. Then when you pull coins out your new coins are nice and clean.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Feb 2017 @ 2:52pm

    Waitaminnit!!

    We're being told constantly that threats are too sure, too serious for proper review and due process. TLAs and LEOs and LemonPie-Os need this surveillance now, Now, NOW!

    But three days' loss of surveillance? "the safety of the public or protectees was never jeopardized."

    link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 6 Feb 2017 @ 2:57pm

      Re: Waitaminnit!!

      We should try a surveillance diet for a year or two and see just how a lack of that placebo affects things.

      link to this | view in chronology ]

      • icon
        That One Guy (profile), 6 Feb 2017 @ 4:17pm

        Re: Re: Waitaminnit!!

        I imagine the public would do just fine from a diet like that.

        The 'Collect it all, know it all' junkies on the other hand would probably go through some serious withdrawals inside of a week, and would only get more frantic as time passed. They need their fix dammit, turn those cameras back on!

        link to this | view in chronology ]

  • icon
    Atkray (profile), 6 Feb 2017 @ 3:08pm

    "Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized."

    I was under the impression that this system was there to protect the public. If having it down doesn't jeopardize the public, then let's save some cash and leave it off.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Feb 2017 @ 3:19pm

    shoulda used linux. jusk ask bill gates who prohibited windows in redmond.

    link to this | view in chronology ]

    • icon
      Roger Strong (profile), 6 Feb 2017 @ 3:37pm

      Re:

      The days when virus writers ignored Linux are long gone. There's ransomware affecting the OS directly. And of course ransomware affecting apps running on it, like the ransomware that hit over 10,000 MongoDB databases last month.

      jusk ask bill gates who prohibited windows in redmond.

      Riiiiiight.

      link to this | view in chronology ]

      • identicon
        Cowardly Lion, 7 Feb 2017 @ 1:19am

        Re: Re:

        Very true - also, devices that use embedded Linux, such as Synology and QNAP NAS's have been specifically targeted.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 7 Feb 2017 @ 7:10am

          Re: Re: Re:

          Except that there are 300+ linuxes out there, what makes task way more difficult. Just ask James clapper or Ed Snowden .

          link to this | view in chronology ]

  • icon
    Roger Strong (profile), 6 Feb 2017 @ 3:20pm

    ...from the Austrian hotel whose customers were locked inside their rooms thanks to a ransomware intruder

    Contrary to some reports, no-one was locked in their rooms. Nor were any doors remotely locked.

    What happened is that with the computer encrypted, they couldn't program keycards for new guests checking in. And even then, according to the hotel's managing director:

    ...even with hotels like Jaegerwirt that use electronic keycards, there are always failsafes so people can get in and out of rooms. “The police wouldn’t ever let [us] lock the rooms via computers,” he told The Verge.

    link to this | view in chronology ]

  • icon
    zboot (profile), 6 Feb 2017 @ 3:42pm

    Locked inside rooms?

    Hotel rooms can be locked/unlocked from the inside. You can't lock someone inside a hotel room any more than you can be locked inside your own house.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Feb 2017 @ 6:27am

      Re: Locked inside rooms?

      Hotel rooms can be locked/unlocked from the inside. You can't lock someone inside a hotel room any more than you can be locked inside your own house.

      By fire code you'd have to be able to open the door from inside the room (I hope a software flaw couldn't prevent that, and that inspectors are able to verify this). That's not the same as being able to lock/unlock the door. The door might remain locked such that you wouldn't be able to get back in once it closed, or it's entirely possible a software flaw could leave it in an always-unlocked state.

      And if you had a double-cylinder deadbolt you could be locked inside your house. It's probably not legal as a sole exit door but nobody's checking private residences.

      link to this | view in chronology ]

  • icon
    JustMe (profile), 7 Feb 2017 @ 4:04am

    The hotel story

    I read it when it came out and something isn't right about being locked 'inside' their rooms.

    The door locks aren't normally connected to the internal network. Instead, each door is preprogrammed to accept a valid keycode (which would use something similar to certificates in an idea world, but then you have the problems of revocation and non-repudiation because the device isn't networked).

    Additionally, since when would a certification agency or the local fire department allow a safety device like a door handle inside the room to 'fail locked' in any scenario (door locked, power outage, etc.)?

    link to this | view in chronology ]

  • identicon
    Tim, 7 Feb 2017 @ 8:37am

    San Francisco MTA?

    I grew up in the City. Municipal Transit in SF is called the "Muni" by people living there. I have never heard it called the Municipal Transit Authority.

    link to this | view in chronology ]

  • identicon
    michael, 7 Feb 2017 @ 12:15pm

    "closed" circuit

    > "the city paid no ransom and resolved the problem by taking the devices offline"

    Why would any of this be online to begin with?

    link to this | view in chronology ]

    • icon
      Roger Strong (profile), 8 Feb 2017 @ 11:07am

      Re: "closed" circuit

      Why would any of this be online to begin with?

      • Automatic software updates.
      • Remote troubleshooting by the vendor.
      • The ability to access live video or play back video from remote locations. Including from an accident scene by investigators, or from lawyers' offices and courts.
      • The ability to use existing internet infrastructure rather than having to build your own city-wide network.

      link to this | view in chronology ]

  • identicon
    alil, 11 Apr 2017 @ 5:04am

    [url="http://kishmishorganic.com/"]Organic skin care products[/url]
    [url="http://kishmishorganic.com/"]Natural skin care products[/url]
    [url="http://kishmishorganic.com/"]Herbal skin care products[/url]

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.