Ransomware Attack Left DC Police Surveillance Blind Shortly Before The Innauguration
from the feeling-safer-yet? dept
Once exclusively the domain of hospitals with comically-bad IT support, crippling ransomware attacks are increasingly beginning to impact essential infrastructure. Just ask the San Francisco MTA, whose systems were shut down entirely for a spell last fall after a hacker (with a long history of similar attacks) managed to infiltrate their network, forcing the MTA to dole out free rides until the threat was resolved. Or you could ask the St. Louis public library network, which saw 16 city branches crippled last month by a bitcoin-demanding intruder.
We've also seen a spike in ransomware attacks on our ever-expanding surveillance and security apparatus, DC Police acknowledging this week that 70% of the city's surveillance camera DVRs were infected with malware. The infection was so thorough, DC Police were forced to acknowledge that city police cameras were unable to record much of anything during a three day stretch last month:
"Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, according to the police and the city’s technology office. City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday.
Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized.
Right. An intruder managed to effectively blind law enforcement in the nation's capital for three straight days -- eight days before the inauguration of a new President, but hey -- no big deal. Fortunately the city was able to purge the malware and reboot the system without paying a ransom, though they still don't appear to have actually tracked down the intruder or his or her point of origin:
"Archana Vemulapalli, the city’s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site. An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks."
These intrusions are usually courtesy of an employee downloading something stupid, but the paper-mache grade security and default administrative credentials common on DVRs and other network-connected hardware also plays a starring role. The end result is an absolute laundry list of similar stories popping up all around the globe, from the Austrian hotel whose customers were locked inside their rooms thanks to a ransomware intruder, to the Texas police station that lost years of video evidence courtesy of poor security standards and a lack of redundancy.
And it's worth remembering that these are only the intrusions in which the intruder actually wants to make their presence known.
Overall, poorly secured internet-connected devices have not only contributed to a spike in ransomware attacks, but poorly-secured hardware is increasingly being infected and used as part of DDoS botnets, resulting in some of the largest and most devastating attacks we've seen to date. The IT security 2017 prediction du jour is a crippling attack that brings the internet to its knees sometime this year, with a loss of human life on some scale also seen as an inevitability. As several security analysts like Bruce Schneier have noted, our casual treatment of device security has created a security and privacy dumpster fire, and the spike in these DDoS and ransomware attacks is simply the check coming due.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cameras, cctv, dc, inauguration, malware, ransomware, surveillance, surveillance cameras
Reader Comments
Subscribe: RSS
View by: Time | Thread
Coming soon to a car near you.
[ link to this | view in chronology ]
Re: Coming soon to a car near you.
Google's self-driving cars heavily use cloud computing. The police will inevitably want access. To order cars to pull over or duck down side-streets when emergency vehicles approach. Or to order cars away from an emergency scene.
Given the 360-degree camera coverage in each car, the police might command a few hundred of them to take part in an instant surveillance network to supplement police CCTVs. NOW imagine the D.C. police surveillance camera network being hit by ransomware...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I have a question:
I mean, if a ransomware program is intended to collect money, whether it be electronic transfer or bitcoin or whatever, surely the programs can be disassembled and the location the money's being sent to located?
[ link to this | view in chronology ]
Re: I have a question:
[ link to this | view in chronology ]
Re: Re: I have a question:
Apparently there's a way for hijacked PCs to be hijacked by OTHER hackers. A new ransom note gets substituted telling you send bitcoins to someone who has no idea what the decryption key is.
[ link to this | view in chronology ]
Re: I have a question:
Whoa, slow down there Giuliani.
[ link to this | view in chronology ]
Re: I have a question:
Given that the code isn't transferring the money, how would disassembling it show you where money is being sent? I think you don't understand how electronic transfers or bitcoin works.
[ link to this | view in chronology ]
Re: Re: I have a question:
...Oh, wait, onion routing and zombie computers would make the latter nigh-impossible...
[ link to this | view in chronology ]
Re: I have a question:
[ link to this | view in chronology ]
Waitaminnit!!
But three days' loss of surveillance? "the safety of the public or protectees was never jeopardized."
[ link to this | view in chronology ]
Re: Waitaminnit!!
[ link to this | view in chronology ]
Re: Re: Waitaminnit!!
I imagine the public would do just fine from a diet like that.
The 'Collect it all, know it all' junkies on the other hand would probably go through some serious withdrawals inside of a week, and would only get more frantic as time passed. They need their fix dammit, turn those cameras back on!
[ link to this | view in chronology ]
I was under the impression that this system was there to protect the public. If having it down doesn't jeopardize the public, then let's save some cash and leave it off.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The days when virus writers ignored Linux are long gone. There's ransomware affecting the OS directly. And of course ransomware affecting apps running on it, like the ransomware that hit over 10,000 MongoDB databases last month.
Riiiiiight.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Contrary to some reports, no-one was locked in their rooms. Nor were any doors remotely locked.
What happened is that with the computer encrypted, they couldn't program keycards for new guests checking in. And even then, according to the hotel's managing director:
[ link to this | view in chronology ]
Locked inside rooms?
[ link to this | view in chronology ]
Re: Locked inside rooms?
By fire code you'd have to be able to open the door from inside the room (I hope a software flaw couldn't prevent that, and that inspectors are able to verify this). That's not the same as being able to lock/unlock the door. The door might remain locked such that you wouldn't be able to get back in once it closed, or it's entirely possible a software flaw could leave it in an always-unlocked state.
And if you had a double-cylinder deadbolt you could be locked inside your house. It's probably not legal as a sole exit door but nobody's checking private residences.
[ link to this | view in chronology ]
The hotel story
The door locks aren't normally connected to the internal network. Instead, each door is preprogrammed to accept a valid keycode (which would use something similar to certificates in an idea world, but then you have the problems of revocation and non-repudiation because the device isn't networked).
Additionally, since when would a certification agency or the local fire department allow a safety device like a door handle inside the room to 'fail locked' in any scenario (door locked, power outage, etc.)?
[ link to this | view in chronology ]
San Francisco MTA?
[ link to this | view in chronology ]
"closed" circuit
Why would any of this be online to begin with?
[ link to this | view in chronology ]
Re: "closed" circuit
[ link to this | view in chronology ]
[url="http://kishmishorganic.com/"]Natural skin care products[/url]
[url="http://kishmishorganic.com/"]Herbal skin care products[/url]
[ link to this | view in chronology ]