Hackers Targeted DC Police Cams Days Before Inauguration

A ransomware attack darkened the video surveillance system of the District of Columbia’s police department eight days before the presidential inauguration of Donald J. Trump.

Video storage devices for 70 percent of the CCTV system were unable to record anything between Jan. 12 and Jan. 15, as police techies scrambled to combat malicious software found on 123 of 187 networked video recorders, The Washington Post reported Friday.

However, the safety of the public was never in jeopardy during the camera blackout, Brian Ebert, a Secret Service official, told the Post.

Although the city has characterized the malicious software it found as ransomware, no ransom demand appears to have been made. The city resolved the problem by taking the storage devices offline, removing all their software and then restarting them.

The city is investigating who might be behind the hack, which affected only CCTV cameras monitoring public areas and did not reach deeper into the city’s networks, the Post reported.

Blind Deterrent

Closed circuit cameras can be important for collecting evidence about a crime. Fortunately for the D.C. police, that wasn’t an issue while some of its network was disabled.

“If a crime had been committed in an area and its compromised camera held important evidence, then they might have found themselves in trouble,” said Bob Hansmann, director of security analysis and strategy Forcepoint.

“In this case, they were lucky and nothing crucial happened,” he told TechNewsWorld.

In addition, cameras have a deterrent effect whether they’re working or not.

“In this instance, it was beneficial that the general public did not know about the attack when it happened,” noted James Scott, a senior fellow with the Institute for Critical Infrastructure Technology.

“So long as the attack was not common knowledge, the camera itself acted as a deterrent to crime, because potential offenders were not aware that it was infected with ransomware,” he told TechNewsWorld.

Attractive Target

Other municipal infrastructures have been targeted in similar ways in the past. A ransomware attack last fall took down the ticket machines for San Francisco’s light rail system for about a day.

“We’re going to see more and more of these kinds of attacks this year,” said Stephen Gates, chief research intelligence analyst with Nsfocus.

“This is a perfect example of hackers taking advantage of these municipal systems. They can cause all sorts of havoc,” he told TechNewsWorld.

“We’re seeing more and more ransomware attacks against the IoT, which is a disturbing trend,” said Jean-Philippe Taggart, a senior security researcher with Malwarebytes.

“CCTVs, hotel locks, libraries, hospitals — the criminals have a wealth of potential targets to choose from,” he told TechNewsWorld.

Feasting on IoT

Ransomware extortionists are feasting on the Internet of Things, maintained Simon Crosby, CTO of Bromium.

To prevent these attacks, devices need to be shielded so they’re not exposed on the Internet where hackers can find them, he said.

“Right now, attackers are having a field day finding exploitable systems that infrastructure operators either do not recognize are Internet-facing or think their exposure is too obscure for criminals to find, which is a very dangerous assumption,” Crosby told TechNewsWorld.

In addition to being discovered easily by hackers, networks of IoT devices have another problem: diversity.

“Fleets of PCs can be protected with uniform defenses, but what do you install on rail kiosks, video cameras, cars or televisions?” Crosby asked.

“The operating systems in these devices may not be able to support embedded security software,” he pointed out, “so the solution to protecting them requires collaboration among device manufacturers and strategies to block attacks before they reach these IoT endpoints.”

Ransomware has become a lucrative pursuit for hackers, which is why it will continue to be a problem. An estimated billion dollars will be paid to digital extortionists in 2016, according to the Herjavec Group.

“Hackers have every incentive in the world to continue these attacks and to innovate in order to bypass basic defenses,” said Mark Dufresne, director of threat research and adversary prevention at Endgame.

“This is a new reality in which we will live for a long time,” he told TechNewsWorld, “and we will see it take new forms, such as hitting IoT devices.”

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Malware