Incidents

Hackers trick police into taking control of Washington, D.C. surveillance cameras

Over recent months, several network security firms, as well as independent researchers, have documented multiple cyberattacks against government organizations in various locations across the US, including states such as Atlanta, Georgia, New York, among others.

However, recent reports claim that this entire
wave of cyberattacks may have begun shortly before President Trump’s
inauguration. Local media claim that Eveline Cismaru and Alexandru Isvanca, hacking
experts, managed to compromise the systems that control surveillance cameras in
Washington, DC, days before the presidential ceremony. 

As reported by network security experts working with the US government, hackers fortuitously infiltrated in these systems, as their initial plan was to send a ransomware loaded email to hundreds of thousands of email addresses, obtained in a dark web forum.

Apparently, one of these email addresses
belonged to a Washington police employee, which served as an access point for
hackers to control at least 120 of the 186 police computers connected to
surveillance systems.

Although after being arrested the hackers
claimed that it was really easy to compromise these systems, they also forgot
to cover their tracks, leading the authorities directly towards them. At the
time of deploying this ransomware campaign, Cismaru was also operating a scam
on Amazon, so that he used the same computer connected to the Washington
police, which facilitated the work of the authorities.

In case this error hadn’t been enough, the
hackers even ordered a pizza online using the email address used to send the
ransomware emails; “It was a beginner’s mistake,” mentioned representatives
of the Washington DC Police Department; both individuals were arrested soon
after and are awaiting for their trial.

Although it is currently unknown whether
hackers actually did not intend to access Washington’s surveillance systems,
network security specialists from the International Institute of Cyber Security
(IICS) consider this to be a clear sign of the security deficiencies present in
multiple critical systems, a fact of considerable seriousness, as the malicious
potential of such intrusions would put the authorities against the wall.

Comments
To Top

Pin It on Pinterest

Share This