According to digital forensics specialists, a company that provides IT services to the New York Police Department (NYPD) accidentally disconnected the database of fingerprints for hours, all due to the use of a mini computer infected with a malware variant.
One of the employees of this company was installing a digital screen on the facilities of the Queens’ police academy last year, using the infected minicomputer. After connecting the device to the academy network, the malware spread to other 23 computers, all connected to NYPD’s fingerprint tracking system, powered by LiveScan technology.
Jessica Tisch of the New York City Department
of Information Technology mentioned that just a few hours after NYPD detected
the incident and determined that it was the intrusion of malware.
Subsequently, New York Police digital forensics
experts reported the incident to federal cybersecurity and counterterrorism
agencies, as it is a protocol of protection in place against any activity that
could compromise the IT structure of police agencies in the US.
As for the malware that infected NYPD
computers, Tisch mentioned that it was a ransomware variant, which could not be
activated, so the files stored on the compromised computers were not encrypted.
As a precautionary measure, The NYPD IT team decided to shut down their fingerprint
In addition to the temporary closure of this
system, the software of at least 200 New York Police machines was updated:
“We are taking all possible precautions,” Tisch said. The system
shutdown lasted almost a full day.
On the other hand, an NYPD spokesman mentioned
that less than 0.1% of the department’s computers were affected during this
incident. NYPD did not disclose the name of the person involved, mentioning
only that he was questioned about his actions, although he will not face criminal
proceedings for now.
Digital forensics experts believe that such
incidents should be thoroughly investigated, as exposing sensitive information
could lead to thousands of users receiving phishing emails or even being
victims of much more activities dangerous, such as identity theft. NYPD’s
fingerprint system appears to be linked to around seven million files, so
unauthorized access to this information could put many people at risk.
According to digital forensics specialists of
the International Institute of Cyber Security (IICS), this year reports of
hackers accessing databases managed by public entities have emerged, so it is
not unfounded that it is not unfounded that some threat actor has gained access
to NYPD information during this incident.