Why were Washington DC's CCTV cameras infected with ransomware just before inauguration?
Someone hacked into 70% of DC's surveillance cameras, preventing footage from being recorded for three days.
Washington DC state officials say that unknown attackers somehow hacked into 70% of the CCTV police surveillance cameras located in the city's public spaces and infected the devices with ransomware, which meant that the cameras were unable to record footage for three whole days.
The cyberattack took 123 out of 187 CCTV cameras connected to a network offline from Thursday 12 January to Sunday 15 January. DC police contacted the city's technology office, which discovered two different types of ransomware in four video recorders and then started sweeping the network to see if any other CCTV cameras were affected.
Each networked video camera was connected to up to four cameras at each public space, meaning that the ransomware was able to spread to some of the city's cameras quickly, however it is not known which specific ransomware was used in the cyberattack.
What is ransomware?
Ransomware is a type of malware that holds a large collection of data hostage on a victim's computer, including important documents, photos and videos. Once installed, the victim is shown a user interface explaining that the files will be destroyed unless the victim pays a bitcoin ransom to the hackers.
The latest incarnations of ransomware come so meticulously coded with strong cryptography that it is difficult to find a way around it, so many companies and victims prefer to pay up rather than lose valuable files, although the international cybersecurity community is constantly developing ways to decrypt malware and generally advises victims not to pay.
The police and the city technology office had to reinstall software for the affected cameras across the city, which took another 48 hours, and a US Secret Service official told the Washington Post that the safety of the public or the dignitaries in the city was never jeopardised during the incident.
Could the cyberattack have been politically motivated?
However, it is interesting that the cyberattack occurred on 12 January, which was just eight days before President Donald Trump's inauguration ceremony. While the police and city officials were able to quickly resolve the problem with a few days to spare before the inauguration ceremony, one wonders who the attackers are, and whether they hoped that the ransomware attack would take the video cameras offline during the ceremony.
Of course, we may never know, but it is possible that this particular cyberattack was politically motivated, or perhaps motivated to shield some sort of crime that the perpetrators hoped to commit during the inauguration ceremony, when all eyes were on Capitol Hill.
Usually, ransomware is profit-driven operation – hackers infect victims' computers and word their message in the user interface in such a way as to scare their victim and make them more likely to pay. There are even examples of particularly nasty ransomware that deletes some of the users' files if they don't pay up within a certain time frame.
Always back up your data and store it safely
Although cybersecurity experts advise that you never, ever agree to pay the ransom, sometimes this can backfire if you haven't been archiving your data properly. For example, the Cockrell Hill police department in Texas admitted on Wednesday 25 January that it had lost years' worth of evidence after the police department's server was infected with the Locky ransomware when a police officer accidentally opened a spam email from a spoofed email address that imitated a real department-issued email address.
The hackers wanted $4,000 (£3,200) to unlock the files, so instead, after consulting with the FBI, the Cockrell Hill police decided to wipe the server and reinstall everything. However, they forgot that the server's backup procedure had started shortly after the ransomware infected the server, which meant the files that were backed up were already encrypted, and so there was no way to decrypt the files.
The ransomware affected files dating back to 2009 including all Microsoft Word and Excel files, all body camera video and some in-car video as well as in-house surveillance video. On the plus side however, none of the data was leaked outside the police department.
However, there is one case whereby someone did get away without paying the ransomware – St Louis public library in Missouri succeeded in restoring over 700 circulation and public access computers within three days from backup, and avoiding shelling out $35,000.
© Copyright IBTimes 2024. All rights reserved.