Officials and others unsure of what may have taken place during a massive citywide CCTV outage
Between the dates of Jan. 12 and Jan. 15, for about a 48-hour span, 70% of the CCTV cameras in Washington D.C. were rendered useless by hackers adding an element of uncertainty in regards to what may have taken place in and around D.C. just days before Donald Trump’s Inauguration.
Secret Service and city officials said that cyber attackers used ransomware to infect nearly 130 of 187 network storage devices linked to the city’s closed-circuit camera network, disallowing the storage of any incoming imagery data also while simultaneously requesting a ransom to be paid.
According to the city’s Chief Technology Officer official Archana Vemulapalli, the attack prompted city officials to willingly take the entire CCTV network offline by removing all related software, later forcing a reboot of each site independently, which left at least a 48-hour window of opportunity for criminal activity to take place without being recorded.
Although city officials claim that the hack appeared to be a “localized” extortion attempt, one must question what group or agency is actually responsible and what attackers intentions really were.
Vemulapalli said that on the day of Jan. 12 D.C. Metro Police noticed that four camera pods were not properly functioning and reported their findings to the technology office (OTCO), who later identified the devices to be infected with ransomware thus prompting a “citywide sweep,” as reported by the Washington Post.
Police Chief fill-in Peter Newsham addressed the hack publically and said that there was ‘no known significant impact’ as a result of the hack, but an active open investigation may suggest otherwise as it was admitted that city officials took the cameras offline themselves, ultimately creating a window of opportunity for illicit activity to occur undetected which also dovetails with the stand down ordered on police body cameras during the Inauguration, as reported by Intellihub on Jan. 18.
Furthermore, a report by TendMicro.com details how “Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.” Additionally, ant to point out that ransomware prices can be set to any amount and are often requested in cryptocurrencies such as Bitcoin.
The most alarming part about all this is that ransomware is now being sold under the ransomware-as-a-service model, similar to a lot of cloud computing offerings. Under this model, ransomware can be purchased and deployed even by people with no hacking experience. The buyer then commits to give the seller a percentage of the “take”, usually set at 40%.
One of the most active ransomeware groups today is Cerber, which actually offers a “ransomware for dummies” type of package that provides the buyer with all the resources they need. That makes Cerber potentially far more dangerous than any other hacking group, including Locky, which operates with just one person, or threat actor, and doesn’t sell or share its methods with anyone.
The Herjavec Group published a report titled “Hackerpocalypse: A Cybercrime Revelation” which maintains that by the year 2021 “cybercrime will cost the world in excess of $6 trillion annually” and is growing rapidly.
The report mentions how “Cybersecurity Ventures predicts global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion by 2021, which includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.” All of which will create a vast market for individuals, corporations, and governments to defend against cyber crime which is “projected to exceed $1 trillion over the next five years.”
D.C. authorities are currently investigating the matter and all ransomware has been removed from the entire system.