Washington DC Surveillance Hackers Arrested

Author: Brian Karas, Published on Dec 29, 2017

The US Department of Justice has announced that "Two Romanian Suspects Charged With Hacking of Metropolitan Police Department Surveillance Cameras in Connection with Ransomware Scheme" that occurred in January 2017.

IPVM initially covered the technical details in March 2017 examining Washington DC MPD's Surveillance Equipment.

In this note, we examine the criminal complaint affidavit, new information provided and the role the vendors involved, including Avrio and Genetec, had on this hack.

***** ********** ** ******* *** ************* "*** ******** ******** ******* **** ******* ** ************ ****** Department ************ ******* ** ********** **** ********** ******" **** ******** in ******* ****.

**** ********* ******* *** ********* ******* ** ***** **** ******************* ** ***'* ************ *********.

** **** ****, ** ******* *** ******** ********* *********, *** information ******** *** *** **** *** ******* ********, ********* ***** and *******, *** ** **** ****.

[***************]

Recorders **** *** ********** *******

** ********* ********* *********, *** ****** ******* ******* *** *** ******** **** ****** recorders ** ****** ** ***** **** ******** ** ********** **********. The ********** ******* **** ******** **** *** *********** ******** ** an ******* ** *** ******* ** ******** ***** ****** ******** and **** ** ****** ** ** ****** ** ***********.

Hackers *** ********** ** ************ *** *******

***** ** ** ******** **** ****** ** *** ******* ************ targeting ************ *********, ** *******, *** *** **** **** *** interest ** *** **** ** ******** ***** ** *** *********. It ** ****** *** ******* **** ******* *** ******* **** owned *** ******** ** *** *** *** **** *** **** surveillance, ** *** **** **** ***** ** ****, **** ***** have ****** ****** ** *** ******** **** ***** ** **** likely ** ***** ** ************* ********.

Equipment ****

** ********* ************ ** ***'* ************ *********, *** ******* ********** ** *** ****** ****:

Integrator *****

*****, *** **********/*** **** ***** *** ******* **** ** *** MPD *********** ** ******* ** ****. *********** *********, ***** ********** ********** ** "*** ******'* ******* ******** ** IP-Surveillance ********* **** ******** ********", *** "********** *******":

****** ***********, **************, *** ******* **********-******** ********* **** *****'* ****** customer ****.

Remote ******* ****** ********* *******

*** (****** ******* ********) *** **** ** *** ******* *** remote ******* ** *** ****** *********. ****** *** ********* ** the *******, *** *** ******* ** * ******** *** ****** the ******'* ******* ********** ** ********* ***** *******. ** ***** frequented ** *****-*********, *** ****** ******* ***** *** ********* **** by *** ** *** *******, ******* *** "*********" ** ******** with *** *******:

Low **** ******* **** ** ***** *******

********** *** ******* **** ****** ** ***** ******** ***** ** logs ** *** ****** *********, *** ******* ***** ******** **** by **** *******. *** ****** ******* *** **** ** **** these ***** ******** ** ***** ********, *** ****** ** ******* from ****** *** ***** *********, ***** ********** *** **** ** the ******* ****** ********** *** *********. ***** ** *** *********** in *** ****** ******* ******, *** ******* **** ********, *** not *********, ***** ** ******* ***** ********** *** ********, *** were ******** ********* ******* ***** *******, *** *** *** ****** of *** **** ** **** **** ******** *******.

************, ******* ******** ** **** *** *********** **** ** *** recorders, *** ****** ******* *** **** ** ******** **** ******* of *** *******, *** ********* ***** ******* ** ******** ********** details **** ****** ** ******** *** *******:

Responsibility ** ******* *** ***********

***** **** ********* * *********** ****** ********:

  • ******* ******* *** *** ********** **** ******* ******** *** ******** on *** ******* **, ******** *** ******* ** **** ****. Genetec *** ***** ******* ******** **** ******* ******** *** ************* *** **** *** ********* ** ****** ********* *************** *** these *******.
  • *** ******* **** **** ******** ********** *** *** *** *** a ***, * ******* ********* ** ************** ******* ****. *** *** ****** ***** ************ ******, *** ********* *** US *******, ******** *** ******* ** ****** ****** *** * major *******. *****'* ***** *** ********* ** ******* **** **** were ********** ****-**-***** *** *******-***** ********* ********* *** **** ******** applications, **** ** **** **** ******** ******* **** ******** *************** exposed *** ********* ******* ******** *** **** ** ****** ************.

Comments (8)

***** ** ** ******** **** ****** ** *** ******* ************ targeting ************ *********, ** *******, *** *** **** **** *** interest ** *** **** ** ******** ***** ** *** *********.

***, **** ********* *******.

* ***** *** ** *** ********* *********, ** ********, **** than *******. *** **** ***** *** ***** ** *** **** since ***** ****** **** **** *******?

**** **** ******** ** ****** ** *** ** **** ** listen ** **. ****** *** *******.

*'* ******* **** *** ******** ****'* ******* *** ********** ** use * *** *** **** *** ******* **** *** ** get ** - ****'* ****** ** *** **** ** ***** default *********!

** **** ***** ** ** ******** *** *** **** "*********"? What *'* **** ** **** ** ******* ***** *** ******** in *** ************* ********* *** ******** ** ******* ******** ** whether **** *** ****** *** ********** ******* *** ****** ****.

************* ******* ** ** ***** ***** ******** ***** (*********) **** this ** ** ******** ******** ** *** ******** ********.

** *** ***** ** ******* *** **** ** **** ** less ********** **** * ******* ******* **** ****?

* ***** *** **** *** ***** ** ** *********, *** RDP ** ******** ******* *** **** ********** ***** ***** ** it ******** **** ** * ************* ** ** ********** ** correct.

* ***** ***** **** ********* ** * ********** ** ****** your ******** ******** ** * *** **** **** *** *****. You ****** **** ********* ************* ** ***** ** *** **** enforce ********* ** ***** ***********, *** **** ** **** **** they ******* *** ****** ** ***** *** *********** ********** ********.

**** *** ** ***** - ** *** *** *** ***** rdp *************** **** ** *** ******** *** ********** ** ***** to **** *** * ******* **** ******. * **** ***** rdp ***** ****** **** *** *** *** **** ******* ** the ****** ** ******** - * **** ** * ****** would ******* **** **** *** ****** ** *** ******.

***** ** **** **********? ***** ** * ***** ****** ******, cameras *** ********* **** *********... * *** **** ***** ** more ***********.

*** ***** **** **** ** **** ******** (**** ***) **** isn't ********* ** *** ********* ** *** ****** ****** ** blocked ** *** ********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Police

Hikvision Wins Chinese Government Forced Facial Recognition Project Across 967 Mosques on Jul 16, 2018
Hikvision has won a Chinese government tender which requires that facial recognition cameras be set up at the entrance of every single mosque...
Belgium Bans Private Facial Surveillance on Jul 06, 2018
Belgium has effectively banned the use of facial recognition and other biometrics-based video analytics in surveillance cameras for private,...
China Public Video Surveillance Guide: From Skynet to Sharp Eyes on Jun 14, 2018
China is expanding its video surveillance network to achieve “100%” nationwide coverage by 2020, including facial recognition capabilities and a...
French National Police Buy 10,400 Hikvision Body Cameras on May 31, 2018
France’s national police forces bought 10,400 Hikvision body cameras earlier this year, in a high-profile deal that’s coming into effect as the...
Amazon Enters Home Security Services on Apr 26, 2018
Move over ADT? It is certainly what investors have feared for ADT, especially since Amazon acquired Ring. [Update: We spoke with Amazon and have...
ISC West 2018 Access Control Rundown on Apr 06, 2018
For ISC West 2018, what is new and interesting in access control?  This rundown will bring you up to speed on the exhibitors, what they are...
30+ Emerging Tech Companies Examined on Mar 28, 2018
ISC West has a new segment for 2018: the 'Emerging Technology Zone', which they boast: Featuring 50 of the latest and greatest startup...
Audio Usage In Video Surveillance Statistics on Mar 28, 2018
Audio is more widely available and easier to use than ever, with many IP cameras building audio in and often making integration as simple as...
Chinese Police Wearing Facial Recognition Are Here on Feb 06, 2018
This is a very interesting and highly atypical usage of facial recognition that the Chinese government touted this week: It is a PRC police...

Most Recent Industry Reports

Amazon Ring Alarm System Tested on Jul 16, 2018
Amazon Ring is going to hurt traditional dealers, and especially ADT, new IPVM test results of Ring's Alarm system underscore. IPVM found that...
Hikvision Wins Chinese Government Forced Facial Recognition Project Across 967 Mosques on Jul 16, 2018
Hikvision has won a Chinese government tender which requires that facial recognition cameras be set up at the entrance of every single mosque...
Installing Dome Cameras Indoors Guide on Jul 16, 2018
IPVM is producing the definitive series on installing surveillance cameras. This entry covers one of the most common scenarios - installing dome...
Security Sales Course Summer 2018 on Jul 13, 2018
Based on member's interest, IPVM is offering a security sales course this summer. Register Now - IPVM Security Sales Course Summer 2018 This...
US Tariffs Hit China Video Surveillance on Jul 13, 2018
Chinese video surveillance products avoided tariffs for the first two rounds. Now, in the third round, many video surveillance products will be...
Last Chance - July 2018 IP Networking Course on Jul 12, 2018
Registration ends today, Thursday. Register now. This is the only networking course designed specifically for video surveillance...
4 Most Difficult Camera Installs (Statistics) on Jul 12, 2018
Heavy housings, cumbersome brackets, heavy ladders required, and tricky field of view requirements will cause difficulties no matter the camera...
Axis Perimeter Defender Video Analytics Tested on Jul 12, 2018
Axis 'high security' video analytics offering is Perimeter Defender, OEMed / developed with Digital Barriers. But how good is Perimeter Defender?...
Hikvision Fights Ban - Claims 'Red Scare', Hires 14 Term Ex-Congressman on Jul 11, 2018
Hikvision is fighting back against the House Bill Ban of their products. Hikvision has hired one of the biggest lobbying firms, led by a 14 term...
Arecont Acquisition By Costar on Jul 11, 2018
Arecont Vision acquisition by Costar Technologies has been approved by the court, concluding the bankruptcy process triggered by Arecont's...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact