Washington DC Surveillance Hackers Arrested

Author: Brian Karas, Published on Dec 29, 2017

The US Department of Justice has announced that "Two Romanian Suspects Charged With Hacking of Metropolitan Police Department Surveillance Cameras in Connection with Ransomware Scheme" that occurred in January 2017.

IPVM initially covered the technical details in March 2017 examining Washington DC MPD's Surveillance Equipment.

In this note, we examine the criminal complaint affidavit, new information provided and the role the vendors involved, including Avrio and Genetec, had on this hack.

***** ********** ** ******* *** ************* "*** ******** ******** ******* **** ******* ** ************ ****** Department ************ ******* ** ********** **** ********** ******" **** ******** in ******* ****.

**** ********* ******* *** ********* ******* ** ***** **** ******************* ** ***'* ************ *********.

** **** ****, ** ******* *** ******** ********* *********, *** information ******** *** *** **** *** ******* ********, ********* ***** and *******, *** ** **** ****.

[***************]

Recorders **** *** ********** *******

** ********* ********* *********, *** ****** ******* ******* *** *** ******** **** ****** recorders ** ****** ** ***** **** ******** ** ********** **********. The ********** ******* **** ******** **** *** *********** ******** ** an ******* ** *** ******* ** ******** ***** ****** ******** and **** ** ****** ** ** ****** ** ***********.

Hackers *** ********** ** ************ *** *******

***** ** ** ******** **** ****** ** *** ******* ************ targeting ************ *********, ** *******, *** *** **** **** *** interest ** *** **** ** ******** ***** ** *** *********. It ** ****** *** ******* **** ******* *** ******* **** owned *** ******** ** *** *** *** **** *** **** surveillance, ** *** **** **** ***** ** ****, **** ***** have ****** ****** ** *** ******** **** ***** ** **** likely ** ***** ** ************* ********.

Equipment ****

** ********* ************ ** ***'* ************ *********, *** ******* ********** ** *** ****** ****:

Integrator *****

*****, *** **********/*** **** ***** *** ******* **** ** *** MPD *********** ** ******* ** ****. *********** *********, ***** ********** ********** ** "*** ******'* ******* ******** ** IP-Surveillance ********* **** ******** ********", *** "********** *******":

****** ***********, **************, *** ******* **********-******** ********* **** *****'* ****** customer ****.

Remote ******* ****** ********* *******

*** (****** ******* ********) *** **** ** *** ******* *** remote ******* ** *** ****** *********. ****** *** ********* ** the *******, *** *** ******* ** * ******** *** ****** the ******'* ******* ********** ** ********* ***** *******. ** ***** frequented ** *****-*********, *** ****** ******* ***** *** ********* **** by *** ** *** *******, ******* *** "*********" ** ******** with *** *******:

Low **** ******* **** ** ***** *******

********** *** ******* **** ****** ** ***** ******** ***** ** logs ** *** ****** *********, *** ******* ***** ******** **** by **** *******. *** ****** ******* *** **** ** **** these ***** ******** ** ***** ********, *** ****** ** ******* from ****** *** ***** *********, ***** ********** *** **** ** the ******* ****** ********** *** *********. ***** ** *** *********** in *** ****** ******* ******, *** ******* **** ********, *** not *********, ***** ** ******* ***** ********** *** ********, *** were ******** ********* ******* ***** *******, *** *** *** ****** of *** **** ** **** **** ******** *******.

************, ******* ******** ** **** *** *********** **** ** *** recorders, *** ****** ******* *** **** ** ******** **** ******* of *** *******, *** ********* ***** ******* ** ******** ********** details **** ****** ** ******** *** *******:

Responsibility ** ******* *** ***********

***** **** ********* * *********** ****** ********:

  • ******* ******* *** *** ********** **** ******* ******** *** ******** on *** ******* **, ******** *** ******* ** **** ****. Genetec *** ***** ******* ******** **** ******* ******** *** ************* *** **** *** ********* ** ****** ********* *************** *** these *******.
  • *** ******* **** **** ******** ********** *** *** *** *** a ***, * ******* ********* ** ************** ******* ****. *** *** ****** ***** ************ ******, *** ********* *** US *******, ******** *** ******* ** ****** ****** *** * major *******. *****'* ***** *** ********* ** ******* **** **** were ********** ****-**-***** *** *******-***** ********* ********* *** **** ******** applications, **** ** **** **** ******** ******* **** ******** *************** exposed *** ********* ******* ******** *** **** ** ****** ************.

Comments (8)

Undisclosed #1

12/29/17 06:24pm

***** ** ** ******** **** ****** ** *** ******* ************ targeting ************ *********, ** *******, *** *** **** **** *** interest ** *** **** ** ******** ***** ** *** *********.

***, **** ********* *******.

Undisclosed Integrator #2

In reply to Undisclosed #1 | 12/29/17 07:48pm

* ***** *** ** *** ********* *********, ** ********, **** than *******. *** **** ***** *** ***** ** *** **** since ***** ****** **** **** *******?

Undisclosed Integrator #3

01/01/18 07:14am

**** **** ******** ** ****** ** *** ** **** ** listen ** **. ****** *** *******.

Thumbnail portrait

John Day

01/02/18 03:42pm

*'* ******* **** *** ******** ****'* ******* *** ********** ** use * *** *** **** *** ******* **** *** ** get ** - ****'* ****** ** *** **** ** ***** default *********!

** **** ***** ** ** ******** *** *** **** "*********"? What *'* **** ** **** ** ******* ***** *** ******** in *** ************* ********* *** ******** ** ******* ******** ** whether **** *** ****** *** ********** ******* *** ****** ****.

************* ******* ** ** ***** ***** ******** ***** (*********) **** this ** ** ******** ******** ** *** ******** ********.

Undisclosed #1

In reply to John Day | 01/02/18 04:04pm

** *** ***** ** ******* *** **** ** **** ** less ********** **** * ******* ******* **** ****?

Thumbnail me business

Scott Napier

In reply to Undisclosed #1 | 01/02/18 08:15am

* ***** *** **** *** ***** ** ** *********, *** RDP ** ******** ******* *** **** ********** ***** ***** ** it ******** **** ** * ************* ** ** ********** ** correct.

Undisclosed Integrator #3

In reply to John Day | 01/02/18 04:17pm

* ***** ***** **** ********* ** * ********** ** ****** your ******** ******** ** * *** **** **** *** *****. You ****** **** ********* ************* ** ***** ** *** **** enforce ********* ** ***** ***********, *** **** ** **** **** they ******* *** ****** ** ***** *** *********** ********** ********.

Thumbnail portrait

John Day

01/02/18 04:56pm

**** *** ** ***** - ** *** *** *** ***** rdp *************** **** ** *** ******** *** ********** ** ***** to **** *** * ******* **** ******. * **** ***** rdp ***** ****** **** *** *** *** **** ******* ** the ****** ** ******** - * **** ** * ****** would ******* **** **** *** ****** ** *** ******.

***** ** **** **********? ***** ** * ***** ****** ******, cameras *** ********* **** *********... * *** **** ***** ** more ***********.

*** ***** **** **** ** **** ******** (**** ***) **** isn't ********* ** *** ********* ** *** ****** ****** ** blocked ** *** ********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Police

Congressional Letter Urges Sanctions Against Dahua and Hikvision For Human Rights Abuses on Sep 04, 2018
17 US Congresspeople sent a letter to the Secretary of State and Treasury urging sanctions against Chinese officials plus Dahua and Hikvision,...
France Political Scandal Reveals Video Surveillance Problems on Aug 22, 2018
In what French media describes as "the most damaging crisis yet for" French President Marcon, a political scandal has revealed major gaps in the...
Hikvision Wins Chinese Government Forced Facial Recognition Project Across 967 Mosques on Jul 16, 2018
Hikvision has won a Chinese government tender which requires that facial recognition cameras be set up at the entrance of every single mosque...
Belgium Bans Private Facial Surveillance on Jul 06, 2018
Belgium has effectively banned the use of facial recognition and other biometrics-based video analytics in surveillance cameras for private,...
China Public Video Surveillance Guide: From Skynet to Sharp Eyes on Jun 14, 2018
China is expanding its video surveillance network to achieve “100%” nationwide coverage by 2020, including facial recognition capabilities and a...
French National Police Buy 10,400 Hikvision Body Cameras on May 31, 2018
France’s national police forces bought 10,400 Hikvision body cameras earlier this year, in a high-profile deal that’s coming into effect as the...
Amazon Enters Home Security Services on Apr 26, 2018
Move over ADT? It is certainly what investors have feared for ADT, especially since Amazon acquired Ring. [Update: We spoke with Amazon and have...
ISC West 2018 Access Control Rundown on Apr 06, 2018
For ISC West 2018, what is new and interesting in access control?  This rundown will bring you up to speed on the exhibitors, what they are...
30+ Emerging Tech Companies Examined on Mar 28, 2018
ISC West has a new segment for 2018: the 'Emerging Technology Zone', which they boast: Featuring 50 of the latest and greatest startup...
Audio Usage In Video Surveillance Statistics on Mar 28, 2018
Audio is more widely available and easier to use than ever, with many IP cameras building audio in and often making integration as simple as...

Most Recent Industry Reports

BluePoint Aims To Bring Life-Safety Mind-Set To Police Pull Stations on Sep 20, 2018
Fire alarm pull stations are commonplace but police ones are not. A self-funded startup, BluePoint Alert Solutions is aiming to make police pull...
SIA Plays Dumb On OEMs And Hikua Ban on Sep 20, 2018
OEMs widely pretend to be 'manufacturers', deceiving their customers and putting them at risk for cybersecurity attacks and, soon, violation of US...
Axis Vs. Hikvision IR PTZ Shootout on Sep 20, 2018
Hikvision has their high-end dual-sensor DarkfighterX. Axis has their high-end concealed IR Q6125-LE. Which is better? We bought both and tested...
Avigilon Announces AI-Powered H5 Camera Development on Sep 19, 2018
Avigilon will be showcasing "next-generation AI" at next week's ASIS GSX. In an atypical move, the company is not actually releasing these...
Favorite Request-to-Exit (RTE) Manufacturers 2018 on Sep 19, 2018
Request To Exit devices like motion sensors and lock releasing push-buttons are a part of almost every access install, but who makes the equipment...
25% China Tariffs Finalized For 2019, 10% Start Now, Includes Select Video Surveillance on Sep 18, 2018
A surprise move: In July, when the most recent tariff round was first announced, the tariffs were only scheduled for 10%. However, now, the US...
Central Stations Face Off Against NFPA On Fire Monitoring on Sep 18, 2018
Central stations are facing off against the NFPA over what they call anti-competitive language in NFPA 72, the standard that covers fire alarms....
Hikvision USA Starts Layoffs on Sep 18, 2018
Hikvision USA has started layoffs, just weeks after the US government ban was passed into law. Inside this note, we examine: The important...
Chinese Government Praises Hikvision For Following Xi Jinping on Sep 17, 2018
The Chinese government council responsible for managing China's state-owned companies praised Hikvision’s obedience to China’s authoritarian leader...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact