Washington DC Surveillance Hackers Arrested

By Brian Karas, Published on Dec 29, 2017

The US Department of Justice has announced that "Two Romanian Suspects Charged With Hacking of Metropolitan Police Department Surveillance Cameras in Connection with Ransomware Scheme" that occurred in January 2017.

IPVM initially covered the technical details in March 2017 examining Washington DC MPD's Surveillance Equipment.

In this note, we examine the criminal complaint affidavit, new information provided and the role the vendors involved, including Avrio and Genetec, had on this hack. 

Recorders **** *** ********** *******

** ********* ********* *********, *** ****** ******* claimed *** *** ******** used ****** ********* ** launch ** ***** **** campaign ** ********** **********. The ********** ******* **** launched **** *** *********** machines ** ** ******* by *** ******* ** disguise ***** ****** ******** and **** ** ****** to ** ****** ** authorities.

Hackers *** ********** ** ************ *** *******

***** ** ** ******** that ****** ** *** hackers ************ ********* ************ equipment, ** *******, *** *** they **** *** ******** in *** **** ** recorded ***** ** *** recorders. ** ** ****** the ******* **** ******* the ******* **** ***** and ******** ** *** MPD *** **** *** city ************, ** *** they **** ***** ** this, **** ***** **** likely ****** ** *** machines **** ***** ** less ****** ** ***** an ************* ********.

Equipment ****

** ********* ** ********** ** ***'* ************ Equipment, *** ******* ********** of *** ****** ****:

Integrator *****

*****, *** **********/*** **** built *** ******* **** by *** *** *********** ** ******* ** 2014. *********** *********, ***** ********** ********** as "the ******'* ******* ******** of **-************ ********* **** wireless ********", *** "********** results": 

****** ***********, **************, *** similar **********-******** ********* **** Avrio's ****** ******** ****.

Remote ******* ****** ********* *******

*** (****** ******* ********) was **** ** *** hackers *** ****** ******* of *** ****** *********. Having *** ********* ** the *******, *** *** blocked ** * ******** was ****** *** ******'* primary ********** ** ********* these *******. ** ***** frequented ** *****-*********, *** Secret ******* ***** *** following **** ** *** of *** *******, ******* for "*********" ** ******** with *** *******:

Low **** ******* **** ** ***** *******

********** *** ******* **** caught ** ***** ******** found ** **** ** the ****** *********, *** tracing ***** ******** **** by **** *******. *** Secret ******* *** **** to link ***** ***** ******** to ***** ********, *** access ** ******* **** Google *** ***** *********, ***** ultimately *** **** ** the ******* ****** ********** and *********. ***** ** the *********** ** *** Secret ******* ******, *** hackers **** ********, *** not *********, ***** ** conceal ***** ********** *** location, *** **** ******** primarily ******* ***** *******, and *** *** ****** of *** **** ** high **** ******** *******.

************, ******* ******** ** logs *** *********** **** on *** *********, *** Secret ******* *** **** to ******** **** ******* of *** *******, *** contacted ***** ******* ** retrieve ********** ******* **** helped ** ******** *** hackers:

Responsibility ** ******* *** ***********

***** **** ********* * fundamental ****** ********:

  • ******* ******* *** *** ********** with ******* ******** *** accounts ** *** ******* OS, ******** *** ******* to **** ****. ******* *** since ******* ******** **** ******* settings *** *** ********** the **** *** ********* to ****** ********* *************** for ***** ******* [**** no ****** *********].
  • *** ******* **** **** publicly ********** *** *** not *** * ***, a ******* ********* ** the*********** ******* ****. *** *** ****** video ************ ******, *** certainly *** ** *******, exposing *** ******* ** public ****** *** * major *******. *****'* ***** led ********* ** ******* that **** **** ********** best-in-class *** *******-***** ********* optimized *** **** ******** applications, **** ** **** they ******** ******* **** multiple *************** ******* *** unchanged ******* ******** *** lack ** ****** ************.

Comments (8)

Undisclosed #1

IPVMU Certified | 12/29/17 06:24pm

There is no evidence that points to the hackers specifically targeting surveillance equipment, or Genetec, nor did they have any interest in the live or recorded video on the recorders.

Yes, just targeting Windows.

Undisclosed Integrator #2

In reply to Undisclosed #1 | 12/29/17 07:48pm

I would say it was targeting stupidity, or laziness, more than Windows. How long would you guess it has been since those Server have been updated? 

Undisclosed Integrator #3

01/01/18 07:14am

This will probably be enough to get my boss to listen to me.  Thanks for sharing.  

Avatar

John Day

01/02/18 03:42pm

I'm floored that the customer didn't require the contractor to use a VPN and that the hackers used rdp to get in - that's almost as low tech as using default passwords!

At what point do we actually use the word "negligent"? What I'd love to know is whether there was anything in the specification requiring any baseline of network security or whether this was purely the integrator leaving the system open.

Unfortunately whoever is at fault would probably claim (correctly) that this is an accepted practice in the security business.

Undisclosed #1

IPVMU Certified | In reply to John Day | 01/02/18 04:04pm

Do you think an exposed rdp port is more or less vulnerable than a cameras exposed http port?

Avatar

Scott Napier

In reply to Undisclosed #1 | 01/02/18 04:15pm

I would say they are close to no different, but RDP is probably scanned for more frequently which means is it probably more of a vulnerability if my assumption is correct.  

Undisclosed Integrator #3

In reply to John Day | 01/02/18 04:17pm

I would argue that depending on a contractor to secure your critical networks is a bad idea from the start.  You should have competent professionals on staff to not only enforce standards on these contractors, but also to test what they install and verify it meets all appropriate protective measures.  

Avatar

John Day

01/02/18 04:56pm

Both are an issue - if the bad guy knows rdp vulnerabilities then he can probably get everything he needs to know off a service like Shodan. A hack using rdp would likely give the bad guy full control of the system in question - a hack of a camera would usually only give you access to the device.

Which is more vulnerable? Based on a quick Shodan search, cameras are certainly more plentiful... a rdp hack would be more destructive.

The issue with this is that anything (like RDP) that isn't essential to the operation of the system should be blocked by the firewall. 

 

Read this IPVM report for free.

This article is part of IPVM's 6,596 reports, 889 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Vape Detection Legal Battle: Soter Sues IPVideo Corp on Jul 22, 2020
The crosstown vape detection rivals are now in a legal battle. While IPVideo...
VICE Investigates Verkada's Harassing "RawVerkadawgz" on Oct 26, 2020
This month, IPVM investigated Verkada's sexism, discrimination, and cultural...
US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
Panasonic i-PRO Hid Huawei, Does Damage Control on Aug 21, 2020
Panasonic i-PRO hid their usage of Huawei from the public, continues to...
U.S. Government Accountability Office Urges Facial Recognition Regulation on Aug 27, 2020
The US Government Accountability Office (GAO) is urging facial recognition...
Risks Of Managing End User Passwords (Statistics) 2020 on Sep 11, 2020
Alarmingly, most integrators used spreadsheets to manage passwords, IPVM...
Nokia Fever Screening Claims To "Advance Fight Against COVID-19" on Oct 22, 2020
First IBM, then briefly Clorox, and now Nokia becomes the latest Fortune 500...
JCI Sues Genetec For Patent Infringement on Jul 13, 2020
Surprisingly, security giant JCI has sued their partner, security software...
Wrong Dahua Australia Medical Device Approved on Jul 20, 2020
Dahua's body temperature system is now in Australia's medical device...
Chilean Official Investigated for Motorola And Hikvision Contracts on Sep 17, 2020
A corruption investigation is underway in Chile after a crime prevention...
17 Alarm Company Lawsuits Against Competitors Faking Them on Oct 06, 2020
Alarm companies suing rivals for faking them are commonplace, an IPVM...
Defendry Presents AI Active Shooter Security System on Jul 14, 2020
Defendry presented its Active Shooter security system at the May 2020 IPVM...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
Face Shields Impact On Temperature Measurement And Mask Detection on Jul 27, 2020
First, the use of face masks, and now, plastic face shields are rising...

Recent Reports

Consultants Online Show LIVE Today! on Oct 27, 2020
IPVM's 7th online show will feature 20+ consultants and recruiters presenting...
Eagle Eye Networks Raises $40 Million on Oct 27, 2020
Eagle Eye has raised $40 million aiming to "reinvent video...
Hikvision Q3 2020 Global Revenue Rises, US Revenue Falls on Oct 27, 2020
While Hikvision's global revenue rises driven by domestic recovery, its US...
VICE Investigates Verkada's Harassing "RawVerkadawgz" on Oct 26, 2020
This month, IPVM investigated Verkada's sexism, discrimination, and cultural...
Six Flags' FDA Violating Outdoor Dahua Fever Cameras on Oct 26, 2020
As Six Flags scrambled to reopen parks amid plummeting revenues caused by the...
ISC Brasil Digital Experience 2020 Report on Oct 23, 2020
ISC Brasil 2020 rebranded itself to ISC Digital Experience and, like its...
Top Video Surveillance Service Call Problems 2020 on Oct 23, 2020
3 primary and 4 secondary issues stood out as causing the most problems when...
GDPR Impact On Temperature / Fever Screening Explained on Oct 22, 2020
What impact does GDPR have on temperature screening? Do you risk a GDPR fine...
Security And Safety Things (S&ST) Tested on Oct 22, 2020
S&ST, a Bosch spinout, is spending tens of millions of dollars aiming to...
Nokia Fever Screening Claims To "Advance Fight Against COVID-19" on Oct 22, 2020
First IBM, then briefly Clorox, and now Nokia becomes the latest Fortune 500...
Deceptive Meridian Temperature Tablets Endanger Public Safety on Oct 21, 2020
IPVM's testing of and investigation into Meridian Kiosk's temperature...
Honeywell 30 Series and Vivotek NVRs Tested on Oct 21, 2020
The NDAA ban has driven many users to look for low-cost NVRs not made by...
Ubiquiti Access Control Tested on Oct 21, 2020
Ubiquiti has become one of the most widely used wireless and switch providers...
Avigilon Aggressive Trade-In Program Takes Aim At Competitors on Oct 20, 2020
Avigilon has launched one of the most aggressive trade-in programs the video...
Mexico Video Surveillance Market Overview 2020 on Oct 20, 2020
Despite being neighbors, there are key differences between the U.S. and...