Washington DC Surveillance Hackers Arrested

By: Brian Karas, Published on Dec 29, 2017

The US Department of Justice has announced that "Two Romanian Suspects Charged With Hacking of Metropolitan Police Department Surveillance Cameras in Connection with Ransomware Scheme" that occurred in January 2017.

IPVM initially covered the technical details in March 2017 examining Washington DC MPD's Surveillance Equipment.

In this note, we examine the criminal complaint affidavit, new information provided and the role the vendors involved, including Avrio and Genetec, had on this hack. 

***** ********** ** ******* has ************* "*** ******** ******** Charged **** ******* ** Metropolitan ****** ********** ************ Cameras ** ********** **** Ransomware ******" **** ******** in ******* ****.

**** ********* ******* *** technical ******* ** ***** 2017 ********* ********** ** ***'* ************ Equipment.

** **** ****, ** examine *** ******** ********* affidavit, *** *********** ******** and *** **** *** vendors ********, ********* ***** and *******, *** ** this ****. 

[***************]

Recorders **** *** ********** *******

** ********* ********* *********, *** ****** ******* claimed *** *** ******** used ****** ********* ** launch ** ***** **** campaign ** ********** **********. The ********** ******* **** launched **** *** *********** machines ** ** ******* by *** ******* ** disguise ***** ****** ******** and **** ** ****** to ** ****** ** authorities.

Hackers *** ********** ** ************ *** *******

***** ** ** ******** that ****** ** *** hackers ************ ********* ************ equipment, ** *******, *** *** they **** *** ******** in *** **** ** recorded ***** ** *** recorders. ** ** ****** the ******* **** ******* the ******* **** ***** and ******** ** *** MPD *** **** *** city ************, ** *** they **** ***** ** this, **** ***** **** likely ****** ** *** machines **** ***** ** less ****** ** ***** an ************* ********.

Equipment ****

** ********* ** ********** ** ***'* ************ Equipment, *** ******* ********** of *** ****** ****:

Integrator *****

*****, *** **********/*** **** built *** ******* **** by *** *** *********** ** ******* ** 2014. *********** *********, ***** ********** ********** as "the ******'* ******* ******** of **-************ ********* **** wireless ********", *** "********** results": 

****** ***********, **************, *** similar **********-******** ********* **** Avrio's ****** ******** ****.

Remote ******* ****** ********* *******

*** (****** ******* ********) was **** ** *** hackers *** ****** ******* of *** ****** *********. Having *** ********* ** the *******, *** *** blocked ** * ******** was ****** *** ******'* primary ********** ** ********* these *******. ** ***** frequented ** *****-*********, *** Secret ******* ***** *** following **** ** *** of *** *******, ******* for "*********" ** ******** with *** *******:

Low **** ******* **** ** ***** *******

********** *** ******* **** caught ** ***** ******** found ** **** ** the ****** *********, *** tracing ***** ******** **** by **** *******. *** Secret ******* *** **** to link ***** ***** ******** to ***** ********, *** access ** ******* **** Google *** ***** *********, ***** ultimately *** **** ** the ******* ****** ********** and *********. ***** ** the *********** ** *** Secret ******* ******, *** hackers **** ********, *** not *********, ***** ** conceal ***** ********** *** location, *** **** ******** primarily ******* ***** *******, and *** *** ****** of *** **** ** high **** ******** *******.

************, ******* ******** ** logs *** *********** **** on *** *********, *** Secret ******* *** **** to ******** **** ******* of *** *******, *** contacted ***** ******* ** retrieve ********** ******* **** helped ** ******** *** hackers:

Responsibility ** ******* *** ***********

***** **** ********* * fundamental ****** ********:

  • ******* ******* *** *** ********** with ******* ******** *** accounts ** *** ******* OS, ******** *** ******* to **** ****. ******* *** since ******* ******** **** ******* settings *** *** ********** the **** *** ********* to ****** ********* *************** for ***** ******* [**** no ****** *********].
  • *** ******* **** **** publicly ********** *** *** not *** * ***, a ******* ********* ** the*********** ******* ****. *** *** ****** video ************ ******, *** certainly *** ** *******, exposing *** ******* ** public ****** *** * major *******. *****'* ***** led ********* ** ******* that **** **** ********** best-in-class *** *******-***** ********* optimized *** **** ******** applications, **** ** **** they ******** ******* **** multiple *************** ******* *** unchanged ******* ******** *** lack ** ****** ************.

Comments (8)

Undisclosed #1

12/29/17 06:24pm

***** ** ** ******** that ****** ** *** hackers ************ ********* ************ equipment, ** *******, *** did **** **** *** interest ** *** **** or ******** ***** ** the *********.

***, **** ********* *******.

Undisclosed Integrator #2

In reply to Undisclosed #1 | 12/29/17 07:48pm

* ***** *** ** was ********* *********, ** laziness, **** **** *******. How **** ***** *** guess ** *** **** since ***** ****** **** been *******? 

Undisclosed Integrator #3

01/01/18 07:14am

**** **** ******** ** enough ** *** ** boss ** ****** ** me.  ****** *** *******.  

Avatar

John Day

01/02/18 03:42pm

*'* ******* **** *** customer ****'* ******* *** contractor ** *** * VPN *** **** *** hackers **** *** ** get ** - ****'* almost ** *** **** as ***** ******* *********!

** **** ***** ** we ******** *** *** word "*********"? **** *'* love ** **** ** whether ***** *** ******** in *** ************* ********* any ******** ** ******* security ** ******* **** was ****** *** ********** leaving *** ****** ****.

************* ******* ** ** fault ***** ******** ***** (correctly) **** **** ** an ******** ******** ** the ******** ********.

Undisclosed #1

In reply to John Day | 01/02/18 04:04pm

** *** ***** ** exposed *** **** ** more ** **** ********** than * ******* ******* http ****?

Avatar

Scott Napier

In reply to Undisclosed #1 | 01/02/18 04:15pm

* ***** *** **** are ***** ** ** different, *** *** ** probably ******* *** **** frequently ***** ***** ** it ******** **** ** a ************* ** ** assumption ** *******.  

Undisclosed Integrator #3

In reply to John Day | 01/02/18 04:17pm

* ***** ***** **** depending ** * ********** to ****** **** ******** networks ** * *** idea **** *** *****.  You ****** **** ********* professionals ** ***** ** not **** ******* ********* on ***** ***********, *** also ** **** **** they ******* *** ****** it ***** *** *********** protective ********.  

Avatar

John Day

01/02/18 04:56pm

**** *** ** ***** - ** *** *** guy ***** *** *************** then ** *** ******** get ********** ** ***** to **** *** * service **** ******. * hack ***** *** ***** ****** give *** *** *** full ******* ** *** system ** ******** - a **** ** * camera ***** ******* **** give *** ****** ** the ******.

***** ** **** **********? Based ** * ***** Shodan ******, ******* *** certainly **** *********... * rdp **** ***** ** more ***********.

*** ***** **** **** is **** ******** (**** ***) that ***'* ********* ** the ********* ** *** system ****** ** ******* by *** ********. 

 

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Police

Hikvision Global News Reports Directory on Oct 17, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Critiquing Carnegie's AI Surveillance Paper on Sep 25, 2019
The Carnegie Endowment has issued an ambitious paper on the Global Expansion of AI Surveillance. While its aim is applaudable, the paper has...
UK Facewatch GDPR Compliance Questioned on Aug 27, 2019
Even as the GDPR strictly regulates biometrics, a UK company called Facewatch is selling anti-shoplifter facial recognition systems to hundreds of...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
Embattled $400 Million China Funded Philippines Surveillance System Proceeds on Jun 13, 2019
An embattled 12,000 camera surveillance system project that will cost ~$400 million will proceed. The project contract was awarded, had its...
China Jaywalking Facial Recognition Guide on May 27, 2019
News reports touting the PRC's AI prowess often showcase facial recognition cameras being used to automatically catch and fine jaywalkers. In...
Kidnapping Victim Rescued With Video From Ring Doorbell Camera on May 24, 2019
A kidnapping victim was rescued within 24 hours, with the police crediting video from a Ring Doorbell camera as key to solving the case. A girl was...
Amazon Ring Public Subsidy Program Aims To Dominate Residential Security on May 20, 2019
Amazon dominates market after market. Quitely, but increasingly, they are doing so in residential security, through a combination of significant...
Bank Security Manager Interview on May 15, 2019
Bank security contends with many significant threats - from fraudsters to robbers and more. In this interview, IPVM spoke with bank security...

Most Recent Industry Reports

Resideo Stock Plunges 40%, CFO Ousted on Oct 23, 2019
The horrible year for the ADI / Honeywell Home spinout, Resideo, just got worse, with their stock plunging another 40% today. Not even a year...
Access Control Door Controllers Guide on Oct 22, 2019
Door controllers are at the center of physical access control systems connecting software, readers, and locks. Despite being buried inside...
Alarm.com Acquires OpenEye on Oct 21, 2019
Alarm.com is targeting commercial expansion and now they have a commercial cloud VMS with the acquisition of OpenEye. In this note, based on...
Government-Owned Hikvision Wants To Keep Politics Out Of Security on Oct 21, 2019
'Politics' made Hikvision the goliath it is today. It was PRC China 'politics' that created Hikvision, funded it, and blocked its foreign...
Integrated IR Camera Usage Statistics 2019 on Oct 21, 2019
Virtually every IP camera now comes with integrated IR but how many actually make use of IR or choose 'super' low light cameras without IR? In...
Alarm Veteran "Demands A Criminal Investigation" Of UL on Oct 18, 2019
The Interceptor's Project pressure against UL continues to rise. Following Keith Jentoft's allegation that "UL Has Blood On Their Hands", Jentoft...
Camect "Worlds Smartest Camera Hub" Tested on Oct 18, 2019
Camect is a Silicon Valley startup that claims the "Smartest AI Object Detection On The Market", detecting not only people and vehicles, but...
Hikvision Global News Reports Directory on Oct 17, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Camera Calculator V3.1 Release Improves User Experience on Oct 17, 2019
IPVM has released a new version of our Camera Calculator, V3.1, with significant user experience improvements, a new development plan, and an...

What IPVM Is

The world's leading authority on video surveillance, with 200,000+ visits monthly.

  • Articles on cameras, video analytics, VMS, and trends
  • Tests showing actual performance and problems
  • Courses in surveillance, access control, etc
  • Camera Calculator for designing systems

Dedicated To Independence

We're dedicated to staying independent and objective. We're the only industry source to refuse any and all advertisements, sponsorship, and consulting from manufacturers. Why?