Washington DC MPD's Surveillance Equipment

Author: Brian Karas, Published on Feb 21, 2017

The Washington DC Metropolitan Police Department's surveillance system was hacked in January 2017.

Two immediate questions were:

  • Whose equipment was it?
  • How did it happen?

We have been able to answer the first of those two questions through obtaining government records, which we examine inside.

*** ********** ** ************ ****** **********'* ************ ****** ********* ** ******* ****.

*** ********* ********* ****:

  • ***** ********* *** **?
  • *** *** ** ******?

** **** **** **** ** ****** *** ***** ** ***** two ********* ******* ********* ********** *******, ***** ** ******* ******.

[***************]

Executive *******

*** ********* **** **** ***** ******** ********** ** ****, *********** and *******.

Source *********

*** ********* (*,*) ******* *** ******** ********* ** *** *** ** ******* a ******** **** ****** ** ****: (*)**** ******** *********** (*)**** *** ************. *** ***** ********, ***** ******** *** ******** ***** ********* the ******** ** ** "******* **** ****** ******** ******* ******* Surveillance ******" (*****) *** *** ******, ****** *** ********* *********.

Avrio **********

*** ******* *** * ******* ** ***** *** *****. ***** was ** ** ***** *** ******* ** ******, **. ***** the ********** ** ***** *******, ***** *** ***** ******** ** Hitachi.

Avrio *******

*****'* ******* *** ******** ** ************** **** ****** ** ****** remote ******* *** ********* **** ***** *****. *******'* ***** ** configured **** ********* ******** ** **** ******** ************, ** *** time ***** ****** ****, ********, *******, *****, *** **** ** some ** ***** ********.

MPD ******* *************

******* *********** *** ***************** *** ******** ********* ***** **** ** *** ******** ******** by *** ***. *** ******* ********** ********:

*** *********** ****** ********* **** ***** ******* **** ***** ******** communications *** ***** ******. *******, *** ** *** ********** *** how * ****** *** **** ** ****** *** ********* ** unknown.

Ransomware ******

** *********** **** ******* ** *** ****, *** ***'* *** **** **** ********** *** ***** ** the ********* (********** ******* **-** *****). ********** ******** **** ****** on * ******* ***** *** **** **** *** **** ** receive * ********** *** ** ******* *** **** ** ** unencrypted ******. ** ** *** *** ***** *** ****** ** the **-**'* *** *********** ** ***** ******* ** ******* *** ransomware.

Ongoing *************

** *** ********** ** *********** *** ******* ** *** ****, including ************* **** *** ************* ********, *** **** ******* * separate ****** **** **** *********** ******* *********, ****** **** **** or **** ***** *******. ****** **** ****** *********, ****** ******* us ** ****@****.*** ************* ***** **.

Comments (14)

Undisclosed #1

02/21/17 04:45pm

*** ******* **** **** ***** ** **** ** ***** ** part ** ****?

Thumbnail marty2016

Marty Calhoun

IPVMU Certified | 02/21/17 11:41pm

***** *** *** *** ***** *** ** **** ******* ** the ***** ******.

** **** ** *********** ** *** *** *** ** *** deep *** ********* ******* **** ** ********** *******, **** ** CRADLE *****. ******* **** **** ******** '****' *** **** **** it ** *** **** ******* ******* ******* ****** *************.

Undisclosed #2

02/22/17 04:54am

** ** *** * ******* ******* ***** ***!

**** ***** ***** ******* ****'* *** ******** **** ********** ************** targets.

*** ******** ***** ** **** * **** ** *** ******** first **** ** ***-******* ********. **** * ****** ** *** infected, ***** ** *** *** ********** *** *** ********** ** infect ***** *** ** *** *** ***** ** *********** ***** out *** ******** **.

Undisclosed Integrator #3

02/22/17 05:51am

**** **** **** **** ** ************ ** ****'* *********.

Thumbnail 1784608

Rian Schermerhorn

In reply to Undisclosed Integrator #3 | 02/22/17 09:23pm

************, *'* *****, ** *** ***** ****. ***** * ****** surprised, *** * ********** ***** ** **** **** ********* ** I ***** *** **** ****. ** ************ *** ******** ***** a ******* ******* **** ***.

**** ***** ******** ***** **** **** *** ******* *** ****** strong **** ** ***** ** ***** ***** *** ******* ****** cyber ********, ** *** **** *********** **** ** ********** *** enforce *** ******* **** **** *** **** ******** *** ********** without ******* ****, *** **** ********** / *********** ***** **** as **** ************** ** **** ** ****** **** *** ******* side ** *** ***** ** ** ****** * ******** ************. Physical *** ***** ******** ******* **** ***** ** ****** **** they *** ******* **********.

Undisclosed Manufacturer #5

In reply to Undisclosed Integrator #3 | 02/24/17 01:56am

* ***** ****, ******** **** ** * ******* ******. ******** they **** ******** ** ******* ;)

Paul King

02/23/17 01:08pm

** *** **** ******** ******* ***'* ********? *** **** *** it **** **********? ********* ** ***, ****** ******** *** *****.

Samuel Rodgers

02/23/17 04:02pm

****** **** **** **** ** ******* *** **** ** ***** to ****** *** ****...* ** ******** **** **** **** *** an **** ********* ** *** ** ****** ** ******* **** to **** ******* ******, *** * ***** ****** ********* ** the ******* ** * ***** *******.

** **** * ******* ***** ***** ** **** * ***** of ********* ********* **** ******* **** ** **** ****** **** the ********, **** *** **** *******. ******* ** ** **** a ***** ******** ********* ** **** ******** ** ******* *** SV16s, ** **** ***** *** **** ********* **** ****** *** own *******. ******* ****, ** ***** **** ** * ******* machine ******* ** **********.

Thumbnail 30059c9

Matthew Netardus

IPVMU Certified | 02/23/17 11:24pm

*** ***** **** *** *********** ******** ***** *** **** ***** came ** *****, ** *** *** ********* ******* (*** ** a **** ** *** ******** ******, ******* * ******, ******* the ***'*, ** **** **** * ******** ****** ** *** hardware ******)?

**** *** ***** ** ******* *********** ** * ****** ** this ** *** ** ********* ** **** *** **** ***** appliances?

Undisclosed Integrator #4

In reply to Matthew Netardus | 02/24/17 12:02am

* **** ****** **** ******* **** **** ***** *******, *** I'm ******** **** ** **** ***** ****...

John Honovich

IPVM | In reply to Undisclosed Integrator #4 | 02/24/17 01:51am

* **** ****** **** ******* **** **** ***** *******

**** ******* *** ***** ** ****. **'* **** *****.

**** ** *** **** ***** ***** ******** ** ********* ** devices **** *** ****** *** ***** *** ********* ** *** easy ** ****** *** **** *** *********.

Thumbnail 30059c9

Matthew Netardus

IPVMU Certified | In reply to John Honovich | 02/24/17 02:41am

*** ***** **** * ******* ** *** *** ****** **? I **** ** ***** ** ********** (* ** ******** *** city *** *** ***, ** ** ***** **** ******** *** they ***** ***; ******* ******* *** ** **** **** *** re-install *** ** ***** ******** ***** **-**** ** **** ***** I *******) *** ** ***** ** *********** ** **** **** able ** ******** **** ***** ** ********** *** ****** **

John Honovich

IPVM | In reply to Matthew Netardus | 02/24/17 12:08pm

*** ***** **** * ******* ** *** *** ****** **?

** *** ***, ***** ***** ************ **** * **** ******** ** ******. * **** *** **** *** *** **** ******* ***** on ***** *******.

Robert Shih

SavvyTech Security | 02/24/17 11:10pm

* *****...*** **** *** ** * **** *****, **** ** a ******* *************. ********** **** *** ********** ******* *** *** fact **** *** ******* ********* ** ******* (*** **** **** probably * *** [* ** **** **** ******]) *****...*** ******* the ******* *******, **** ******** ******** ******* ** ** *** vulnerable.

** ****, ******* ***, **** ** *** **** ** *** equipment ******** ***'* ***********. **** *** ***.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Police

ShotSpotter IPOs, Facing Low Revenue and Losses on Jun 09, 2017
A rare event for North American security manufacturers has happened. ShotSpotter has IPOed on the NASDAQ, raising $30.8 million. US IPOs,...
Shark Tank Startup Guard Llama Mobile Panic Tested on May 16, 2017
A Shark Tank TV show appearance has attracted big attention for Guard Llama, a security startup touting a 'panic button' paired with mobile app...
Mobile Video Installation Statistics on May 02, 2017
Mobile video systems - those mounted on buses, trains, cars, boats, etc. - are a niche within video surveillance with its own particular...
Duress Codes For Alarms Systems on May 02, 2017
An alarm system can call for help in the event of an attempted break in, but only if it is armed. If an adversary forces an authorized user to...
Burglar Alarm Zoning Guide on Apr 28, 2017
The function of an alarm panel is to gather information from sensors and respond to this information by triggering actions. While it is possible to...
A Marketing Home Run For Knightscope - Man Attacks Robot on Apr 27, 2017
We criticize Knightscope regularly - their lack of revenue, their trying to fool mom 'n pop investors, their associating themselves with a clueless...
Burglar Alarm Strobes Guide on Mar 31, 2017
Strobes provide visual notification of alarm incidents, as sirens are used to give audible notification. Using a strobe gives alarm users and alarm...
Simplisafe Warns Customers About Alarm Fines on Mar 17, 2017
Simplisafe markets themselves as a 'better way' than traditional professional alarm companies. However, in one key way, Simplisafe hides the...
Alarm Panic Switches Tutorial on Mar 16, 2017
Panic switches allow silently triggering an alarm system when it is otherwise disarmed. In this tutorial we explain and contrast the 7 most common...
Genetec Comments on Washington DC MPD Hack on Mar 13, 2017
This January, the Washington DC police video surveillance system was hacked with ransomware, impacting 123 of 187 cameras. Last month, IPVM...

Most Recent Industry Reports

Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
Sony Next Gen HD Dome Camera Tested (SNC-EM642R) on Aug 18, 2017
Sony has released their latest generation, claiming improved WDR and low light, increased IR range, and more. We tested the SNC-EM642R outdoor IR...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Knightscope Raises $10 Million With $3,320 Average Per Investor on Aug 17, 2017
Congrats to Knightscope. And condolences to their legion of little investors. Knightscope has disclosed they have raised $10+ million from their...
Axis and Arecont Legal Conflict Over Multi-Imager Cameras on Aug 17, 2017
Arecont threatened Axis. Axis has responded by moving to invalidate an Arecont patent. It is an important contest. Multi-imagers are Arecont's...
Directory Of Consumer Security Cameras on Aug 16, 2017
The consumer camera segment continues to grow, with new startups and models from existing players released seemingly every month. In this report we...
Cat 5e vs Cat 6 vs Cat 6a Network Cable Usage Statistics on Aug 16, 2017
Cat 5e? Cat 6? Cat 6a? What do integrators use in practice, today? 140+ integrators told IPVM. Here are the results: For those who want to...
Hikvision Responds To Cracked Security Codes on Aug 15, 2017
Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication...
Stolen Video NVR / DVR Statistics on Aug 15, 2017
"But what happens if someone steals my recorder?" Anyone who has done more than a handful of jobs has probably heard this question several times....
Hikvision Europe Cutting Out Unauthorized End User Sales on Aug 15, 2017
The days of anyone buying Hikvision from anywhere off the Internet are numbered, at least in Europe, if Hikvision's plan comes to fruition. In...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact