Washington DC MPD's Surveillance Equipment

Author: Brian Karas, Published on Feb 21, 2017

The Washington DC Metropolitan Police Department's surveillance system was hacked in January 2017.

Two immediate questions were:

  • Whose equipment was it?
  • How did it happen?

We have been able to answer the first of those two questions through obtaining government records, which we examine inside.

*** ********** ** ************ ****** **********'* ************ ****** ********* ** ******* ****.

*** ********* ********* ****:

  • ***** ********* *** **?
  • *** *** ** ******?

** **** **** **** ** ****** *** ***** ** ***** two ********* ******* ********* ********** *******, ***** ** ******* ******.

[***************]

Executive *******

*** ********* **** **** ***** ******** ********** ** ****, *********** and *******.

Source *********

*** ********* (*,*) ******* *** ******** ********* ** *** *** ** ******* a ******** **** ****** ** ****: (*)**** ******** *********** (*)**** *** ************. *** ***** ********, ***** ******** *** ******** ***** ********* the ******** ** ** "******* **** ****** ******** ******* ******* Surveillance ******" (*****) *** *** ******, ****** *** ********* *********.

Avrio **********

*** ******* *** * ******* ** ***** *** *****. ***** was ** ** ***** *** ******* ** ******, **. ***** the ********** ** ***** *******, ***** *** ***** ******** ** Hitachi.

Avrio *******

*****'* ******* *** ******** ** ************** **** ****** ** ****** remote ******* *** ********* **** ***** *****. *******'* ***** ** configured **** ********* ******** ** **** ******** ************, ** *** time ***** ****** ****, ********, *******, *****, *** **** ** some ** ***** ********.

MPD ******* *************

******* *********** *** ***************** *** ******** ********* ***** **** ** *** ******** ******** by *** ***. *** ******* ********** ********:

*** *********** ****** ********* **** ***** ******* **** ***** ******** communications *** ***** ******. *******, *** ** *** ********** *** how * ****** *** **** ** ****** *** ********* ** unknown.

Ransomware ******

** *********** **** ******* ** *** ****, *** ***'* *** **** **** ********** *** ***** ** the ********* (********** ******* **-** *****). ********** ******** **** ****** on * ******* ***** *** **** **** *** **** ** receive * ********** *** ** ******* *** **** ** ** unencrypted ******. ** ** *** *** ***** *** ****** ** the **-**'* *** *********** ** ***** ******* ** ******* *** ransomware.

Ongoing *************

** *** ********** ** *********** *** ******* ** *** ****, including ************* **** *** ************* ********, *** **** ******* * separate ****** **** **** *********** ******* *********, ****** **** **** or **** ***** *******. ****** **** ****** *********, ****** ******* us ** ****@****.*** ************* ***** **.

Comments (14)

Can Hitachi shed more light on this as Avrio is part of them?

Thank you for the story and we look forward to the final report.

It will be interesting to see how far or how deep the published results will be concerning GENETEC, AXIS or CRADLE POINT. Amazing that this apparent 'hack' has even made it to the news without blaming Chinese camera manufacturers.

So it was a Windows machine after all!

That makes sense because that's the platform that ransomware overwhelmingly targets.

One scenario would be that a user PC was infected first thru an ill-advised download. Once a client PC was infected, state of the art ransomware has the capability to infect other PCs on the LAN based on credentials found out the infected PC.

IPVM must have been so disappointed it wasn't Hikvision.

Disappointed, I'd think, is the wrong word. Maybe a little surprised, but I personally would be even more surprised if I found out that Wash. DC surveillance was actually using a Chinese product like HIK.

Most would probably agree that Axis and Genetec are pretty strong when it comes to their focus and efforts toward cyber security, so all this information does is strengthen and enforce the reality that even the best products are vulnerable without outside help, and that installers / integrators today have as much responsibility as ever to ensure that the network side of the house is no longer a separate conversation. Physical and cyber security systems will never be secure when they are treated separately.

I doubt that, remember this is a genetec system. Unlikely they were attached to Genetec ;)

So the hack occurred outside MPD's firewall? And also was it done wirelessly? Questions to ask, before sounding the alarm.

Sounds like they went in through the cell 4G modem to access the sv16...i am assuming each pole site has an SV16 connected to the 4G router to connect back to main genetec system, and a small switch connected to the cameras on a local network.

We have a similar setup since we have a bunch of scattered buildings that connect back to main system over the internet, sv16 and axis cameras. However we do have a cisco firewall appliance at each location to protect our SV16s, so that those are only reachable from within our own network. Without that, it would just be a windows machine exposed to everything.

Has there been any information released about how this first came to light, or how the infection started (was it a hack of the wireless system, through a camera, through the NVR's, or done with a physical attack on the hardware itself)?

Were any other DC systems compromised as a result of this or was it contained to just the edge based appliances?

I keep hoping that someone will have these details, but I'm guessing that we will never know...

I keep hoping that someone will have these details

More details are going to come. It's just early.

This is not like Mirai where hundreds of thousands of devices were hit around the globe and therefore it was easy to figure out what was happening.

Has there been a mention of who was behind it? I know it ended in ransomware (I am assuming the city did not pay, or at least will publicly say they didnt pay; getting someone out to just wipe and re-install all of those machines seems do-able at this scale I suppose) but it would be interesting if they were able to pinpoint what group or individual was behind it

Has there been a mention of who was behind it?

On Feb 4th, there was an announcement that 2 were arrested in London. I have not seen any new news reports since on those arrests.

I think...and this may be a wild guess, this is a Windows vulnerability. Especially with the ransomware element and the fact that the Genetec appliance is Windows (and from 2013 probably 7 Pro [8 if they were stupid]) based...and knowing the overall mindset, they probably disabled updates so it was vulnerable.

In fact, chances are, most of the rest of the equipment probably isn't compromised. Just the NVR.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Police

City Physical Security Manager Interview on Mar 14, 2019
This physical security pro is the Physical Security Manager for the City of Calgary. He is a criminologist by training with an ASIS CPP credential....
US City Sued For Hiding Surveillance Camera Map on Mar 08, 2019
Should maps of public surveillance camera locations be kept a secret? That is what one US city is trying to do. Though the city admits the...
Verified Response Discontinued in Silicon Valley San Jose on Feb 28, 2019
Almost all security alarms are false. This has driven some municipalities to require verified response before dispatching police. However, now San...
Police Department Surveillance Manager Interview on Feb 28, 2019
Former Memphis PD Surveillance Manager, Lt. Joseph Patty retired months ago, but kept busy during his decades on the force, working to build up...
Massive Leak Of Chinese VMS Provider Exposes Xinjiang Surveillance on Feb 20, 2019
A subsidiary of China’s claimed largest VMS provider is tracking the precise location and ethnicity of millions in China’s Xinjiang region,...
Austria’s First GDPR Fine Is For Video Surveillance on Jan 29, 2019
Should EU businesses be concerned if police see a business' surveillance cameras filming public areas? This is what happened with Austria’s first...
Mobile Surveillance Trailers Guide on Jan 17, 2019
Putting cameras in a place for temporary surveillance where power and communications are not readily available can be complicated and expensive....
The False SCMP Story on Hikvision NYC AI on Jan 14, 2019
In the past week, one of Asia's largest publications, the South China Morning Post (SCMP), posted an article about "Chinese [facial recognition]...
Infinova's Xinjiang Business Examined on Dec 07, 2018
As pressure mounts for companies to stop doing business in China’s Xinjiang region amid a severe human rights crisis, IPVM has found Infinova sold...
ADT Wins Fire Death Suit But Faces Appeal on Dec 05, 2018
ADT/Protection 1 has won a wrongful death court case in which it was sued by the estate of a deceased customer. However, the attorney for the...

Most Recent Industry Reports

Avigilon Launches 'Renewed Products Program' on Mar 19, 2019
There are lots of 'pre-owned' cars but pre-owned IP cameras? While such programs are common in other industries, in video surveillance, they are...
Hanwha Tax Evasion Probe, Camera Division Implicated on Mar 19, 2019
A Hanwha group subsidiary was raided as part of a tax evasion probe. While a Korean news media report listed the raided entity as 'Hanwha...
Genetec Security Center 5.8 Tested on Mar 19, 2019
Genetec has released Version 5.8. This comes after a wait of more than a year that caused frustrations for many Genetec partners. Our previous...
Retired Mercury President Returns As Open Options President on Mar 18, 2019
Open Options experienced major changes in 2018, including being acquired by ACRE and losing its President and General Manager, John Berman who...
Large US University End-User Video Surveillance Interview on Mar 18, 2019
Schools have become targets in modern days of active shooters and terrorist fears. The need for video and access security is high. Universities...
Hikvision Favorability Results 2019 on Mar 18, 2019
Hikvision favorability results declined significantly in IPVM's 2019 study of 200+ integrators. While in 2017 Hikvision's favorability was...
ONVIF Favorability Results 2019 on Mar 15, 2019
In the past decade, ONVIF has grown from a reaction to the outside Cisco-lead PSIA challenge, to being the de facto video surveillance standard...
Installation Course - Last Chance on Mar 14, 2019
This is the last chance to register for the March Installation course. This is a unique installation course in a market where little practical...
City Physical Security Manager Interview on Mar 14, 2019
This physical security pro is the Physical Security Manager for the City of Calgary. He is a criminologist by training with an ASIS CPP credential....
US Drafting Separate Rule for NDAA Dahua/Hikvision 'Blacklist' on Mar 14, 2019
The most debated provision of the NDAA ban of Dahua, Hikvision, Huawei, et al. is the so-called 'blacklist' provision which would ban any company...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact