Washington DC MPD's Surveillance Equipment

By: Brian Karas, Published on Feb 21, 2017

The Washington DC Metropolitan Police Department's surveillance system was hacked in January 2017.

Two immediate questions were:

  • Whose equipment was it?
  • How did it happen?

We have been able to answer the first of those two questions through obtaining government records, which we examine inside.

*** ********** ** ************ Police **********'* ************ ****** was****** ** ******* ****.

*** ********* ********* ****:

  • ***** ********* *** **?
  • *** *** ** ******?

** **** **** **** to ****** *** ***** of ***** *** ********* through ********* ********** *******, which ** ******* ******.

[***************]

Executive *******

*** ********* **** **** Avrio ******** ********** ** ****, Cradlepoint *** *******.

Source *********

*** ********* (**) ******* *** ******** purchased ** *** *** to ******* * ******** CCTV ****** ** ****: (1)**** ******** *********** (*)**** *** ************. *** ***** ********, which ******** *** ******** price ********* *** ******** of ** "******* **** Camera ******** ******* ******* Surveillance ******" (*****) *** the ******, ****** *** component *********.

***** **********

*** ******* *** * product ** ***** *** Group. ***** *** ** IP ***** *** ******* in ******, **. ***** the ********** ** ***** cameras, Avrio *** ***** ******** by *******.

***** *******

*****'* ******* *** ******** at ************** **** ****** to ****** ****** ******* and ********* **** ***** areas. *******'* ***** ** configured **** ********* ******** to **** ******** ************, at *** **** ***** listed ****, ********,  *******, OnSSI, *** **** ** some ** ***** ********.

MPD ******* *************

******* *********** *** ******** ********* *** ******** ********* being **** ** *** Polecams deployed ** *** ***. The ******* ********** ********:

*** *********** ****** ********* that ***** ******* **** using ******** ************** *** video ******. *******, *** it *** ********** *** how * ****** *** able ** ****** *** equipment ** *******.

Ransomware ******

** * ********** **** ******* ** the ****, *** ***'* *** said **** ********** *** found ** *** ********* (presumably ******* **-** *****). ********** ******** data ****** ** * machine ***** *** **** pays *** **** ** receive * ********** *** to ******* *** **** to ** *********** ******. It ** *** *** known *** ****** ** the **-**'* *** *********** to ***** ******* ** install *** **********.

Ongoing *************

** *** ********** ** investigate *** ******* ** the ****, ********* ************* with *** ************* ********, and **** ******* * separate ****** **** **** information ******* *********, ****** from **** ** **** other *******. ****** **** direct *********, ****** ******* us ** ****@****.*** ************* ***** **.

Comments (14)

Can Hitachi shed more light on this as Avrio is part of them?

Thank you for the story and we look forward to the final report.

It will be interesting to see how far or how deep the published results will be concerning GENETEC, AXIS or CRADLE POINT. Amazing that this apparent 'hack' has even made it to the news without blaming Chinese camera manufacturers.

 

 

 

 

 

 

 

 

 

 

 

 

So it was a Windows machine after all!

That makes sense because that's the platform that ransomware overwhelmingly targets.

One scenario would be that a user PC was infected first thru an ill-advised download.  Once a client PC was infected, state of the art ransomware has the capability to infect other PCs on the LAN based on credentials found out the infected PC.  

 

IPVM must have been so disappointed it wasn't Hikvision.

Disappointed, I'd think, is the wrong word.  Maybe a little surprised, but I personally would be even more surprised if I found out that Wash. DC surveillance was actually using a Chinese product like HIK.

Most would probably agree that Axis and Genetec are pretty strong when it comes to their focus and efforts toward cyber security, so all this information does is strengthen and enforce the reality that even the best products are vulnerable without outside help, and that installers / integrators today have as much responsibility as ever to ensure that the network side of the house is no longer a separate conversation.  Physical and cyber security systems will never be secure when they are treated separately.

I doubt that, remember this is a genetec system. Unlikely they were attached to Genetec ;)

So the hack occurred outside MPD's firewall? And also was it done wirelessly? Questions to ask, before sounding the alarm. 

Sounds like they went in through the cell 4G modem to access the sv16...i am assuming each pole site has an SV16 connected to the 4G router to connect back to main genetec system, and a small switch connected to the cameras on a local network.

We have a similar setup since we have a bunch of scattered buildings that connect back to main system over the internet, sv16 and axis cameras. However we do have a cisco firewall appliance at each location to protect our SV16s, so that those are only reachable from within our own network. Without that, it would just be a windows machine exposed to everything.

Has there been any information released about how this first came to light, or how the infection started (was it a hack of the wireless system, through a camera, through the NVR's, or done with a physical attack on the hardware itself)?

Were any other DC systems compromised as a result of this or was it contained to just the edge based appliances?

I keep hoping that someone will have these details, but I'm guessing that we will never know...

I keep hoping that someone will have these details

More details are going to come. It's just early.

This is not like Mirai where hundreds of thousands of devices were hit around the globe and therefore it was easy to figure out what was happening.

Has there been a mention of who was behind it? I know it ended in ransomware (I am assuming the city did not pay, or at least will publicly say they didnt pay; getting someone out to just wipe and re-install all of those machines seems do-able at this scale I suppose) but it would be interesting if they were able to pinpoint what group or individual was behind it

Has there been a mention of who was behind it?

On Feb 4th, there was an announcement that 2 were arrested in London. I have not seen any new news reports since on those arrests.

I think...and this may be a wild guess, this is a Windows vulnerability. Especially with the ransomware element and the fact that the Genetec appliance is Windows (and from 2013 probably 7 Pro [8 if they were stupid]) based...and knowing the overall mindset, they probably disabled updates so it was vulnerable.

In fact, chances are, most of the rest of the equipment probably isn't compromised. Just the NVR.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

HTTPS / SSL Video Surveillance Usage Statistics on Apr 01, 2019
HTTPS / SSL / TLS usage has become commonplace for websites to improve security and, in particular, to help mitigate attackers reading or modifying...
Verint Victimized By Ransomware on Apr 18, 2019
Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
Razberi Technologies Company Profile on Aug 06, 2019
Razberi says they have doubled their revenue in the first half of 2019, citing their proprietary camera hardening and cybersecurity capabilities...
Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity on Aug 06, 2019
For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Warning: Windows 7 Update Crashing NVRs on Aug 26, 2019
Windows 7 updates are causing VMS servers to fail to boot. After running the update, impacted systems do not boot as normal, instead display this...
3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits] on Aug 27, 2019
The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and...
Mobotix First CNPP CCTV Cybersecurity Certification Examined on Sep 05, 2019
Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they...
Wyze Massive Data Leak on Dec 26, 2019
Wyze has exposed millions of user's data, as reported by Twelve Security, and confirmed by IPVM, who has spoken with Twelve Security and reviewed...

Most Recent Industry Reports

IronYun AI Analytics Tested on Feb 17, 2020
Taiwan startup IronYun has raised tens of millions for its "mission to be the leading Artificial Intelligence, big data video software as a service...
Access Control ADA and Disability Laws Tutorial on Feb 17, 2020
Safe access control is paramount, especially for those with disabilities. Most countries have codes to mandate safe building access for those...
ISC West 2020 Removes China Pavilion, No Plans To Cancel Or Postpone on Feb 17, 2020
ISC West plans to go on next month, amidst concerns over coronavirus. However, the Asia / China Pavilion has been removed, show organizers...
Hanwha Wisenet X Plus PTRZ Tested on Feb 14, 2020
Hanwha has released their PTRZ camera, the Wisenet X Plus XNV-6081Z, claiming the "modular design allows for easy installation". We bought and...
IPVM Conference 2020 on Feb 13, 2020
IPVM is excited to announce our 2020 conference. This is the first and only industry event that will be 100% sponsor-free. Like IPVM online, the...
Bosch Dropping Dahua on Feb 13, 2020
Bosch has confirmed to IPVM that it is in the process of dropping Dahua, over the next year, as both IP camera contract manufacturer and recorder...
BluB0X Alleges Lenel, S2, Software House Are Dinosaurs on Feb 13, 2020
BluB0X is running an ad campaign labeling Lenel, S2, Software House, Honeywell, AMAG and more as dinosaurs: In a follow-up email to IPVM,...
London Live Police Face Recognition Visited on Feb 13, 2020
London police have officially begun using live facial recognition in select areas of the UK capital, sparking significant controversy. IPVM...
Converged vs Dedicated Networks For Surveillance Tutorial on Feb 12, 2020
Use the existing network or deploy a new one? This is a critical choice in designing video surveillance systems. Though 'convergence' was a big...