Washington DC MPD's Surveillance Equipment

By: Brian Karas, Published on Feb 21, 2017

The Washington DC Metropolitan Police Department's surveillance system was hacked in January 2017.

Two immediate questions were:

  • Whose equipment was it?
  • How did it happen?

We have been able to answer the first of those two questions through obtaining government records, which we examine inside.

*** ********** ** ************ Police **********'* ************ ****** was****** ** ******* ****.

*** ********* ********* ****:

  • ***** ********* *** **?
  • *** *** ** ******?

** **** **** **** to ****** *** ***** of ***** *** ********* through ********* ********** *******, which ** ******* ******.

[***************]

Executive *******

*** ********* **** **** Avrio ******** ********** ** ****, Cradlepoint *** *******.

Source *********

*** ********* (**) ******* *** ******** purchased ** *** *** to ******* * ******** CCTV ****** ** ****: (1)**** ******** *********** (*)**** *** ************. *** ***** ********, which ******** *** ******** price ********* *** ******** of ** "******* **** Camera ******** ******* ******* Surveillance ******" (*****) *** the ******, ****** *** component *********.

***** **********

*** ******* *** * product ** ***** *** Group. ***** *** ** IP ***** *** ******* in ******, **. ***** the ********** ** ***** cameras, Avrio *** ***** ******** by *******.

***** *******

*****'* ******* *** ******** at ************** **** ****** to ****** ****** ******* and ********* **** ***** areas. *******'* ***** ** configured **** ********* ******** to **** ******** ************, at *** **** ***** listed ****, ********,  *******, OnSSI, *** **** ** some ** ***** ********.

MPD ******* *************

******* *********** *** ******** ********* *** ******** ********* being **** ** *** Polecams deployed ** *** ***. The ******* ********** ********:

*** *********** ****** ********* that ***** ******* **** using ******** ************** *** video ******. *******, *** it *** ********** *** how * ****** *** able ** ****** *** equipment ** *******.

Ransomware ******

** * ********** **** ******* ** the ****, *** ***'* *** said **** ********** *** found ** *** ********* (presumably ******* **-** *****). ********** ******** data ****** ** * machine ***** *** **** pays *** **** ** receive * ********** *** to ******* *** **** to ** *********** ******. It ** *** *** known *** ****** ** the **-**'* *** *********** to ***** ******* ** install *** **********.

Ongoing *************

** *** ********** ** investigate *** ******* ** the ****, ********* ************* with *** ************* ********, and **** ******* * separate ****** **** **** information ******* *********, ****** from **** ** **** other *******. ****** **** direct *********, ****** ******* us ** ****@****.*** ************* ***** **.

Comments (14)

Undisclosed #1

02/21/17 04:45pm

Can Hitachi shed more light on this as Avrio is part of them?

Marty Calhoun

IPVMU Certified | 02/21/17 11:41pm

Thank you for the story and we look forward to the final report.

It will be interesting to see how far or how deep the published results will be concerning GENETEC, AXIS or CRADLE POINT. Amazing that this apparent 'hack' has even made it to the news without blaming Chinese camera manufacturers.

 

 

 

 

 

 

 

 

 

 

 

 

Undisclosed #2

02/22/17 04:54am

So it was a Windows machine after all!

That makes sense because that's the platform that ransomware overwhelmingly targets.

One scenario would be that a user PC was infected first thru an ill-advised download.  Once a client PC was infected, state of the art ransomware has the capability to infect other PCs on the LAN based on credentials found out the infected PC.  

 

Undisclosed Integrator #3

02/22/17 05:51am

IPVM must have been so disappointed it wasn't Hikvision.

Avatar

Rian Schermerhorn

In reply to Undisclosed Integrator #3 | 02/22/17 09:23pm

Disappointed, I'd think, is the wrong word.  Maybe a little surprised, but I personally would be even more surprised if I found out that Wash. DC surveillance was actually using a Chinese product like HIK.

Most would probably agree that Axis and Genetec are pretty strong when it comes to their focus and efforts toward cyber security, so all this information does is strengthen and enforce the reality that even the best products are vulnerable without outside help, and that installers / integrators today have as much responsibility as ever to ensure that the network side of the house is no longer a separate conversation.  Physical and cyber security systems will never be secure when they are treated separately.

Undisclosed Manufacturer #5

In reply to Undisclosed Integrator #3 | 02/24/17 01:56am

I doubt that, remember this is a genetec system. Unlikely they were attached to Genetec ;)

Paul King

02/23/17 01:08pm

So the hack occurred outside MPD's firewall? And also was it done wirelessly? Questions to ask, before sounding the alarm. 

Samuel Rodgers

02/23/17 04:02pm

Sounds like they went in through the cell 4G modem to access the sv16...i am assuming each pole site has an SV16 connected to the 4G router to connect back to main genetec system, and a small switch connected to the cameras on a local network.

We have a similar setup since we have a bunch of scattered buildings that connect back to main system over the internet, sv16 and axis cameras. However we do have a cisco firewall appliance at each location to protect our SV16s, so that those are only reachable from within our own network. Without that, it would just be a windows machine exposed to everything.

Avatar

Matthew Netardus

IPVMU Certified | 02/23/17 11:24pm

Has there been any information released about how this first came to light, or how the infection started (was it a hack of the wireless system, through a camera, through the NVR's, or done with a physical attack on the hardware itself)?

Were any other DC systems compromised as a result of this or was it contained to just the edge based appliances?

Undisclosed #4

In reply to Matthew Netardus | 02/24/17 12:02am

I keep hoping that someone will have these details, but I'm guessing that we will never know...

John Honovich

IPVM | In reply to Undisclosed #4 | 02/24/17 01:51am

I keep hoping that someone will have these details

More details are going to come. It's just early.

This is not like Mirai where hundreds of thousands of devices were hit around the globe and therefore it was easy to figure out what was happening.

Avatar

Matthew Netardus

IPVMU Certified | In reply to John Honovich | 02/24/17 02:41am

Has there been a mention of who was behind it? I know it ended in ransomware (I am assuming the city did not pay, or at least will publicly say they didnt pay; getting someone out to just wipe and re-install all of those machines seems do-able at this scale I suppose) but it would be interesting if they were able to pinpoint what group or individual was behind it

John Honovich

IPVM | In reply to Matthew Netardus | 02/24/17 12:08pm

Has there been a mention of who was behind it?

On Feb 4th, there was an announcement that 2 were arrested in London. I have not seen any new news reports since on those arrests.

Robert Shih

IPVM | 02/24/17 11:10pm

I think...and this may be a wild guess, this is a Windows vulnerability. Especially with the ransomware element and the fact that the Genetec appliance is Windows (and from 2013 probably 7 Pro [8 if they were stupid]) based...and knowing the overall mindset, they probably disabled updates so it was vulnerable.

In fact, chances are, most of the rest of the equipment probably isn't compromised. Just the NVR.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Police

Hikvision Global News Reports Directory on Nov 11, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Dahua Co-Founder Says Human Rights Sanctions Shows Strong Dahua Technology on Oct 29, 2019
Despite Dahua doing nearly a billion dollars of projects in Xinjiang, including building and operating police stations, Dahua not only denies 'any...
Covert Elevator Face Recognition on Oct 24, 2019
Covert elevator facial recognition has the potential to solve the cost and complexity of elevator surveillance while engendering immense privacy...
Critiquing Carnegie's AI Surveillance Paper on Sep 25, 2019
The Carnegie Endowment has issued an ambitious paper on the Global Expansion of AI Surveillance. While its aim is applaudable, the paper has...
UK Facewatch GDPR Compliance Questioned on Aug 27, 2019
Even as the GDPR strictly regulates biometrics, a UK company called Facewatch is selling anti-shoplifter facial recognition systems to hundreds of...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
Embattled $400 Million China Funded Philippines Surveillance System Proceeds on Jun 13, 2019
An embattled 12,000 camera surveillance system project that will cost ~$400 million will proceed. The project contract was awarded, had its...
China Jaywalking Facial Recognition Guide on May 27, 2019
News reports touting the PRC's AI prowess often showcase facial recognition cameras being used to automatically catch and fine jaywalkers. In...
Kidnapping Victim Rescued With Video From Ring Doorbell Camera on May 24, 2019
A kidnapping victim was rescued within 24 hours, with the police crediting video from a Ring Doorbell camera as key to solving the case. A girl was...

Most Recent Industry Reports

The Cowardly, Greedy "Leaders" of Video Surveillance - SIA on Nov 19, 2019
The video surveillance industry suffers from cowardly, greedy 'leaders' who are focused on maximizing easy money while undermining trust with the...
Hikvision Dual Lens Face Recognition Camera Tested on Nov 19, 2019
Hikvision's Dual Lens Facial Recognition camera, claims that it "adopts advanced deep learning algorithm and powerful GPU to realize instant face...
Top Manufacturers Gaining and Losing 2019 on Nov 18, 2019
2019 has been an explosive year for video surveillance, with the world's two largest manufacturers, Dahua and Hikvision, being sanctioned for human...
Hidden Camera Detectors Tested on Nov 18, 2019
Hidden cameras are a growing problem as cameras become smaller, cheaper and easier to access. However, some companies claim to be able to detect...
Wyze Fires Back at JCI - Your Patents Are Invalid, Pay All Of Our Costs on Nov 18, 2019
Goliath JCI targeted startup Wyze this summer alleging the fast-growing consumer startup was violating a slew of JCI's patents. Now, Wyze has...
ADT Stock Surges - "Leading The Commercial Space" on Nov 15, 2019
Don't call it comeback... but maybe call it a commercial provider. ADT, whose stock dropped by as much as 2/3rds since IPOing in 2018, has now...
Gatekeeper Security Company Profile - Detecting Faces Inside Vehicles on Nov 14, 2019
Border security is a common discussion in mainstream US news and politics, as is the use of banned Chinese equipment by US Government agencies....
Hikvision CEO And Vice-Chair Under PRC Government Investigation on Nov 14, 2019
In a surprising and globally covered move, Hikvision CEO Hu Yangzhong and Vice-Chairman Gong Hongjia are being investigated by China's securities...
Camera Field of View (FoV) Guide on Nov 13, 2019
Field of View (FoV) and Angle of View (AoV), are deceptively complex. At their most basic, they simply describe what the camera can "see" and seem...
UK Big Brother Watch: Hikvision Is 'Morally Bankrupt' on Nov 13, 2019
UK civil liberties advocate Big Brother Watch has condemned Hikvision as being 'morally bankrupt' following IPVM exposing Hikvision marketing...

What IPVM Is

The world's leading authority on video surveillance, with 200,000+ visits monthly.

  • Articles on cameras, video analytics, VMS, and trends
  • Tests showing actual performance and problems
  • Courses in surveillance, access control, etc
  • Camera Calculator for designing systems

Dedicated To Independence

We're dedicated to staying independent and objective. We're the only industry source to refuse any and all advertisements, sponsorship, and consulting from manufacturers. Why?