Hackers trick police into taking control of Washington, D.C. surveillance cameras

Over recent months, several network security firms, as well as independent researchers, have documented multiple cyberattacks against government organizations in various locations across the US, including states such as Atlanta, Georgia, New York, among others.

However, recent reports claim that this entire wave of cyberattacks may have begun shortly before President Trump’s inauguration. Local media claim that Eveline Cismaru and Alexandru Isvanca, hacking experts, managed to compromise the systems that control surveillance cameras in Washington, DC, days before the presidential ceremony. 

As reported by network security experts working with the US government, hackers fortuitously infiltrated in these systems, as their initial plan was to send a ransomware loaded email to hundreds of thousands of email addresses, obtained in a dark web forum.

Apparently, one of these email addresses belonged to a Washington police employee, which served as an access point for hackers to control at least 120 of the 186 police computers connected to surveillance systems.

Although after being arrested the hackers claimed that it was really easy to compromise these systems, they also forgot to cover their tracks, leading the authorities directly towards them. At the time of deploying this ransomware campaign, Cismaru was also operating a scam on Amazon, so that he used the same computer connected to the Washington police, which facilitated the work of the authorities.

In case this error hadn’t been enough, the hackers even ordered a pizza online using the email address used to send the ransomware emails; “It was a beginner’s mistake,” mentioned representatives of the Washington DC Police Department; both individuals were arrested soon after and are awaiting for their trial.

Although it is currently unknown whether hackers actually did not intend to access Washington’s surveillance systems, network security specialists from the International Institute of Cyber Security (IICS) consider this to be a clear sign of the security deficiencies present in multiple critical systems, a fact of considerable seriousness, as the malicious potential of such intrusions would put the authorities against the wall.