Romanian Hackers Take Over 65% of DC’s Surveillance Systems to Distribute Ransomware
Two Romanian hackers apparently took over 65% of the surveillance cameras in Washington DC, the US government has alleged. According to a complaint filed in the US District Court for the District of Columbia, the government said the two hackers were operating outside of the US and managed to infiltrate most of the outdoor surveillance cameras as part of an extortion campaign.
The attack is said to have occurred in January this year with hackers taking over 123 cameras out of 187 in the city that are operated by the DC city police. The Romanian criminal hackers identified by the US government as Mihai Alexandru Isvanca and Eveline Cismaru are accused by the government of "intent to extort from persons money and other things of value, to transmit in interstate and foreign commerce communications containing threats to cause damage to protected computers".
According to reports, the criminal complaint was filed in the District Court last week. The two are also accused of hacking into the computers behind these surveillance cameras to distribute ransomware through emails. According to Secret Service agent James Graham who submitted an affidavit in support of the criminal complaint, hackers meant to use the malware to lock their targets' computers and extort a ransom from them to regain access.
The evidence uncovered by the investigation shows that ISVANCA and CISMARU participated in a conspiracy to distribute ransomware by spam emails – that is, to send emails containing malicious software (also called malware) that would lock or encrypt files on various victim computers to which the malware was to be sent and installed and, then, to extort money from the victims in exchange for unlocking or decrypting files on the computers.
The hackers were apparently identified thanks to their email and IP addresses and records shared by Google. One of the associated Gmail ID was used to sign up on IFUD.WS, a known cybercriminal forum. Over this forum, the alleged criminals had posted a new topic titled: "Cerber one of the best ways to make money in 2017". They had also posted a call for "rdp suppliers who wants to work for cerber virus on a good %".
In his affidavit [PDF], Graham concludes that based on the above details (and more shared in the affidavit) there is probable cause to believe that between January 9, 2017, and January 12, 2017, the two hackers "participated in an intrusion into and taking control of approximately 123 internet-connected computers used by the Metropolitan Police Department of the District of Columbia (“MPDC”) to operate surveillance cameras in public, outdoor areas in the District of Columbia, which computers could then be used to send the ransomware-laden spam emails".