Massive Federal CCTV System Attack on Washington D.C., 70% of System Hacked

Washington D.C. surveillance camera recording units hacked before Trump's inauguration

Just a few days before president Donald Trump’s inauguration, more than 70% of Washington D.C.’s CCTV network was hacked by cybercriminals.

The method these hackers used was ransomware, and it affected the storage devices that record data from federal surveillance cameras all around D.C.

The Hacker News report shows that the hackers managed to “plant” ransomware in 123 of the 187 recording and storage devices that each control four video surveillance units.

Though no ransom was actually paid, the cameras were forced to be taken offline, and no recordings were possible between January 12 and January 15. Officials informed Washington Post that the devices were taken offline, the malware infection removed and the systems rebooted to get them back online.

No confirmation was forthcoming about whether or not any data was actually stolen or if the hack merely crippled the system and forced a shutdown across D.C.

D.C.’s CTO, Archana Vemulapalli, said that investigation was ongoing into the source of the cyberattack, and assured the public that the breach was restricted to these CCTV storage devices, and that none of D.C.’s other federal networks were impacted.

Ransomware is an increasingly popular method of cybersecurity breach that disables a particular system and then demands that the user pay the hacker a certain amount of money for a decryption key that will allow them to use the system again.

The Herjavec Group, one of the premier security companies in the United States, says that ransomware payouts hit $209 million in just the first three months of 2016 compared to the total payout of $24 million the year before. The group also said that the entire year’s figure for 2016 would exceed $1 billion.

The group’s Vice President of Remediation Services, Matt Anthony, says that the rise of Bitcoin and other cryptocurrencies have made it “possible, safe and easy” for hackers to demand and receive payments anonymously. Because of this increased opportunity, he says that types and number of cybercrime opportunities have also increased.

In their report titled Hackerpocalypse: A Cybercrime Revelation, the Herjevac Group shows that globally, the cost of cybercrime on businesses and individuals was a whopping $3 trillion in 2015, and is estimated to double to $6 trillion by 2021.

The most alarming part about all this is that ransomware is now being sold under the ransomware-as-a-service model, similar to a lot of cloud computing offerings. Under this model, ransomware can be purchased and deployed even by people with no hacking experience. The buyer then commits to give the seller a percentage of the “take”, usually set at 40%.

One of the most active ransomeware groups today is Cerber, which actually offers a “ransomware for dummies” type of package that provides the buyer with all the resources they need. That makes Cerber potentially far more dangerous than any other hacking group, including Locky, which operates with just one person, or threat actor, and doesn’t sell or share its methods with anyone.

According to ZDNet, information from researchers showed last year that there were over 150 live campaigns operating under Cerber’s methods across 201 countries. The biggest payouts came from South Korea, the United States and Taiwan, together accounting for over half the total payouts.

The worst thing is that Cerber authors aren’t happy to sit back and enjoy the ill-gotten royalties from the community. They’ve also developed Cerber 2, which has improved capabilities. Cerber is reported to be making about $1 million a year just from the affiliate scheme. The money is then laundered via a series of Bitcoin accounts that ultimately make it untraceable.

Surprisingly, the huge amount of money that is generated from ransomware comes from a very small pool of victims. Check Point says that only 0.3% of all victims actually pay the ransom to get access to their files again. Even at that minuscule percentage, there’s a lot of money to be made from this “game.”

The primary mode of attack for ransomware is through phishing emails. Once the malware is in, it then proceeds to encrypt your files. When you try to access them, you’ll typically see a screen notification from the hacker asking you to click on a link and pay a certain amount of money to buy the decryption key. Unfortunately, making the payment is no guarantee that you’ll actually receive the decryption key from them.

The best way to avoid being a victim is to be very wary of what emails you’re opening, what links you’re clicking on and what attachments you’re trying to download. Avoid opening anything that looks unfamiliar or odd, even if it’s from a known person. Often, a trusted contact’s email ID may be used to get to you. If you see anything suspicious about an email, immediately trash it and permanently remove it from your system.

If you’ve already been affected, then there are several security companies that can help you unlock your files for a nominal fee, as well as offer you protection for the future.

Thanks for reading our work! Please bookmark to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.