Search the Community
Showing results for tags 'cameras'.
Found 2 results
straycat19 posted a topic in Security & Privacy NewsWhen hackers took over two-thirds of D.C. police’s surveillance cameras days before the 2017 presidential inauguration, it appeared that the cyberattack was limited to elicit a single ransom payment. But court documents show that the alleged scheme that January was far more ambitious. Federal authorities say two Romanians accused in the hacking planned to use the police department computers to email ransomware to more than 179,000 accounts. That would have allowed them to extort those users as well — and use city government computers to hide their digital tracks. Prosecutors said the alleged hackers had also stolen banking credentials and account passwords, and, using the police computers, could have committed “fraud schemes with anonymity.” In addition, authorities said they uncovered a separate scheme run by the same people — an allegedly fraudulent business that tricked Amazon’s offices in Great Britain into sending money to the Romanians. (Amazon’s chief executive, Jeffrey P. Bezos, owns The Washington Post.) The intrusion in the District occurred Jan. 9-12, 2017, and caused 123 of the police department’s 187 surveillance cameras to go dark eight days before Donald Trump was sworn in as president, sparking national security concerns. It appears the timing was a coincidence; prosecutors said the hackers probably did not know that the computers were used by police. D.C. police say the incident did not affect safety or harm any investigations, but cybersecurity experts said it highlights the digital threat faced by governments and businesses and raises questions about the city’s ability to quickly identify hacking. “The question we should be asking of police is what controls were lacking and why were they unable to detect such an obvious intrusion,” said Alex Rice, the chief technology officer and co-founder of HackerOne, a California firm that works with companies and the Defense Department to test computer security. District officials said they are working hard to protect the city against a constant stream of cyberattacks. They did not answer questions specifically about the police cameras, citing the ongoing criminal investigation. Kevin Donahue, the deputy mayor for public safety, said in a statement that the District’s cybersecurity program “is critical to our public safety, health care, and public education agencies.” His statement added that “each year, we see more than one billion malicious intrusion attempts, including ransomware, denial of service, and phishing attacks. We are continuously working to improve our cybersecurity defenses to ensure they protect our IT systems from the constantly evolving methods of cyber attacks.” The U.S. attorney’s office for the District is seeking to extradite Mihai Alexandru Isvanca, 25, from Romania. His alleged accomplice, Eveline Cismaru, 28, has been extradited. She made her initial appearance on Friday in U.S. District Court in Washington. Prosecutors said Cismaru lacks ties to the United States and fled Romania while appealing a court order to extradite her from there to the United States. Authorities tracked her to London, where she was arrested, prosecutors said in court documents filed Friday. Isvanca and Cismaru have been charged with fraud and computer crimes and face 20 years in prison if convicted. An attorney for Isvanca did not return calls seeking comment. Cary Citronberg, who is representing Cismaru, said in a statement that his client has a 2-year-old son in Europe. “We believe Ms. Cismaru belongs back with her son and we are hopeful she will be able to put this ordeal behind her quickly so she can be reunited with her family,” he said. A hearing in federal court is scheduled for Aug. 16. Cismaru is being detained. Police say the alleged hackers were detected only when they shut the system down. D.C. police said the hack that locked up the system was noticed after a city employee tried to sign on to the computer system that runs the outdoor cameras and saw a “splashscreen.” A notice highlighted in red announced a “cerber ransomware” and warned that “your documents, photos, databases and other important files have been encrypted!” It said the system could be unlocked with a bitcoin payment of more than $60,000. Cerber, along with “dharma,” are two types of ransomware programs. Both had been downloaded onto the police system that runs the cameras. Authorities said the hackers routed emails through the police servers, including some sent to “vand.suflete” on Gmail. The term in Romanian means “selling souls.” D.C. officials quickly took the closed-circuit TV system offline, removed the software and restarted the cameras. They ignored the ransom demand. Authorities said they later learned that some of the emails routed through the police computers referenced IP addresses (a computer’s unique address) that did not include systems owned by D.C. police. Authorities said one was a health-care company in London. One browser downloaded onto the police computer had a user name listed as “David Andrew” with a Gmail account of “david.andrews2005.” In one affidavit filed in the case by the Secret Service, prosecutors say Isvanca and Cismaru also set up a fake company called Lake L. and linked it to Amazon.com.uk. Authorities said investigators found some of the same emails used by the fake company as used by the hackers on the police computers. When people placed orders with Amazon, the affidavit says, the suspects used stolen credit cards to buy the requested items at another website. Once those items were shipped from the other website, the affidavit says the suspects provided those postal tracking numbers to Amazon, which then released the money paid by the purchasers to the suspects. Police in Romania and in the United States were able to track various computer IP addresses and email accounts to the suspects, according to the affidavit. One tip came from an online takeout order from Andy’s Pizza, a restaurant in Bucharest. The person placed an order on Jan. 9, 2017 — the same day the D.C. computers were hacked — using the david.andrews2005 account and giving the clerk the name “Mihai Alexandru,” according to an invoice pulled by police and referenced in the affidavit filed in federal court. Later, during an interview with investigators, the affidavit says Isvanca told them that Cismaru lived in a fifth-floor apartment on Strada Bucur, near downtown and where the takeout order had originated. That, police said, helped them link the email address to the suspects. Rice said that police in cyber-investigations try to collect hard evidence such as a paper receipts to make it more difficult for a defendant to argue that someone else had used or hacked a computer. The receipt from Andy’s, Rice said, is probably that type of evidence. Rice said it appears that U.S. and foreign law enforcement agencies worked well together, but he warned “that we can’t rely on law enforcement as a deterrent” to cybercrimes. “We have got to hold companies and organizations responsible for implementing basic security practices that make it difficult for criminals. They are tempted by this low-level fruit.” Source
[Poster Comment: Personally I don't understand why they would need encryption since they had no protection in the age of film, which could be and was confiscated or destroyed and could be stolen. Just because the medium has changed there doesn't need to be an expensive system put in place that would cost everyone more, not just the professional photographers. And their cards could still be stolen.] A year after photojournalists and filmmakers sent a critical letter to camera makers for failing to add a basic security feature to protect their work from searches and hacking, little progress has been made. The letter, sent in late-2016, called on camera makers to build encryption into their cameras after photojournalists said they face "a variety of threats from border security guards, local police, intelligence agents, terrorists, and criminals when attempting to safely return their footage so that it can be edited and published," according to the Freedom of the Press Foundation, which published the letter. The threat against photojournalists remains high. The foundation's US Press Freedom Tracker tallied more than 125 incidents against reporters last year, including the smashing of reporters' cameras and the "bodyslam" incident. Even when they're out in the field, collecting footage and documenting evidence, reporters have long argued that without encryption, police, the military, and border agents in countries where they work can examine and search their devices. "The consequences can be dire," the letter added. Although iPhones and Android phones, computers, and instant messengers all come with encryption, camera makers have fallen behind. Not only does encryption protect reported work from prying eyes, it also protects sources -- many of whom put their lives at risk to expose corruption or wrongdoing. The lack of encryption means high-end camera makers are forcing their customers to choose between putting their sources at risk, or relying on encrypted, but less-capable devices, like iPhones. We asked the same camera manufacturers if they plan to add encryption to their cameras -- and if not, why. The short answer: don't expect much any time soon. An Olympus spokesperson said the company will "in the next year... continue to review the request to implement encryption technology in our photographic and video products and will develop a plan for implementation where applicable in consideration to the Olympus product roadmap and the market requirements." When reached, Canon said it was "not at liberty to comment on future products and/or innovation." S ony also said it "isn't discussing product roadmaps relative to camera encryption." A Nikon spokesperson said the company is "constantly listening to the needs of an evolving market and considering photographer feedback, and we will continue to evaluate product features to best suit the needs of our users." And Fuji did not respond to several requests for comment by phone and email prior to publication. Trevor Timm, executive director of the Freedom of the Press Foundation, told ZDNet that it's "extremely disappointing the major camera manufacturers haven't even committed to investing resources into more research into this issue, let alone actually building solutions into their cameras." "Dozens of the world's best filmmakers made clear a year ago that camera companies -- in today's world -- have an obligation to build in a way for everyone to encrypt their files and footage to potentially help keep them safe," he added. "I hope the camera companies eventually listen to some of their most important and at-risk customers," he said. Article