Hackers took over surveillance cameras just before inauguration, prosecutors say
By RACHEL WEINER | The Washington Post | Published: December 28, 2017
Romanian hackers took over two-thirds of Washington's outdoor surveillance cameras just before President Donald Trump's inauguration, according to a federal criminal complaint unsealed Thursday.
The January attack affected 123 of the police department's 187 outdoor surveillance cameras, leaving them unable to record for several days. Two Romanians, who law enforcement officials describe as part of a bigger extortionist hacking group, are being charged in federal court with fraud and computer crimes.
"This case was of the highest priority due to its impact on the Secret Service's protective mission and its potential effect on the security plan for the 2017 Presidential Inauguration," a spokesman for U.S. Attorney Jessie K. Liu said in a statement.
Alexandru Isvanca, 25, and Eveline Cismaru, 28, were arrested in Romania earlier this month, along with three other Romanian hackers who will face prosecution in Europe. The U.S. charges, filed under seal on Dec. 11, were first reported by CNN.
Prosecutors plan to seek extradition for Isvanca and Cismaru soon, according to court filings. They both face up to 20 years in prison if convicted.
On Jan. 12, Washington police noticed that several surveillance cameras were not functioning properly. Secret Service Agent Brian Kaiser was given access to the computers that operate the cameras, according to the court filing, and saw that they had been taken over by non-police users. Those people were sending spam messages infected with ransomware to a long list of email addresses.
The city resolved the problem by taking the devices offline, removing all software and restarting the system at each site, a process that took about two days, according to police. From Jan. 12 to Jan. 15, none of the cameras were able to record video. No ransom was paid.
There is no evidence the disruption threatened or harmed anyone's safety, according to the U.S. Attorney's Office.
Ransomware is generally spread in email links or attachments and encrypts files or otherwise locks users out of their computers until they pay to regain access.
It's unclear whether the hackers knew they were infecting police computers. The Secret Service was able to see the computers accessing multiple email addresses, according to the court papers, and those addresses led authorities to Isvanca and Cismaru.
Two people were arrested in London as part of the same investigation in February. A tracking number for a package that was displayed on one of the hacked police computers brought law enforcement to their address. But according to the affidavit, a forensic analysis of their devices revealed no connection to the crime. A British health-care company's IP address was used to create that online order; that company also reported being hacked.