Menu

IoT FEATURE NEWS

When A Ransomware Attack Took over Cameras, Where Was the Last Line of Defense?

By

Video surveillance cameras used every day to survey the streets of Washington DC and keep the people safe – hacked! We are familiar with data hacks, but this incident received noteworthy press coverage because it was one of the first high profile public examples of operational technology (OT) being impacted by ransomware.

The Romanian hackers took control of 123 of the Washington, DC police department's 187 outdoor surveillance cameras in January of 2017 – rendering them unable to record between January 12 through January 15 - just eight days before President Trump's inauguration.

Operational technology is comprised of the hardware and software used to control and monitor industrial processes — processing lines, utilities and the packaging equipment involved in producing products – which are not designed with security in mind. As OT systems become increasingly controlled by hardware and software they become more complex and more vulnerable.

To date, ransomware has been known mainly to effect enterprise IT networks. The fact that it is now attacking operational technology devices and facilities is a significant change that can have real impacts on cyber-physical concerns. With OT it is not just data that is being held for ransom, it could be a real threat to human life.

To resolve the problem, DC police took each of the compromised devices offline, removed all software, then reinstalled new video recording software and restarted each system individually. This process caused great loss in terms of time and money to fix the problem, not to mention the inability to monitor the streets of our capital city while the CCTV cameras were off line.

Because the intrusion affected a finite number of the CCTV cameras that police use to watch over public areas, identifying the cause became a top priority because of the potential impact on the Secret Service's ability to secure the 2017 Presidential Inauguration.

The DC Police detected the attack on January 12th when they learned that several cameras were malfunctioning. They discovered two separate forms of ransomware in four of their video recording devices and commenced a citywide examination of the network to find the remaining infected sites; 70% of their video storage devices were found to be infected.

Ransomware infects computers and can be triggered by something as seemingly innocuous as opening an attachment or clicking a link in an email message. This type of cyberweapon encrypts files and locks out users until they pay the ransom. No ransom was paid to the hackers in this case.

The suspects, Eveline Cismaru and Mihai Alexandru Isvanca, were also accused of using the computers they gained control of to distribute ransomware through spam emails. Law enforcement officials believe that Cismaru and Isvanca were part of a large extortionist group and have charged both of the Romanian nationals in DC Federal Court with fraud and computer crimes.

According to an affidavit by Secret Service Special Agent, James Graham, the hackers intended to lock victims' computers and then extort users for payments in order to release their data. In the affidavit, Cismaru and Isvanca are accused of "intent to extort from persons money and other things of value, to transmit in interstate and foreign commerce communications containing threats to cause damage to protected computers." It is not yet clear if they knew that they had hacked into a DC Police Dept. network.

The affidavit also states that the hackers were found through their registered email addresses and were arrested in Romania in January of 2017 along with three other suspects who will face prosecution in Europe.

Could This Attack Have Been Averted?
These CCTV cameras and the computers that operate them could have been spared this calamity altogether had a “last line of defense” solution been in-place.

A last line of defense is a cybersecurity device placed in front of any operational technology endpoint to validate all incoming commands and communications. In the case of DC’s CCTV devices, the last line of defense would have recognized the shut-off command as fraudulent, blocked it, and immediately notified authorities of the attempted breach. This command could have been validated in real-time.

Empowered with these resources, an organization’s IT department can create a whitelist of allowed commands for any device, while preventing and/or alerting authorities on any commands that fall outside of what is allowed.

This solution should easily fit right into the control environment, to shield critical infrastructure against cyberattacks without interruption. It should augment the traditional firewall, perimeter and signature-based defense, extending protection to networked system endpoints using protocol-specific parsing and whitelisting to assure data integrity.

3eTI’s CyberFence CIP series acts as a last line of defense to protect industrial devices like CCTVs and their computer controllers that are also quite vulnerable. It sits in front of them and validates all of the commands going to that controller.

This type of last line of defense should be incorporated into an end-to-end, robust and layered cyber-physical defense. A complete end-to-end solution must be employed for all computers and devices, including CCTVs.

It is very important to realize that OT isn’t the same thing as enterprise IT. OT needs its own special last line of defense that goes beyond what is required to protect an enterprise’s front office systems such as accounting, ERP and CRM, etc.

The hackers who were arrested for this incident learned first-hand that it doesn’t pay to hack into a police department. And with a layered security ecosystem, complete with a line of defense strategy, it won’t pay to hack into any organization. 

About the author: Matt Henson is General Manager for Ultra Electronics, 3eTI. Henson a highly accomplished executive with more than 13 years of Department of Defense (DoD) experience, an active DoD SECRET clearance, and advanced expertise in all facets of project, program and portfolio management from pursuit to close out. 




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Rising Edge Computing Investments to Reach $350B by 2027, According to IDC

By: Alex Passett    3/27/2024

Worldwide spending on edge computing is expected to surge (and then keep going) for the foreseeable future, according to the International Data Corpor…

Read More

ZEDEDA Adds Lisa Edwards as New Board Member, Seeks Opportunities to Strengthen Operations and Scale

By: Alex Passett    3/26/2024

Earlier this morning, ZEDEDA announced the addition of Lisa Edwards to its board of directors.

Read More

An Existing IoT Collab, Emboldened: Digi International and Telit Cinterion Transform Solutions with 5G RedCap Integration

By: Alex Passett    3/25/2024

The ongoing industry collaboration between Digi International and Telit Cinterion signals strong support for the mainstream showcasing of 5G for IoT a…

Read More

Telit Cinterion's 5G LGA Modules, Powered by Snapdragon from Qualcomm, to Create a Big Leap in IoT Connectivity

By: Alex Passett    3/25/2024

Telit Cinterion recently unveiled its FE990B34/40 LGA family of modules, powered by the Snapdragon X72 5G Modem-RF System from Qualcomm Technologies, …

Read More

Embracing Innovation in Mining: The Role of Network-Aware Applications in the Digital Transformation

By: Special Guest    3/21/2024

Shabodi leverages private 5G network capabilities and enables the development of network-aware applications to enhance operational efficiency, automat…

Read More