Menu

IoT FEATURE NEWS

When A Ransomware Attack Took over Cameras, Where Was the Last Line of Defense?

By

Video surveillance cameras used every day to survey the streets of Washington DC and keep the people safe – hacked! We are familiar with data hacks, but this incident received noteworthy press coverage because it was one of the first high profile public examples of operational technology (OT) being impacted by ransomware.

The Romanian hackers took control of 123 of the Washington, DC police department's 187 outdoor surveillance cameras in January of 2017 – rendering them unable to record between January 12 through January 15 - just eight days before President Trump's inauguration.

Operational technology is comprised of the hardware and software used to control and monitor industrial processes — processing lines, utilities and the packaging equipment involved in producing products – which are not designed with security in mind. As OT systems become increasingly controlled by hardware and software they become more complex and more vulnerable.

To date, ransomware has been known mainly to effect enterprise IT networks. The fact that it is now attacking operational technology devices and facilities is a significant change that can have real impacts on cyber-physical concerns. With OT it is not just data that is being held for ransom, it could be a real threat to human life.

To resolve the problem, DC police took each of the compromised devices offline, removed all software, then reinstalled new video recording software and restarted each system individually. This process caused great loss in terms of time and money to fix the problem, not to mention the inability to monitor the streets of our capital city while the CCTV cameras were off line.

Because the intrusion affected a finite number of the CCTV cameras that police use to watch over public areas, identifying the cause became a top priority because of the potential impact on the Secret Service's ability to secure the 2017 Presidential Inauguration.

The DC Police detected the attack on January 12th when they learned that several cameras were malfunctioning. They discovered two separate forms of ransomware in four of their video recording devices and commenced a citywide examination of the network to find the remaining infected sites; 70% of their video storage devices were found to be infected.

Ransomware infects computers and can be triggered by something as seemingly innocuous as opening an attachment or clicking a link in an email message. This type of cyberweapon encrypts files and locks out users until they pay the ransom. No ransom was paid to the hackers in this case.

The suspects, Eveline Cismaru and Mihai Alexandru Isvanca, were also accused of using the computers they gained control of to distribute ransomware through spam emails. Law enforcement officials believe that Cismaru and Isvanca were part of a large extortionist group and have charged both of the Romanian nationals in DC Federal Court with fraud and computer crimes.

According to an affidavit by Secret Service Special Agent, James Graham, the hackers intended to lock victims' computers and then extort users for payments in order to release their data. In the affidavit, Cismaru and Isvanca are accused of "intent to extort from persons money and other things of value, to transmit in interstate and foreign commerce communications containing threats to cause damage to protected computers." It is not yet clear if they knew that they had hacked into a DC Police Dept. network.

The affidavit also states that the hackers were found through their registered email addresses and were arrested in Romania in January of 2017 along with three other suspects who will face prosecution in Europe.

Could This Attack Have Been Averted?
These CCTV cameras and the computers that operate them could have been spared this calamity altogether had a “last line of defense” solution been in-place.

A last line of defense is a cybersecurity device placed in front of any operational technology endpoint to validate all incoming commands and communications. In the case of DC’s CCTV devices, the last line of defense would have recognized the shut-off command as fraudulent, blocked it, and immediately notified authorities of the attempted breach. This command could have been validated in real-time.

Empowered with these resources, an organization’s IT department can create a whitelist of allowed commands for any device, while preventing and/or alerting authorities on any commands that fall outside of what is allowed.

This solution should easily fit right into the control environment, to shield critical infrastructure against cyberattacks without interruption. It should augment the traditional firewall, perimeter and signature-based defense, extending protection to networked system endpoints using protocol-specific parsing and whitelisting to assure data integrity.

3eTI’s CyberFence CIP series acts as a last line of defense to protect industrial devices like CCTVs and their computer controllers that are also quite vulnerable. It sits in front of them and validates all of the commands going to that controller.

This type of last line of defense should be incorporated into an end-to-end, robust and layered cyber-physical defense. A complete end-to-end solution must be employed for all computers and devices, including CCTVs.

It is very important to realize that OT isn’t the same thing as enterprise IT. OT needs its own special last line of defense that goes beyond what is required to protect an enterprise’s front office systems such as accounting, ERP and CRM, etc.

The hackers who were arrested for this incident learned first-hand that it doesn’t pay to hack into a police department. And with a layered security ecosystem, complete with a line of defense strategy, it won’t pay to hack into any organization. 

About the author: Matt Henson is General Manager for Ultra Electronics, 3eTI. Henson a highly accomplished executive with more than 13 years of Department of Defense (DoD) experience, an active DoD SECRET clearance, and advanced expertise in all facets of project, program and portfolio management from pursuit to close out. 




Edited by Ken Briodagh


SHARE THIS ARTICLE
Related Articles

myDevices and Arm Partner to Simplify IoT

By: Ken Briodagh    10/18/2018

Combining myDevices' IoT in a Box technology with Arm Pelion IoT Platform creates an easy onboarding experience while providing enterprise-grade IoT c…

Read More

Afero Creates "Bank of Things" In Collaboration With MUFG

By: Ken Briodagh    10/17/2018

Afero has pointed the finger at the emerging world of IoT banking working to enable things to pay each other via secure micropayments, blockchain, and…

Read More

City of Tampere, Finland, Publishes The Smart City Cookbook

By: Ken Briodagh    10/17/2018

The city of Tampere, Finland has published "The Smart City Cookbook" to provide a guide that cities and other smart city program leaders can use when …

Read More

RoboticsX Opens New R&D Facility in Slovenia

By: Ken Briodagh    10/17/2018

According to a recent announcement, RoboticsX has opened a new research and development center in Ljubljana, the capital of Slovenia.

Read More

C3 and AWS Expand Collaboration to Drive Enterprise AI Adoption

By: Ken Briodagh    10/17/2018

C3 and AWS establish market development fund to fuel adoption of AI across commercial and public sector organizations

Read More