Menu

IoT FEATURE NEWS

When A Ransomware Attack Took over Cameras, Where Was the Last Line of Defense?

By

Video surveillance cameras used every day to survey the streets of Washington DC and keep the people safe – hacked! We are familiar with data hacks, but this incident received noteworthy press coverage because it was one of the first high profile public examples of operational technology (OT) being impacted by ransomware.

The Romanian hackers took control of 123 of the Washington, DC police department's 187 outdoor surveillance cameras in January of 2017 – rendering them unable to record between January 12 through January 15 - just eight days before President Trump's inauguration.

Operational technology is comprised of the hardware and software used to control and monitor industrial processes — processing lines, utilities and the packaging equipment involved in producing products – which are not designed with security in mind. As OT systems become increasingly controlled by hardware and software they become more complex and more vulnerable.

To date, ransomware has been known mainly to effect enterprise IT networks. The fact that it is now attacking operational technology devices and facilities is a significant change that can have real impacts on cyber-physical concerns. With OT it is not just data that is being held for ransom, it could be a real threat to human life.

To resolve the problem, DC police took each of the compromised devices offline, removed all software, then reinstalled new video recording software and restarted each system individually. This process caused great loss in terms of time and money to fix the problem, not to mention the inability to monitor the streets of our capital city while the CCTV cameras were off line.

Because the intrusion affected a finite number of the CCTV cameras that police use to watch over public areas, identifying the cause became a top priority because of the potential impact on the Secret Service's ability to secure the 2017 Presidential Inauguration.

The DC Police detected the attack on January 12th when they learned that several cameras were malfunctioning. They discovered two separate forms of ransomware in four of their video recording devices and commenced a citywide examination of the network to find the remaining infected sites; 70% of their video storage devices were found to be infected.

Ransomware infects computers and can be triggered by something as seemingly innocuous as opening an attachment or clicking a link in an email message. This type of cyberweapon encrypts files and locks out users until they pay the ransom. No ransom was paid to the hackers in this case.

The suspects, Eveline Cismaru and Mihai Alexandru Isvanca, were also accused of using the computers they gained control of to distribute ransomware through spam emails. Law enforcement officials believe that Cismaru and Isvanca were part of a large extortionist group and have charged both of the Romanian nationals in DC Federal Court with fraud and computer crimes.

According to an affidavit by Secret Service Special Agent, James Graham, the hackers intended to lock victims' computers and then extort users for payments in order to release their data. In the affidavit, Cismaru and Isvanca are accused of "intent to extort from persons money and other things of value, to transmit in interstate and foreign commerce communications containing threats to cause damage to protected computers." It is not yet clear if they knew that they had hacked into a DC Police Dept. network.

The affidavit also states that the hackers were found through their registered email addresses and were arrested in Romania in January of 2017 along with three other suspects who will face prosecution in Europe.

Could This Attack Have Been Averted?
These CCTV cameras and the computers that operate them could have been spared this calamity altogether had a “last line of defense” solution been in-place.

A last line of defense is a cybersecurity device placed in front of any operational technology endpoint to validate all incoming commands and communications. In the case of DC’s CCTV devices, the last line of defense would have recognized the shut-off command as fraudulent, blocked it, and immediately notified authorities of the attempted breach. This command could have been validated in real-time.

Empowered with these resources, an organization’s IT department can create a whitelist of allowed commands for any device, while preventing and/or alerting authorities on any commands that fall outside of what is allowed.

This solution should easily fit right into the control environment, to shield critical infrastructure against cyberattacks without interruption. It should augment the traditional firewall, perimeter and signature-based defense, extending protection to networked system endpoints using protocol-specific parsing and whitelisting to assure data integrity.

3eTI’s CyberFence CIP series acts as a last line of defense to protect industrial devices like CCTVs and their computer controllers that are also quite vulnerable. It sits in front of them and validates all of the commands going to that controller.

This type of last line of defense should be incorporated into an end-to-end, robust and layered cyber-physical defense. A complete end-to-end solution must be employed for all computers and devices, including CCTVs.

It is very important to realize that OT isn’t the same thing as enterprise IT. OT needs its own special last line of defense that goes beyond what is required to protect an enterprise’s front office systems such as accounting, ERP and CRM, etc.

The hackers who were arrested for this incident learned first-hand that it doesn’t pay to hack into a police department. And with a layered security ecosystem, complete with a line of defense strategy, it won’t pay to hack into any organization. 

About the author: Matt Henson is General Manager for Ultra Electronics, 3eTI. Henson a highly accomplished executive with more than 13 years of Department of Defense (DoD) experience, an active DoD SECRET clearance, and advanced expertise in all facets of project, program and portfolio management from pursuit to close out. 




Edited by Ken Briodagh


SHARE THIS ARTICLE
Related Articles

Ericsson and Swisscom Team Up on European Commercial 5G

By: Ken Briodagh    4/18/2019

Swisscom consumers will have commercial 5G services in 54 cities and communities across Switzerland, enabled by Ericsson's 5G network features

Read More

IoT Time Podcast S.4 Ep.13 Qualcomm at San Diego Smart Cities Week

By: Ken Briodagh    4/17/2019

On this episode of IoT Time Podcast, Ken Briodagh sits down with Sanjeet Pandit, Head of Smart Cities, Qualcomm at San Diego Smart Cities Week, and he…

Read More

Optimizing Industrial Assets Through IoT

By: Ken Briodagh    4/17/2019

Coming up next week is a webinar sponsored by Bsquare that will focus in on IIoT assets and how they can be optimized for ideal value from the analyti…

Read More

Polte Adds IoT Entrepreneur Daniel Collins to Advisory Board

By: Ken Briodagh    4/16/2019

Co-Founder of Jasper Technologies Brings More Than Three Decades Experience in Telecommunications from Cisco, Alcatel, AT&T and Ericsson

Read More

IoT End Users, Leaders & Innovators are Invited to Present Case Studies & Best Practices at IoT Evolution Expo 2020

By: TMCnet News    4/9/2019

The Leading IoT Event for the Enterprise seeks speakers to offer insight on the impact of IoT implementations across industries.

Read More