D.C. Police Hackers Sought to Shut Down 179,000 Accounts

When hackers took over two-thirds of Washington, D.C.’s police’s surveillance cameras shortly before the 2017 presidential inauguration, it appeared that the cyberattack was limited to elicit a single ransom payment. The alleged scheme actually was far more ambitious, the Washington Post reports. Federal authorities say two Romanians accused in the hacking planned to use police department computers to email ransomware to more than 179,000 accounts. That would have allowed them to extort those users as well  and use city government computers to hide their digital tracks. Prosecutors said the alleged hackers had  stolen banking credentials and account passwords, and could have committed “fraud schemes with anonymity.”

Authorities uncovered a separate scheme run by the same people — an allegedly fraudulent business that tricked Amazon’s offices in Great Britain into sending money to the Romanians. The intrusion caused 123 of the police department’s 187 surveillance cameras to go dark eight days before Donald Trump was sworn in as president, prompting national security concerns. Police say the incident did not affect safety or harm any investigations, but cybersecurity experts said it highlights the digital threat faced by governments and businesses and raises questions about the city’s ability to  identify hacking quickly. “The question we should be asking of police is what controls were lacking and why were they unable to detect such an obvious intrusion,” said Alex Rice of HackerOne, a California firm that works with companies and the Defense Department to test computer security. The U.S. Attorney is seeking to extradite Mihai Alexandru Isvanca, 25, from Romania. His alleged accomplice, Eveline Cismaru, 28, has been extradited and appeared in federal court on Friday.