back to article Ransomware killed 70% of Washington DC CCTV ahead of inauguration

Criminals infected 70 percent of storage devices tied to closed-circuit TVs in Washington DC eight days before the inauguration of President Donald Trump. The ransomware infection downed 123 of its 187 network video recorders, each controlling up to four CCTVs, and forced the city to wipe its affected IT systems which it says …

Silver badge

I didn't think the tRump team had that much talent!

Maybe they relied on some "outsourced" resources?

As far as I can tell, someone set up the Donelled with a hotkey to log into his "I'm Really Donald" twitter account because, as far as I can tell, it is incapable of actually operating a tie-the-shoelace maneuver.

When does that picayune little person have time to twit, let alone write all those grand executive ordures? Does anyone else think that we have a facade of a presidency with something much less pleasant behind the curtain? Not that I can think of anything less pleasant than its personage. Not that Vlad is associated with this or various recent deaths but rational minds would like to know.

5
11

This post has been deleted by its author

Silver badge

Re: I didn't think the tRump team had that much talent!

Does anyone else think that we have a facade of a presidency with something much less pleasant behind the curtain?

Does anyone think that we haven't had this for at least the last 4 or 5 presidents?

22
0
Silver badge

Re: I didn't think the tRump team had that much talent!

"Does anyone think that we haven't had this for at least the last 4 or 5 presidents?"

Yeah, but who would have thought Zaphod Beeblebrox's second head would turn out to be a Tribble?

1
1
Silver badge

DC PD is operated by the federal gov and has some federal duties. So yes it does have to do wit the federal gov.

3
0
Silver badge

You're right.. I spaced that.... I'll withdraw my post.

But it was a nice rant. Ranting at whoever is President is fine. Just that this happened under Obama's watch so the rant was still misplaced.

4
0
Silver badge

You might be thinking of the Capitol Police, DC PD is a separate entity that belongs to the -City- of Washington and reports to the mayor / City Council. The Capitol Police, however only really report to the Feds in that they ask for money and their cases are seen by the Special District Federal Circuit Court. They were created to operate mostly autonomously so that no one could abuse their power to get away with criminal activity (The Capitol Police don't have jurisdiction in the Congressional Chambers, the Supreme Court Chambers, or the Executive Offices, so there isn't much that can be done about any of those crimes...)

2
0
Silver badge

https://en.wikipedia.org/wiki/Metropolitan_Police_Department_of_the_District_of_Columbia

nope DC PD. Congress has control of DC and laws passed in DC.

0
0
Silver badge
Holmes

No word on how it got in?

Usually these things are single exes that run under Windows. Is there one machine with write access to absolutely everything on which someone downloaded and ran "hot_doughnut_action.avi.exe"? Did a copy of the malware make it onto and get executed on every separate machine somehow? Have steps been taken to prevent such things from happening again? Are the cameras of sufficient quality to capture every variation in the orange spectrum?

We may never know.

6
0

Re: No word on how it got in?

I wouldn't be surprised if it was more down to one/several of these NVR's being hooked up without changing default credentials and onto a network segment that allowed them to be publicly accessible. Easily done in an organisation that size.

10
0
Bronze badge
Coffee/keyboard

Re: No word on how it got in?

You got it Phil - this is probably just like the Miria virus explosion taking over millions of vulnerable ioT devices, and those NVR type of devices can typically be included in that device sector.

2
0
Silver badge
Joke

Re: No word on how it got in?

"We may never know."

Especially going by that elREG non-article.

2
0
Silver badge

Re: No word on how it got in?

I'm wondering if a majority of these devices taken down recorded to a single point which itself was affected. So the devices themselves were fine but they have no where to save recordings.

Is certainly screams single, or low number point of failures.

0
0
Anonymous Coward

Re: No word on how it got in?

By holding a printout of a malicious QR code in view of the CCTV cameras?

6
0
Silver badge

Re: No word on how it got in?

"Is certainly screams single, or low number point of failures."

Which includes default passwords.

0
0

Re: No word on how it got in?

Since even basic perimeter security is aggressive about executables in emails, ransomware frequently comes in as a macro-laden DOC file while has to be executed, and the macros enabled on, or the machine has to go to a compromised website that installs the software as a background task to ease it past the filters. Neither of which would be expected to be something a CCTV camera was capable of. Perhaps every camera was set to dump its recorded footage to a central server, as AVI, MPG, whatever...and when a human who had access to those folders on the central server got hit, all the files were encrypted, including the ones the cameras were actively spooling into. The camera software, realizing it hadn't actually moved to a new file on its own and was unable to find the file it had been filling up, did its version of a blue-screen. A few cameras or controllers with an updated/different firmware may simply have handled the file-access break more easily.

And they are orange-neutral, so as not to inadvertently get footage of any coloration changes in the Chief Executive. That would put them in competition with CNN, NBC, CBS, and ABC, all of whom are rabidly recording, and reporting on, every time Trump blinks his eyes.

0
0
Anonymous Coward

FBI reward?

The FBI needs to put up a million dollar reward for just one of the ringleaders. The rest will get the message soon enough.

0
1
Silver badge
Facepalm

Wait, what?

So you have control over 123 Washington DC cameras and your most inspired idea was to hold uneventful video in their circular buffer hostage? You bore us.

5
0
Silver badge
Big Brother

Re: Wait, what?

I dunno - killing half a city's spy cameras might be considered a good thing...

5
0
Silver badge

"... white hack hackers ..."

Is that a (new) thing or a typo?

3
0
Silver badge

White hack hatters?

4
0
Silver badge

"White hack hatters?"

They're mad, I tell you, mad.

5
0
Silver badge

Ah, this explains the discrepancy between Trump's estimate of turnout on inauguration day, and everyone else's perception - the cameras were rigged!

7
0
Boffin

"Criminals infected..."??

So someone sneaked in and deliberately planted malware on these systems?

Or was it just some pillock clicking on a dodgy link or opening a zip file etc that they shouldn't?

There's a bit of a difference...

2
0
Silver badge

Re: "Criminals infected..."??

Probably just some bot found the device browsing Shodan or via a port-scan and installed itself.

I've been evaluating NVRs to replace the aging camera a client of mine has been using (All analog, records to Video Cassette...). A lot of them have completely open ports for remote viewing over https, but run old versions of OpenSSL / Apache, many of which are vulnerable to the Bash Bug and use hard-coded passwords, so an infection could be done easily by an automated system.

I would imagine that the remote-access ports would be exposed to the internet so that the NSA / SS ? CIA could connect to them remotely, or possibly just some upper-level muckity-mucks wanting access wile they are away.

0
0
Silver badge

Wonders what would of happened if they tried this in London ?

1
0
Silver badge

what would of happened if they tried this in London ?

About the same:

Pointless video spying on the public gets interrupted,

Howls of outrage from bureaucrats and the Stasi,

World keeps turning, public oblivious.

The only real difference would be the fact that there's something of the order of 400,000 CCTV cameras in London, so interrupting their recording for a few days would save several petabytes of pointless data being committed to disk or tape.

0
0
Silver badge

From what I've heard no one actually looks at the cameras anyway, so maybe they've already been infected and no one has noticed.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017