back to article Ransomware killed 70% of Washington DC CCTV ahead of inauguration

Criminals infected 70 percent of storage devices tied to closed-circuit TVs in Washington DC eight days before the inauguration of President Donald Trump. The ransomware infection downed 123 of its 187 network video recorders, each controlling up to four CCTVs, and forced the city to wipe its affected IT systems which it says …

  1. elDog Silver badge

    I didn't think the tRump team had that much talent!

    Maybe they relied on some "outsourced" resources?

    As far as I can tell, someone set up the Donelled with a hotkey to log into his "I'm Really Donald" twitter account because, as far as I can tell, it is incapable of actually operating a tie-the-shoelace maneuver.

    When does that picayune little person have time to twit, let alone write all those grand executive ordures? Does anyone else think that we have a facade of a presidency with something much less pleasant behind the curtain? Not that I can think of anything less pleasant than its personage. Not that Vlad is associated with this or various recent deaths but rational minds would like to know.

    1. This post has been deleted by its author

      1. Oengus

        Re: I didn't think the tRump team had that much talent!

        Does anyone else think that we have a facade of a presidency with something much less pleasant behind the curtain?

        Does anyone think that we haven't had this for at least the last 4 or 5 presidents?

        1. Alan Brown Silver badge

          Re: I didn't think the tRump team had that much talent!

          "Does anyone think that we haven't had this for at least the last 4 or 5 presidents?"

          Yeah, but who would have thought Zaphod Beeblebrox's second head would turn out to be a Tribble?

  2. kain preacher Silver badge

    DC PD is operated by the federal gov and has some federal duties. So yes it does have to do wit the federal gov.

    1. Mark 85 Silver badge

      You're right.. I spaced that.... I'll withdraw my post.

      But it was a nice rant. Ranting at whoever is President is fine. Just that this happened under Obama's watch so the rant was still misplaced.

    2. Crazy Operations Guy Silver badge

      You might be thinking of the Capitol Police, DC PD is a separate entity that belongs to the -City- of Washington and reports to the mayor / City Council. The Capitol Police, however only really report to the Feds in that they ask for money and their cases are seen by the Special District Federal Circuit Court. They were created to operate mostly autonomously so that no one could abuse their power to get away with criminal activity (The Capitol Police don't have jurisdiction in the Congressional Chambers, the Supreme Court Chambers, or the Executive Offices, so there isn't much that can be done about any of those crimes...)

      1. kain preacher Silver badge

        https://en.wikipedia.org/wiki/Metropolitan_Police_Department_of_the_District_of_Columbia

        nope DC PD. Congress has control of DC and laws passed in DC.

  3. Nolveys Silver badge
    Holmes

    No word on how it got in?

    Usually these things are single exes that run under Windows. Is there one machine with write access to absolutely everything on which someone downloaded and ran "hot_doughnut_action.avi.exe"? Did a copy of the malware make it onto and get executed on every separate machine somehow? Have steps been taken to prevent such things from happening again? Are the cameras of sufficient quality to capture every variation in the orange spectrum?

    We may never know.

    1. Phil Kingston Silver badge

      Re: No word on how it got in?

      I wouldn't be surprised if it was more down to one/several of these NVR's being hooked up without changing default credentials and onto a network segment that allowed them to be publicly accessible. Easily done in an organisation that size.

      1. JCitizen
        Coffee/keyboard

        Re: No word on how it got in?

        You got it Phil - this is probably just like the Miria virus explosion taking over millions of vulnerable ioT devices, and those NVR type of devices can typically be included in that device sector.

    2. Walter Bishop Silver badge
      Joke

      Re: No word on how it got in?

      "We may never know."

      Especially going by that elREG non-article.

    3. Halfmad Silver badge

      Re: No word on how it got in?

      I'm wondering if a majority of these devices taken down recorded to a single point which itself was affected. So the devices themselves were fine but they have no where to save recordings.

      Is certainly screams single, or low number point of failures.

      1. Doctor Syntax Silver badge

        Re: No word on how it got in?

        "Is certainly screams single, or low number point of failures."

        Which includes default passwords.

    4. Anonymous Coward
      Anonymous Coward

      Re: No word on how it got in?

      By holding a printout of a malicious QR code in view of the CCTV cameras?

    5. The IT Ghost

      Re: No word on how it got in?

      Since even basic perimeter security is aggressive about executables in emails, ransomware frequently comes in as a macro-laden DOC file while has to be executed, and the macros enabled on, or the machine has to go to a compromised website that installs the software as a background task to ease it past the filters. Neither of which would be expected to be something a CCTV camera was capable of. Perhaps every camera was set to dump its recorded footage to a central server, as AVI, MPG, whatever...and when a human who had access to those folders on the central server got hit, all the files were encrypted, including the ones the cameras were actively spooling into. The camera software, realizing it hadn't actually moved to a new file on its own and was unable to find the file it had been filling up, did its version of a blue-screen. A few cameras or controllers with an updated/different firmware may simply have handled the file-access break more easily.

      And they are orange-neutral, so as not to inadvertently get footage of any coloration changes in the Chief Executive. That would put them in competition with CNN, NBC, CBS, and ABC, all of whom are rabidly recording, and reporting on, every time Trump blinks his eyes.

  4. Anonymous Coward
    Anonymous Coward

    FBI reward?

    The FBI needs to put up a million dollar reward for just one of the ringleaders. The rest will get the message soon enough.

  5. Kevin McMurtrie Silver badge
    Facepalm

    Wait, what?

    So you have control over 123 Washington DC cameras and your most inspired idea was to hold uneventful video in their circular buffer hostage? You bore us.

    1. Neil Barnes Silver badge
      Big Brother

      Re: Wait, what?

      I dunno - killing half a city's spy cameras might be considered a good thing...

  6. allthecoolshortnamesweretaken

    "... white hack hackers ..."

    Is that a (new) thing or a typo?

    1. Solmyr ibn Wali Barad

      White hack hatters?

      1. Doctor Syntax Silver badge

        "White hack hatters?"

        They're mad, I tell you, mad.

  7. Alister Silver badge

    Ah, this explains the discrepancy between Trump's estimate of turnout on inauguration day, and everyone else's perception - the cameras were rigged!

  8. Graham Marsden
    Boffin

    "Criminals infected..."??

    So someone sneaked in and deliberately planted malware on these systems?

    Or was it just some pillock clicking on a dodgy link or opening a zip file etc that they shouldn't?

    There's a bit of a difference...

    1. Crazy Operations Guy Silver badge

      Re: "Criminals infected..."??

      Probably just some bot found the device browsing Shodan or via a port-scan and installed itself.

      I've been evaluating NVRs to replace the aging camera a client of mine has been using (All analog, records to Video Cassette...). A lot of them have completely open ports for remote viewing over https, but run old versions of OpenSSL / Apache, many of which are vulnerable to the Bash Bug and use hard-coded passwords, so an infection could be done easily by an automated system.

      I would imagine that the remote-access ports would be exposed to the internet so that the NSA / SS ? CIA could connect to them remotely, or possibly just some upper-level muckity-mucks wanting access wile they are away.

  9. kain preacher Silver badge

    Wonders what would of happened if they tried this in London ?

    1. Anonymous Coward
      Anonymous Coward

      what would of happened if they tried this in London ?

      About the same:

      Pointless video spying on the public gets interrupted,

      Howls of outrage from bureaucrats and the Stasi,

      World keeps turning, public oblivious.

      The only real difference would be the fact that there's something of the order of 400,000 CCTV cameras in London, so interrupting their recording for a few days would save several petabytes of pointless data being committed to disk or tape.

    2. Crazy Operations Guy Silver badge

      From what I've heard no one actually looks at the cameras anyway, so maybe they've already been infected and no one has noticed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019