Romanian hackers allegedly took control of about two-thirds of the D.C. police department’s outdoor security cameras during a four-day period the week before President Trump’s inauguration.
The city’s Metropolitan Police Department informed the Secret Service on Jan. 12 about an issue using a remote desktop application, leading to discovery of a large infection affecting computers connected to the cameras.
“Further investigation and analysis revealed that approximately 123 of the MPDC’s 187 outdoor surveillance cameras had been accessed and compromised,” according to an affidavit by U.S. Secret Service special agent James Graham.
A criminal case against two Romanian men allegedly responsible was unsealed Thursday. The U.S. Attorney’s Office for the District of Columbia said Mihai Isvanca, 25, and Eveline Cismaru, 28, were arrested on Dec. 15 in Romania.
It’s unclear what hackers did with the cameras, but the U.S. Attorney’s Office said a probe “revealed no evidence that any person’s physical security was threatened or harmed due to the disruption.”
"This case was of the highest priority due to its impact on the Secret Service’s protective mission and its potential effect on the security plan for the 2017 presidential inauguration,” the U.S. Attorney’s Office said in a release. “[T]he Secret Service and MPD quickly ensured that the surveillance camera system was secure and operational prior to the inauguration [on Jan. 20] and continued to investigate the criminal offenses."
The takeover, first disclosed in late January, reportedly prevented some cameras from recording. The police department’s press office did not immediately respond to a request for comment on whether it replaced affected cameras.
Isvanca and Cismaru allegedly accessed the camera-connected computers between Jan. 9 and Jan. 12. Cameras reportedly were unable to record from Jan. 12 to Jan. 15.
Computers linked to the cameras were taken over for the purpose of sending “ransomware-laden spam emails” that would cause victim computers to become encrypted unless ransom was paid, according to Graham's affidavit.
Forensic analysis of three computers “revealed evidence that the computers had been and were intended to be used to distribute spam-mail in bulk containing the variants of the malicious code of ‘cerber’ and ‘dharma’ to the email addresses in the USA.txt file in order to promote a ransomware scheme,” Graham wrote.
The U.S. Attorney’s Office said an investigation identified victims who received the ransomware programs.
Isvanca and Cismaru, now awaiting extradition proceedings, were charged under seal on Dec. 11 with conspiracy to commit wire fraud and conspiracy to commit computer fraud.