Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration and forced city officials to reinstall the entire network, according to D.C. police and the city’s technology office.
City officials said they were hit by ransomware that, between Jan. 12 and Jan. 15, left the police cameras unable to record events. The cyberattack affected 123 of 187 cameras network video recorders deployed in a closed-circuit TV system for public spaces across the city, the officials said late Friday in disclosing the event.
Archana Vemulapalli, the city’s Chief Technology Officer, said the city did not pay ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site.
An investigation into the source of the hack continues, said Vemulapalli who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks.
“The blessing is that this was localized. Nothing got into our networks,” she said.
Ransomware is a type of malware that cybersecurity experts and law enforcement officials say is proliferating. The malware gets into people’s computers, often because they click on a link or open an attachment in an email, then encrypts files or otherwise locks users out until they pay for the key.
The D.C. hack appeared to be an effort to extort money and had no effect on inaugural security or criminal investigations, city officials said.
The problem was discovered Jan. 12 when D.C. police noticed four camera sites were not functioning properly and contacted OCTO. The technology office discovered two forms of ransomware in the four recording devices and launched a citywide sweep of the network where they found more infected sites, said Vemulapalli.
The network video recorders are connected to as many as four cameras at each location , she said.
“We looked extensively … There was no access from these devices into our environment and we are pretty confident about that,” Vemulapalli said. “
Vemulapalli said officials took the devices offline, removed all software and completely rebooted the system at each site, without engaging hackers or paying ransom. “That was four straight days of nonstop work.”
Interim Police Chief Peter Newsham said that police worked with OCTO but that the incident was limited to about 48 hours .
“We had cameras that were impacted all over the place.” Asked what effect the intrusion had on police investigation or operations, Newsham said, “overall there was no significant impact.”
“They literally worked day and night to get this back up and running,” Newsham said
The incident continues to be investigated by OCTO and D.C. police in conjunction with federal authorities, said city officials who declined to reveal any suspected sources of the attack.