Saturday, December 23, 2017

Extortion scheme: Romanian hackers infiltrate nearly two-thirds of DC outdoor surveillance cameras

Extortion scheme: Romanian hackers infiltrate nearly two-thirds of DC outdoor surveillance cameras

Extortion scheme: Romanian hackers infiltrate nearly two-thirds of DC outdoor surveillance cameras
Two Romanian hackers took over nearly two-thirds of the District of Columbia's outdoor surveillance cameras as part of an extortion scheme, according to federal court papers. (Alan Eisen/Getty Images) 

The alleged hackers, identified as Mihai Alexandru Isvanca and Eveline Cismaru, gained access to about 65 percent of the surveillance cameras in Washington, according to documents obtained by CNN. That’s 123 cameras out of the 187 that police operate in the city.

Why did hackers do this?

Each surveillance camera has a dedicated computer, according to the complaint filed last week in the U.S. District Court for the District of Columbia. Isvanca and Cismaru allegedly planned to use the computers to distribute emails riddled with ransomware, Secret Service agent James Graham stated in an affidavit that supports the government’s criminal complaint. After using the ransomware to lock or encrypt victims’ computers, they allegedly planned to extort payment from the victims to grant them re-entry.
Isvanca and Cismaru are accused of “intent to extort from persons money and other things of value, to transmit in interstate and foreign commerce communications containing threats to cause damage to protected computers,” according to the affidavit.

What kind of ransomware was it?

There were “two variants of sophisticated, malicious computer code…one known as ‘cerber’ and the other known as ‘dharma,'” according to documents. “In addition, a text file, USA.txt, was found on Victim Device A which contained 179,616 email addresses.”

When did this happen?

The alleged scheme took place between Jan. 9 and Jan. 12. The Secret Service first learned about it after being made aware that certain public surveillance cameras in D.C. were disabled, according to the affidavit.

How were the alleged hackers found?

Registered emails and other accounts were used to trace the alleged hackers, who were reportedly working outside the U.S.
Forensic investigators tracked them through multiple email accounts that were accessed on one of the compromised computers. One of the accounts was vand.suflete@gmail.com, according to documents. In Romanian, Vand Suflete, roughly translates to “selling souls.”

No comments: