Who Hacked The Washington D.C. Police Surveillance Cameras?

An anonymous reader quotes GIzmodo: City officials and the Secret Service have confirmed that just days before the presidential inauguration, police surveillance cameras in Washington, DC were targeted by hackers. Reportedly, 70% of the CCTV storage devices were infected with ransomware. According to the Washington Post, "City officials said ransomware left police cameras unable to record between January 12 and January 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday." A spokesperson for the Secret Service says despite the compromised cameras, the safety of the public or protectees was never jeopardized, and the city's CTO says they resolved the problem without paying the ransom by simply removing all software from the devices and rebooting them.

bets

$5 says it was an employee doing something stupid on a computer inside the network.

Re:bets

[CaptainDork]

Why in simple fuck is this down-modded?

You know goddam WELL that's what happened.

Someone with access to the cameras clicked on a phishing link.

I #resist and mod it +1 Insightful.

Re:bets

[Falos]

Malice? Maybe.
Incompetence? Even if the first is true, it's still Yes.

Re:bets

No it isn't. Learn English, you stupid wop.

Re:bets

[CaptainDork]

Imparare una lingua diversa dalla propria lingua madre è semplice mente figlio di una cagna.

Re:bets

[martinfb]

No way, man!
It was somebody PUTIN it to them!

why are the recorders on the internet

Or, if they are not, how were they hacked?

Russia!

Of course it was the Russians.

Re:Russia!

[slashrio]

Actually I think it would be a good idea to 'hack' those cameras into sending a copy of their stream to an independent server, so that at the next 911 event the FBI can't withhold video evidence, like that of the cruise missile going into the Pentagon, from the public.

Re: Russia!

Stop making shit up. A cruise missile does more than damage a couple walls.

Re: Russia!

[slashrio]

The shit part is to expect me to believe that a Boeing went through that small hole in the Pentagon.

If the publc and protectees weren't harmed...

[gavron]

...then clearly they don't need all those cameras.

E

Re:If the publc and protectees weren't harmed...

It's entirely plausible that the costs of the cameras outweigh the benefits, possibly by a wide margin. But that does not automatically follow from a lack of incident on this occasion. If someone falls asleep at the wheel of their car and manages to not kill themselves or have an accident (definitely happens) then that does not prove that staying awake at the wheel is unnecessary. Again, I'm not arguing that the cameras are worthwhile, just noting that you'd have to be a complete imbecile to feel that their lack of value had been proved by nothing going wrong on any particular occasion on which they were inoperative.

Re:If the publc and protectees weren't harmed...

[Hognoxious]

You're 100% right. It's just like that day I didn't crash my car, so I don't need any of that faggoty insurance. Or when the live wire on my oven didn't come loose and touch the casing, so I didn't need all that commie earthing.

Re:If the publc and protectees weren't harmed...

at least not that weekend because of the embarrassingly low turnout for the inauguration.

Re:If the publc and protectees weren't harmed...

Maybe they should make these things unbreakable!

Wait a minute, that sounds communist!
Perfect products are anti-capitalism!
BURN IT

Re:If the publc and protectees weren't harmed...

[sjames]

It's not just the lack of an incident. They claimed that public safety was not in any way impacted by the loss of the cameras. That includes potential for harm not being increased by their loss.

Re:If the publc and protectees weren't harmed...

[sjames]

Driving uninsured or using an ungrounded oven DO jeopardize you. You just happened to beat the odds. The DC authorities claimed nobody was jeopardized at all.

Re:If the publc and protectees weren't harmed...

[Hognoxious]

Then there was the time someone said something incredibly ridiculous and I didn't have my sarcasm meter with me so I posted what I thought was a clever put-down, but it didn't matter because it turned out he wasn't being sarcastic.

Re:If the publc and protectees weren't harmed...

[DeVilla]

... and I didn't have my sarcasm meter with me ...

Was it hit by ransomware?

Wasted Effort

[sunderland56]

They must have been sorely disappointed; after all that effort of hacking the cameras, they had so few people to watch on them.

Re:Wasted Effort

[Ogive17]

So you're rather have a lunatic President with daddy issues and a fragile ego instead of a few stupid protesters who get out of control?

My wife, who has a green card, is legitimately worried she might have issues getting back into the country when she has to travel internationally in a couple weeks. Trump is pissing all over the Constitution, and quite frankly, acting more like a despot instead of the leader elected somewhat democratically. He wants to punish people who question his judgement.. that's fucking scary.

Re:Wasted Effort

Of fuck off you lying RWNJ shill, nobody believes your crap Ivan.

Oh god, not another initialism I have to learn. I think I'm going to go with Righteous Warrior for Natural Juice.

Re: Wasted Effort

How do you know the protestors supported either particular party? I'm not a fan of either Trump or Hillary, but I did protest against misogyny.

The jerks throwing rocks and settings things on fire should probably have a short stint in jail to sort them out however.

Re:Wasted Effort

Pretty funny how your post is nothing but petty insults with no valid argument.

Re:Wasted Effort

> My wife, who has a green card, is legitimately worried she might have issues getting back into the country when she has to travel internationally in a couple weeks.

You know one of the things that _really_ bothers me about this?

Not _one_ of the ten or twenty news articles I've read on the topic either link back to or include the text of the Executive Order.

The referenced Order is not present on whitehouse.gov (though an EO signed on the 28th is present). The referenced EO is not present in the Federal Register's list of EOs (though, it looks like they batch-publish Orders and might take up to a week to publish the one "everyone" is talking about the 27th and the one on whitehouse.gov from the 28th). EOs typically have a "Purpose" section (see

https://www.federalregister.gov/documents/2017/01/30/2017-02095/border-security-and-immigration-enforcement-improvements

) which both administrators and courts use as guidance to interpret any ambiguous language in an EO. Because we cannot read the EO's scope-limiting Purpose section (let alone any of the other text of the Order), we have no idea if the unnamed "Homeland Security Spokesperson" that journalists are quoting has taken some of the language of this EO out of context, or if the "Spokesperson" is drawing a properly-grounded conclusion.

It's entirely possible that this is a poorly (whether deliberately or accidentally) worded EO that will cause _actual_ trouble for Green Card holders. However, (given that it is national policy to consider Green Card holders to be one step away from full-fledged US citizens (we _do_ call them Permanent Residents, after all)) it seems likely that _any_ delays will be minimal.

Rather than being an attempt to fuck over Green Card holders, it seems _more_ likely to me that (given the _conspicuous_ absence of source material) this is hand-wringing and hyperventilation over something that's being blown out of proportion.

I guess we'll see what's up once the Federal Register gets a chance to publish the EO.

Watch this space:

https://www.federalregister.gov/executive-orders/donald-trump/2017

Re:Wasted Effort

What exactly has he done that's unconstitutional? Explain. And "something I don't like" or "inconveniences me" doesn't classify as unconstitutional.

Obama, on the other hand, pulled all kinds of unconstitutional tricks. Gun laws, ACA, mass spying on citizens

Re:Wasted Effort

https://www.nytimes.com/2017/01/27/us/politics/refugee-muslim-executive-order-trump.html

Re:Wasted Effort

[DNS-and-BIND]

Should have thought of that before you got a mail-order bride.

Re:Wasted Effort

[MightyMartian]

Tell her not to leave the country. Anyone with a green card isn't safe if they step off of US soil Sorry to say it, but a trip back to the old country now might be a long visit.

Re:Wasted Effort

Fuck you, asshole.

Re:Wasted Effort

Tell her not to leave the country. Anyone with a green card isn't safe if they step off of US soil Sorry to say it, but a trip back to the old country now might be a long visit.

Which has always been the case and I've personally witnessed it many times and even heard stories about it going back from before I was born. Hyperventilating about Trump just makes the poster look ridiculous. I saw it happen twice in the last five years... OMG Obama the despot!!1!

Re:Wasted Effort

Kudos to the NYT for doing what pretty much noone else was doing and actually fucking quoting their sources. And thanks to you for the link.

So, from the text of the EO, it's abundantly clear that the intent is to temporarily (I'm hopeful, but we'll see how temporary it _actually_ is) permit the restriction of the entry (or reentry) of every non-diplomat, non-NATO-attached alien (resident or non-resident) from a country referenced in 8 U.S.C. 1187(a)(12) (Read section (a)(12) here:

https://www.law.cornell.edu/uscode/text/8/1187

).

That list could reasonably be described as "Countries that we think harbor or promote terrorists, or just don't like for 'national security' reasons". It's small comfort, but this EO won't affect citizens of countries that we're friendly with or countries that we don't give a shit about.

Given the main thrust of the EO (creating "more thorough" screening procedures for aliens who are citizens of a "problem country" who wish to enter the US), it seems entirely reasonable to prevent entry from those countries until those procedures have been finalized and deployed. 90 days seems like an entirely reasonable length of time to roll out significant changes to policies in a bureaucracy. The exemption list (foreign diplomats or NATO personnel, and _only_ those personnel) makes a _ton_ of sense. These folks are already certain to have been vetted.

Anyway, there's this in the EO:

"(g) Notwithstanding a suspension pursuant to subsection (c) of this section or pursuant to a Presidential proclamation described in subsection (e) of this section, the Secretaries of State and Homeland Security may, on a case-by-case basis, and when in the national interest, issue visas or other immigration benefits to nationals of countries for which visas and benefits are otherwise blocked."

Which -really- has been the state of reeentry to the US for Green Card holders for approximately forever. Reentry to the US has never been guaranteed for aliens.

Re:Wasted Effort

You might be interested in my comment here:

https://slashdot.org/comments.pl?sid=10176063&cid=53757733

It even contains the actual text of the EO in question.

Summary:

* If your wife doesn't hail from a Country We Think Threatens Our National Security, she won't have any more trouble reentering the country than she would have if she was reentering last week.

* That is to say, that -as the holder of a Green Card- reentry has _never_ been guaranteed, and every time she left the US, she ran the very real risk of being denied reentry.

The US's immigration policies have been really, really weird for _ages_. Shit like this isn't new, and Trump's EO isn't an outlier.

Re:Wasted Effort

https://www.theguardian.com/us-news/2017/jan/27/donald-trump-executive-order-immigration-full-text

with unlimited access for now.

Re: Wasted Effort

Welcome to the real world...

Re:Wasted Effort

that's fucking scary.

That's fucking Erdogan.

Re: Wasted Effort

[mmell]

So leave behind the Democrat/Republican Alliance and join the Independents!

Re:Wasted Effort

[Ogive17]

Too bad she was already here on an H1B visa (not tech related) after getting her undergrad and graduate degree in the US.

Re:Wasted Effort

News flash: that has been the case for a while (long before Trump). It is nothing new with Trump. I've known a few HB-1 workers who went home for a visit and were not allowed back in the US. Leaving some family in the US does not appear to make a difference on being allowed back in.

Re:Wasted Effort

[DeVilla]

So you're rather have a lunatic President with daddy issues and a fragile ego instead of a few stupid protesters who get out of control?

Seems only having one of the two would be an improvement. We have both.

Success: Evidence deleted!

Clever way to cover your tracks. Get them to erase the DVRs and make it looks like a ransomware attack.

When your Cyber security Czar is a fraud...

[JoeMerchant]

This is what happens when the head of cyber security knows nothing about the actual practice of the art. Not condemning the current administration, they didn't have control long enough to enable this screwup, but they're on track to let more and worse things happen in the future.

Re:When your Cyber security Czar is a fraud...

The D.C. city runs the surveillance cameras. Has nothing to do with the Trump's "cyber czar" and everything to do with D.C's Office of Chief Technology Officer.

Re:When your Cyber security Czar is a fraud...

You're right, you can't blame the current administration, this is all Obama's fault! Fucking Obama. In fact this whole thing was probably an inside job to give his supporters cover to cause violence at Trump's innaugaration. We need a serious investigation into this stat! #BRINGBACKWATERBOARDING #NOTRIALSFORTERRORISTS

Good

Fuck the police.

(A)

Re:Good

(A) Here too, but it is too wishful to think that we'd have significant offensive hacking capability among us... more likely some cop just tripped on their doughnut and accidentally clicked a link... we should have this kind of capabilities, though. Makes the streets safer for colleagues.

captcha: echelon :P

Russians!!!!

It was those fucking Russians
I just know it
It's all part of Putin's master plan
He gets his ally Trump into power through hacking, who half the country is divided against
Then he stages violence against Trump, using his Russian agents to make the Trump supporters think it's the leftist behind the violence
Then he assassinates Trump, to tie up loose ends and throw the US into civil war
All for the benefit of China, I mean Mother Russia, but Putin is secretly allied with China. Never trust the Chinese, or the Russians. Only trust in Jesus.
Also, Trump hires Russian prostitutes to pee on him. Never forget.

Re:Russians!!!!

[slashrio]

Putin isn't secretly allied with China.
He is openly allied with China, after the USA/NATO put so much pressure on him that he didn't have any other option left.

Re:Russians!!!!

This is exactly how I feel whenever someone starts about the whole "Russia" narrative.

Re: Russians!!!!

If anyone is playing games in America,try looking at your "friends" in israel..

Confession

[Harold+Halloway]

It was me. I did it.

Re:Confession

[antdude]

Prove it! :P

Re:Confession

I saw him do it and I'm willing to give evidence in court as long as I can have a secret identity afterwards like in the movies. And a codename and sunglasses.

Re:Confession

[thexfile]

It was the hacker on the grassy knoll.

Re: Confession

[mmell]

You know, jokes like that are a great way to find out how waterboarding works. You do realize that even though you're (apparently) a US citizen there are those here on Slashdot who aren't - so exercise a bit of caution or check your ammo.

fail

[Patent+Lover]

the CC in CCTV means closed circuit. Clearly that's not the case here.

Re:fail

the CC in CCTV means closed circuit. Clearly that's not the case here.

Yep and my question as a Security Analyst is "WTF why was the CCTV network connected to the Internet?"

Closed loop systems can only be access from certain physical locations. You must compromise the physical location in order to compromise the network. Other words you have to break into a secured location to gain access.

This also goes for things like the electric grid water plants and etc. If you don't want them hacked DON'T CONNECT THEM TO THE PUBLIC NETWORK!!!

Serves them right to get hacked. Of course the asshole who's idea it was to connect to the Internet I'm sure still has a job.

Crap Security

So they factory reset them and wiped them... No mention of closing any of the security holes that allowed them to be pwned in the first place. Enjoy the next wave of the attack.

Re:Crap Security

[sumdumass]

They probably changed the root password from GOD to superman or drowssap or something. You know it is solid now- because government learns from its mistakes.

It wasn't me.

It wasn't me.

Re:It wasn't me.

[Hognoxious]

It was Spartacus.

Me? Fuck off. I'm Sarcastipiss. Easy mistake to make, I know.

Compromised + Never Compromised

So the answer is "a 3 letter agency did it", and their reasons for it are as nefarious as they are "classified".

These cameras are on the public internet

These cameras are on the public internet.
There are videos showing this on youtube with some DoD contractor showing other cities their citizen spying capabilities with DC as the sample city. A number of IPs were shown for different cameras. Heard of people checking them out.

Stupid vendors. The cameras shouldn't allow access except from specific city IPs uses for management and video capture.

Stupid city govt. The contract should have penalties for being hacked. Financial penalties.

I was only interested in learning the amount of time the records were retained. Infinite was the answer. The software merges cameras, gunshot sensors, city vehicle cameras, and volunteered private webcam data together. If a gunshot goes off, they can look through all the cam footage from that area at that time.

Admitted they are useless did they?

Why are they up if the public safety is not jeopardized if the cameras go down?

Size matters

[Tablizer]

"Photoshop the crowds larger, or the camera gets it. -Agent Orange"

[obligatory subject]

[God+of+Lemmings]

Very likely an antifa sympathizer trying to make it harder for the police to capture their violent acts.

No safety issue then get rid of them!

I'm amazed at what people put up with. Waste of money that was stolen from people via coercion and outright theft.

We all know it was ...

[CaptainDork]

... the Russians.

In 3.. 2.. 1...

Surveillance cameras are junk anyway

The images were probably useless. Surveillance camera can barely identify the race of the person committing the crime let alone anything identifiable. Have you ever seen surveillance footage that allows you to definitely identify anyone? Even camera-phones have better cameras than $1500 surveillance cameras. Thats a fact.

why then

If the safety of the city was not compromised then why do they need the storage in the first place?

Jan 12-15?

That was Shmoocon weekend... just saying...

Re: Jan 12-15?

[mmell]

Oy vey!. Have you always been a schmuck, or is it only since we elected a cheddar cheese rind with delusions of adequacy?

Re:sand n1ggers and smelly indo-chimps

[Neuroelectronic]

that's all it takes to replace the software on a camera.