The Washington PostDemocracy Dies in Darkness
Public Safety

Romanian hackers took over D.C. surveillance cameras just before presidential inauguration, federal prosecutors say

By
December 28, 2017 at 3:38 p.m. EST

Romanian hackers took over two-thirds of the District’s outdoor surveillance cameras just before President Trump’s inauguration, according to a federal criminal complaint unsealed Thursday.

The January attack affected 123 of the D.C. police department's 187 outdoor surveillance cameras, leaving them unable to record for several days. Two Romanians, whom law enforcement officials describe as part of a bigger extortionist hacking group, are being charged in D.C. federal court with fraud and ­computer crimes.

“This case was of the highest priority due to its impact on the Secret Service’s protective mission and its potential effect on the security plan for the 2017 Presidential Inauguration,” Bill Miller, a spokesman for U.S. Attorney Jessie K. Liu, said in a statement.

Mihai Alexandru Isvanca, 25, and Eveline Cismaru, 28, were arrested in Romania earlier this month, along with three other Romanian hackers who will face prosecution in Europe. The U.S. charges, filed under seal on Dec. 11, were first reported by CNN.

Prosecutors plan to seek extradition for Isvanca and Cismaru soon, according to court filings. They both face up to 20 years in prison if convicted.

Europol released video of an operation called “Bakovia" carried out as part of an investigation into the spread of ransomware in Europe and the U.S. (Video: EUROPOLtube)

On Jan. 12, D.C. police noticed several surveillance cameras were not functioning properly. Secret Service Agent Brian Kaiser was given access to the computers that operate the cameras, according to the court filing, and saw they had been taken over by ­non-police users. Those people were sending spam messages infected with ransomware to a long list of email addresses.

The city resolved the problem by taking the devices offline, removing all software and restarting the system at each site, a process that took about two days, according to police. From Jan. 12 to Jan. 15, none of the cameras were able to record video. No ransom was paid.

There is no evidence the disruption threatened or harmed anyone’s safety, according to the U.S. Attorney’s Office.

Ransomware is generally spread in email links or attachments and encrypts files or otherwise locks users out of their computers until they pay to regain access.

It’s unclear whether the hackers knew they were infecting police computers. The Secret Service was able to see the computers accessing email addresses, according to the court papers, and those addresses led authorities to Isvanca and Cismaru.

Two people were arrested in London as part of the same investigation in February. A tracking number for a package that was displayed on one of the hacked police computers brought law enforcement to their address. But according to the affidavit, a forensic analysis of their devices revealed no connection to the crime. A British health-care company's IP address was used to create that online order; that company also reported being hacked.

Read more:

D.C. officer who fatally shot unarmed motorcyclist was not in danger when he pulled his gun, internal review finds

A swastika was mowed into a field. Was it part of a chain of events that led to murder?

‘I’m dying inside’: Mom speaks in court at sentencing of MS-13 member who killed her son