- The Washington Times - Friday, December 22, 2017

Romanian police have arrested two suspects in connection with allegedly hacking surveillance cameras across D.C., disrupting law enforcement operations days before President Trump’s inauguration.

The Secret Service has identified Mihai Alexandru Isvanca and Eveline Cismaru as the individuals responsible for infecting the Metropolitan Police Department’s cameras with ransomware for four days in January, according to a sealed court document published by CNN.

Europol announced separately that Romanian authorities recently arrested two people in connection with a ransomware scheme being investigated by the Secret Service.

“After the U.S. authorities issued an international arrest warrant for the two suspects, they were arrested the day after in Bucharest while trying to leave the country,” Europol said Wednesday.

Europol didn’t identify the suspects by name, but the agency’s statement said the two suspects were wanted in connection with Cerber, a strain of ransomware that encrypts files on infected computers and then holds them hostage until receiving payment. The Secret Service found traces of Cerber on the hacked MPD surveillance system, and investigators ultimately traced those infections directly to the two Romanians accused in the document published by CNN the same day as Europol’s statement.

“The evidence uncovered by the investigation shows that Isvanca and Cismaru participated in a conspiracy to distribute ransomware by spam emails — that is, to send emails containing malicious software (also called malware) that would lock or encrypt files on various victim computers to which the malware was to be sent and installed and, then, to extort money from the victims in exchange for unlocking or decrypting files on the computers,” Secret Service agent James Graham wrote in an affidavit in support of a criminal complaint filed under seal in D.C. federal court on Dec. 11 and ultimately obtained by CNN.

“In furtherance of the conspiracy, between in or about January 9, 2017, and January 12, 2017, Isvanca and Cismaru participated in an intrusion into and taking control of approximately 123 internet-connected computers used by the Metropolitan Police Department of the District of Columbia(“MPDC”) to operate surveillance cameras in public, outdoor areas in the District of Columbia, which computers could then be used to send the ransomware-laden spam emails,” the affidavit said.

The infections plagued about two-thirds of the police department’s 187 digital video records and prompted law enforcement to undertake a citywide reinstallation a week prior to the presidential inauguration, Archana Vemulapalli, D.C.’s city’s chief technology officer, said previously.

“These reports highlight how vulnerable our systems are to fast-proliferating ransomware threats,” Sen. Mark Warner, Virginia Democrat, told The Washington Times at the time. “While many ransomware attacks are opportunistic, with attackers scanning internet connections for insecure devices, incidents like these highlight how devastating a deliberate attack targeting critical infrastructure or sensitive security systems could be.”


Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide