Two Romanian hackers compromised 65 percent of Washington D.C.’s outdoor surveillance cameras as part of a widespread extortion scheme.
The two alleged hackers, Mihai Alexandru Isvanca and Eveline Cismaru, were named last week in a criminal complaint filed in the US District Court for the District of Columbia.
The federal documents, obtained by CNN, accuse the hackers of participating in a ransomware campaign that infiltrated computers used by D.C. police to control the cameras.
Between January 9 and January 12 of this year, the pair took control of “approximately 123 internetconnected computers” in order to send spam emails laden with ransomware.
“[T]he United States Secret Service (“USSS”) learned that certain MPDC public surveillance cameras in the District of Columbia, had been disabled…” the affidavit states.
An IT network administrator remotely accessing one of the victim computers noticed “multiple open desktop windows” being used by the hacker.
“Ultimately, three of those computers, including Victim Device A, were removed for forensic analysis by the USSS and the Federal Bureau of Investigation (“FBI”),” the document states.
Upon further examination, two ransomware strains known as “cerber” and “dharma” were detected on the machines. A text file on one of the computers, named USA.txt, also contained a spam list of 179,616 email addresses.
“The forensic analysis of the three computers revealed evidence that the computers had been and were intended to be used to distribute spam-mail in bulk…” the affidavit says.
Investigators eventually located multiple email accounts accessed on the compromised machine, including one Gmail account that frequently emailed “[email protected]” Vand Suflete, the document notes, translates to “selling souls” in Romanian.
After contacting Google, the investigators learned the Gmail account held a list of “the IP addresses, usernames, and passwords for 94 of the IP addresses for MPDC surveillance camera computers…”
The FBI and USSS were eventually led to the two Ukrainian suspects due to a series of operational security mistakes.