It’s axiomatic among digital security professionals there’s really nothing and no one anymore who’s un-hackable, and the sooner we realize that fact in this era of rampant systems intrusions, data breaches, and the like, the better off we’ll be.
Law enforcement is a good example of how this is the case. You’d think that those professionals would have access to or deploy even better security protections than most of us enjoy, in order to keep their networks sufficiently hardened — and yet here we are, in a position of having to report that just days ago, Russian hackers struck a police department in the US with a ransomware attack.
Per the BBC, a ransomware group calling itself Babuk breached the computer network of the Washington DC Metropolitan Police Department. Even worse, the hackers threatened to make sensitive information public that they snatched from the police department’s network, and it seems like they’ve actually already started doing so. NBC News has reported that the hackers have just published “extensive private dossiers,” each around 100 pages long, on five current and former officers from the department. The dossiers are marked “confidential,” contain the police department’s official seal, and are packed with a trove of personal data including each cop’s arrest-related activity, polygraph results, housing data, insight into their individual finances, and much more.
In a statement to journalists about the hack, the Washington DC police department acknowledged that “we are aware of unauthorized access on our server” and that it’s asked the FBI to help investigate. One of the particularly scary things about this hack is that the attackers said they would release details about the police’s gang informants.
This is another indication that high-profile ransomware attacks are seemingly on the rise in the US at the moment. These attacks involve hackers typically attempting to encrypt a victim’s data and then demand a ransom be paid quickly to de-crypt it or else they threaten that the data will be either destroyed, sold or made public. Earlier this month, this same Babuk group also reportedly attempted to hit an NBA team, the Houston Rockets, with ransomware — and even claimed to have accessed sensitive data like player contracts.
The Rockets, however, said that the hackers were ultimately unsuccessful in penetrating the team’s computer network.
In related news, a Russian man in the US pleaded guilty a few days ago to a plot to extort money from Elon Musk’s Tesla company via a ransomware attack. According to news reports, the man was accused of offering a Tesla employee the equivalent of $1 million to insert ransomware into the computer network of Tesla’s Nevada battery plant. The 27-year-old man pleaded guilty in Reno, Nevada, and was alleged by prosecutors to be planning to steal Tesla company secrets.