Criminals effectively seized the files of numerous police departments, held them hostage, and coerced police into Bitcoin payments to get them back.
In Lincoln County, Maine, Sheriff Todd Brackett reached a decision that cut against his every instinct as a longtime cop: He agreed to pay a ransom to a robber.
The details come from an NBC affiliate's report.
Weeks earlier, an email attachment downloaded by someone inside his law enforcement agency released a virus that crippled its computer system. Put simply, all the electronic data in their possession was suddenly encrypted and inaccessible.
They were robbed of access to their own information.
Then the ransom request arrived: An anonymous hacker wanted $300 in exchange for an encryption key, or passcode, that would instantly unscramble the data.
For a while, Sheriff Brackett's computer experts labored to recover access without paying up. The longer they failed the more the top cop had to choose between making a payment that would give hackers an incentive to target other victims or refusing—at the cost of his operation grinding to a halt, crippled by missing files. The payment was made in Bitcoin, per the instructions of the hacker, and traced as far as a Swiss bank account by the FBI, which could follow it no farther.
The case was not unique. A similar scheme succeeded against Houlton, Maine, where officials paid a $588 ransom. In Tewksbury, Massachusetts, cops paid $500. And a Boston Globe roundup suggests that many other police agencies have been hit, with at least one refusing to pay a ransom and losing all of their data:
Among other small-town police forces hit was the Swansea Police Department. It fell victim to the same threat in November 2013 and paid $750 to get its files back. The police department in the Chicago suburb of Midlothian paid $500 in January. In Dickson County, Tenn., the sheriff’s office came under attack in October. Despite seeking aid from the FBI, the agency ended up paying $572 in ransom.
But in Durham, N.H., Police Chief Dave Kurz chose not to pay because the department had backed up the encrypted information and could work around the seized database. “We had to clean essentially all the computers, but all of our data was prepared,” Kurz said. The four-member police force in Collinsville, Ala., was hit in June, with the hackers demanding $500 to free up a database of mugshots. Chief Gary Bowen dug in, refused to pay, and never got his department’s files back. “There was no way we were going to succumb to what felt like terrorist threats,” Bowen said.
These schemes aren't actually "terrorist threats"—I think what Bowen meant to say is that, like negotiating with terrorists, paying ransoms creates perverse incentives (so much so that it's often not done even in cases of terrorist kidnappings). So many police agencies have paid up in hacking cases in part, I think, because the amount of money being requested is so minuscule and the benefit so big, but also because, as far as they know, the perpetrators are small-time crooks.
Tidak ada komentar:
Posting Komentar