Panelists discuss current ransomware attacks, public safety’s need to coordinate cybersecurity efforts

WASHINGTON, D.C.—Cyber attacks on public safety are very real, and first-responder organizations need to cooperate to combat efforts to infect their systems and compromise sensitive data on IP-based systems, panelists said during cybersecurity session last week at the Association of Public-Safety Communications Officials (APCO) 2015 conference.

With public safety’s access to a scores of intriguing information—from license-plate and address data to criminal records and evidence—first-responder organizations can expect to be the targets of cyber attacks, according to Robert Myles, a national practice manager at Symantec who works as liaison officer for the North Central Texas Fusion Center.

“Willie Sutton once said, ‘I rob banks, because that’s where the money is,’” Myles said during the session. “Hackers hack into your system, because that’s where the data is.”

And that data has value that hackers already are trying to unlock by literally holding it for ransom, according to Jay English, APCO’s director of communications-center and 911 services.

“In this particular use case, digital thieves will put ransomware on a computer, often by simply having someone unknowingly insert a USB that has malware on it,” English said. “They don’t know that it’s there, and they’re not doing anything wrong, per se, but the malware is there and—once it activates—the data on that computer is no longer secure. In fact, it no longer belongs to supposed owners of the data.

“The ransomware invades the computer. Basically, what happens at that point is that data on the computer becomes locked, and the user cannot get to its own data. In this particular use case, one computer on a network becomes infected and it spreads throughout the entire network. The use case we’re talking about is a police department.”

At this point, the malware infects the records system, and users get a message that orders the entity—in this case, a police department—to pay a ransom to regain access to its data or risk losing the information entirely, English said. One ransomware has infiltrated a records system, efforts to combat it generally have been unsuccessful, he said.

“Some attacks have been so sophisticated—against small police departments and large—that the data has been sent to the Department of Justice Federal Bureau of Investigation and some very advanced commercial partners, so they can try to decrypt and fix the problem,” English said. “And, after 90 days, they gave up. The FBI couldn’t fix it. Major cyber players in commercial enterprises couldn’t fix it.

“What was the net result? The Swansea (Mass.) police department paid $750, and they got their files back. A Chicago suburb paid $500, and they got their files back. Sheriffs tend to be a little stubborn, like police chiefs, and a few of them said, ‘No’—and they’ve never seen the data again. This happens today. It’s a real-world threat.”

For some outside observers, the three-figure ransom requests may seem low for the valuable public-safety data, but English said that is part of the hackers’ strategy.

“To get one person to pay $5 million, it takes a lot of work, and you’ve got to find the right target,” he said. “If you get 500 people to pay $500 [apiece], because they’re easy targets dispersed all over the globe, all of a sudden you get the same amount of money at the end of the day for a lot less work. You just hit a whole bunch of computers for a small amount and ask people to pay.

“The worse news is that, if you pay once, you’ll pay again, because they’ll hit you again. And, if you don’t pay once, they’ll hit you again anyway.”