The United States Department of Justice (DOJ) announced that, in coordination with the Romanian National Police and other EU and U.S. law enforcement agencies, it arrested two Romanians who hacked into 123 surveillance cameras belonging to the Metropolitan Police Department (MPD) in Washington DC. According to the DOJ, the hacking was done as part of a ransomware scheme.
The two Romanians, Mihai Alexandru Isvanca, 25, and Eveline Cismaru, 28, of Romania, were caught on the Otopeni airport in Bucharest, Romania, on December 15, as they were trying to leave the country. Isvanca has remained in custody with the local police, while Cismaru is on house arrest pending further legal proceedings.
According to the DOJ, the U.S. Secret Service was first alerted about the hack on January 12, this year, a few days before President Trump’s inauguration ceremony. The agents from the Washington Field Office started an investigation and discovered that the cameras were compromised only three days earlier, on January 9, and that the two hackers were also spreading “Cerber” and “Dharma” ransomware variants on MPD’s computers.
The agents also learned of a scheme to distribute the ransomware to 179,000 email addresses. They were also able to identify some of the victims of the hackers’ ransomware attacks, but the DOJ noted that the hack on the surveillance cameras didn’t impact anyone’s physical safety. The Secret Service and the MPD were able to quickly secure the affected cameras before the Presidential Inauguration.
The DOJ said that the maximum sentence for conspiracy to commit wire fraud in the U.S. is 20 years, but that for now the defendants are presumed innocent until the trial concludes. The DOJ also seems to imply that the trial will occur in the U.S. and that the Romanian government will extradite two, similarly to how it extradited Guccifer in 2016.
