Hacked data from the Washington, D.C. Police Department has begun leaking online, and a group that has claimed responsibility is demanding a ransom within three days to prevent the remainder from being dumped. The D.C. Police Department confirmed that its computers were accessed improperly.
The New York Times reports that the group, called Babuk, managed to steal more than 250GB of data and is threatening to not just hold it hostage, but also do some heinous things with it, like distribute information about police informants to criminal gangs. The group has already leaked documents including lists of persons of interest.
Cyberthreats — The U.S. Justice Department says that 2020 was the worst year in history for ransomware attacks, with the average demand exceeding $100,000. Since the start of 2021, 26 government agencies have been hit by ransomware attacks, and in 16 of those cases, hackers threatened to leak sensitive information.
The attack on D.C. Police comes as the United States is still reeling over a major cyber attack earlier in 2021 that affected dozens of government agencies. SolarWinds, a company that makes network management software, was infiltrated by what officials believe to be Russian hackers, who inserted malicious code into a software update that allowed them to access internal systems.
Needed upgrades — At least in the case of SolarWinds and other state-sponsored attacks, the hackers don’t threaten to leak information online. It’s usually just espionage activity. But governments have connected critical systems to the internet and often manage it all using woefully outdated hardware and software, which creates an opening for small-time gangs looking to make some cash. Attacking critical systems, like police record systems, is effective because victims desperately need to recover access, hence the extreme threats to not just hold but also leak information.
The Biden administration recently formed a ransomware task force to evaluate the threat and devise solutions to curb attacks. If we had one suggestion for police departments, they could stop killing so many people and divert the money used for settlements over to upgrading their computers. But the federal government as a whole also clearly needs to invest way more on cybersecurity if it’s going to get a handle on this.