Hacked data from the Washington, D.C. Police Department has begun leaking online, and a group that has claimed responsibility is demanding a ransom within three days to prevent the remainder from being dumped. The D.C. Police Department confirmed that its computers were accessed improperly but didn’t say much more.
The New York Times reports that the group, called Babuk, managed to steal more than 250GB of data and is threatening to not just hold it hostage, but also do some heinous things with it, like distribute information about police informants to criminal gangs. The group has already leaked documents including lists of persons of interest.
Cyberthreats — The attack on D.C. Police comes as the United States is still reeling over a major cyberattack earlier in 2021 that affected dozens of government agencies. SolarWinds, a company that makes network management software, was infiltrated by what officials believe to be Russian hackers, who inserted malicious code into a software update that allowed them to access internal systems.
The U.S. Justice Department says that 2020 was the worst year in history for ransomware attacks, with the average demand exceeding $100,000. Since the start of 2021, 26 government agencies have been hit by ransomware attacks, and in 16 of those cases, hackers threatened to leak sensitive information.
Needed upgrades — At least in the case of SolarWinds and other state-sponsored attacks, the hackers don’t threaten to leak information online. It’s usually just espionage activity. But as governments have connected more critical systems to the internet, small time gangs have identified an opportunity to make money exploiting weak security measures. Attacking critical systems, like police record systems or hospital ICU machines, is effective because victims desperately need to recover access. Cryptocurrencies make it easy to “wash” proceeds so they can’t easily be traced.
The Biden administration recently formed a ransomware task force to evaluate the threat and devise solutions to curb attacks. If we had one suggestion for police departments, they could stop killing so many people and divert the money used for settlements over to upgrading their computers. But the federal government as a whole also clearly needs to invest way more on cybersecurity if it’s going to get a handle on this.