Last February, I reported on a cyberattack involving ransomware and CCTV cameras that were connected to the D.C. Metro Police. The attack was revealed to have taken place days before the inauguration of President Donald Trump and left roughly two-thirds of the Metropolitan Police Department’s (MPD) CCTV cameras in disarray. There was an extensive investigation into the case by the U.S. Department of Justice, and as a result of the investigation, there were two prime suspects identified in this CCTV hacker case.
The suspects were Romanian nationals Eveline Cismaru and Mihai Alexandru Isvanca and, after some drama in which Cismaru escaped apprehension in Bucharest only to be caught and extradited from the United Kingdom, the court proceedings began against the co-conspirators. As Infosecurity Magazine reports, the case has been moving along with haste as Cismaru has pled guilty. The charges she pled guilty to were “one count of conspiracy to commit wire fraud and one of computer fraud, with a potential combined maximum sentence of 25 years behind bars.” As for her partner-in-crime Isvanca, it is not known at this time whether a plea deal is on the table for him as well.Catching the two criminals was not only vital to bring justice to the city of Washington D.C. that faced potential danger due to a crippled police force. What I mean by this is that both Cismaru and Isvanca were, at the time of apprehension (according to Infosecurity Magazine), already in the process of hacking 180,000 other machines. The way they were attacking the machines was through a combination of various stolen credentials, including stolen emails, passwords, and banking credentials. If they hadn’t been stopped, it is likely that their ransomware attacks would have continued indefinitely.
Too often, cybercriminals evade justice when it comes to certain types of attacks. Every so often, however, there are the instances, like the CCTV hacker, in which they are forced to pay for the damage they inflicted on innocent people. These are the victories that cybersecurity professionals need to hang onto.