6/26/2017Ransomware Virus Compromises More Redflex Cameras In Austrlia
Australian police had no idea their speed cameras were hacked for over three weeks.
Confusion reigns in down under as the WannaCry ransomware virus has paralyzed the speed camera and red light camera program in Victoria, Australia. Redflex Traffic Systems, the number two operator of red light cameras and speed cameras in the United States, found itself on the hot seat as state government officials were visibly furious that the Melbourne-based company's attempted to conceal the full extent of the problem.
"I have asked the department to look at the contract and the relationship with Redflex to find out why they didn't inform us," state Police Minister Lisa Neville said on Saturday.
Intersection cameras mostly located near the Redflex global headquarters in Melbourne were infected with malware beginning June 6. About 8000 tickets will now be "embargoed" pending an official investigation.
"I've decided to withdraw all infringements statewide since the 6th of June in fairness to the Victorian community," Assistant Police Commissioner Doug Fryer announced on Saturday. "That doesn't mean they won't be reissued. What it means is of the 280 cameras we have operating across Victoria, I need as the responsible enforcement officer to be absolutely sure that the 280 cameras were working correctly."
Government officials are outright refusing to refund tickets issued by the compromised cameras, insisting that the situation is fluid. The officials had no idea the cameras had been affected until the news leaked on 3AW radio on June 22.
"We were made aware yesterday," Victoria Police deputy commissioner Ross Guenther admitted in a press conference Thursday. "That would be about the same time the police minister was made aware."
Redflex reportedly learned of the problem on June 15 after noticing 55 cameras were rebooting more often than usual. By Saturday, Redflex admitted that another 42 cameras had been infected. The police minister said she was annoyed to learn of what happened from news reports, and she was even more angry that Redflex attempted to get away with quietly repairing the affected cameras without letting her know.
The WannaCry malware takes advantage of a set of leaked tools from the US National Security Agency that are used to compromise computers using older operating systems, primarily Windows 7. As soon as a WannaCry file is loaded onto a vulnerable machine, it begins encrypting data files stored locally and any connected network. The malware then demands a $300 ransom, paid in bitcoin, to unlock the files. Even if payment is made, the malware leaves in place a backdoor known as DoublePulsar so that hackers may remotely access the machine in the future.
Microsoft in May issued patches closing the software vulnerabilities in Windows XP and Windows 7 systems, which means the Redflex cameras were operating without the proper security measures. A Redflex maintenance worker spread the virus by using an infected USB drive while testing the automated ticketing machines. The USB drive was not checked for malware before being used, and the resulting infection caused the cameras to go into a shut down mode, according to the police account.
"Because the camera is not connected to the Internet, the ransomware hasn't activated as such," Victoria Sheriff Brendan Facey told 3AW radio. "Because the camera's processes had detected the virus, it's been rebooting it."
State officials claimed that the violation data on the camera was protected because of the reboots, but they also insisted that the cameras continued to issue tickets normally from June 6 to June 22. While not connected over the public Internet, each camera individually connects to a central Redflex server that processes each alleged violation.
"That central point is not a Windows-based system, so it's not susceptible to the virus," Sheriff Facey said.
On Saturday, however, Police Minister Neville said three cameras using a Linux operating system were found to be compromised. Government officials' top priority has been to resume the program that has issued 1,458,109 tickets generating $356 million in profit.
"The key message for me is that those cameras are still operating," deputy commissioner Guenther said.
Speed cameras statewide will now generate tickets, but they will not be mailed out until the state's speed camera commissioner announces the results of his investigation in "a few weeks."