7/7/2017Australia: State Refuses Refunds From Virus Infected Speed Cameras
Victoria, Australia speed camera commissioner report says there is no reason to doubt tickets from speed cameras compromised by ransomware.
The government of Victoria, Australia is refusing to refund fines to thousands of motorists who were issued tickets by speed cameras that had been compromised by the WannaCry ransomware virus on June 6. In a report issued earlier today, the state's speed camera commissioner insisted there was "no evidence" that the photo ticketing data on the infected cameras had been tampered with.
The state government last week put a temporary hold on citations generated by the state's 280 cameras fixed cameras, but officials made it clear in public statements that their top priority was to reissue them at later date. At an average rate of $234 per ticket, refunds would have cost the state over $1.9 million -- a price officials were unwilling to pay.
"I am satisfied with the accuracy and integrity of the infringements dated 6 June 2017 to 22 June 2017 (and thereafter)," speed camera commissioner John Voyage wrote. "I applaud the caution shown by the authorities, but I find that there is no reason for the subject infringements to continue to be withheld."
Voyage based his findings on what he was told by Redflex and the other speed camera vendors involved, Jenoptik, Gatso and Serco. Redflex had ignored the security patch that Microsoft released in March that would have prevented the virus from taking hold of the camera program. It first spread to 43 Redflex "camera control units" using the Windows 7 operating system. Then it spread to 67 "site controllers" operated by Jenoptik.
"The infected systems continuously attempted to infect all other components of the [speed camera] network," Voyage wrote. "While there is no evidence that any further components were infected, the attacks appear to have caused systems based on older Windows variants to shut down intermittently and inconsistently."
Once the three-month-old security patch was installed, all of the problems disappeared, Voyage claimed.
The WannaCry malware takes advantage of a set of leaked tools from the US National Security Agency that are used to compromise computers using older operating systems. As soon as a WannaCry file is loaded onto a vulnerable machine, it begins encrypting data files stored locally and any connected network. The malware then demands a $300 ransom, paid in bitcoin, to unlock the files. Voyage repeated the Redflex claim that no speed camera files were encrypted.
A copy of the preliminary report is available in a 400k PDF file at the source link below.