Cyber Attacks on Local Police Departments: When the Police Become the Victims

November 29, 2017

Norse Attack Map

Cyberattacks are no longer a concern of just national national governments or large corporations. In recent years, various critical urban infrastructure departments ranging from electric utilities to hospitals have been affected by ransomware and other malicious cyber attacks. Police departments are now experiencing an upsurge in attacks as well according to the International Association of Chief of Police. The Association established a Law Enforcement Cyber Center in 2015 to support local police departments in dealing with cybercrimes.

Some attacks on police departments have taken the form of denial of service (DDOS), which disrupts websites through by channeling an overwhelming amount of web traffic in their direction. The International Association of Chiefs of Police website was itself shut down by hackers in the wake of Occupy Wall Street, while police departments in Ferguson, Albuquerque, and Denver experienced DDOS attacks after controversial police shootings. While these attacks are likely politically motivated, other police departments like San Jose and Newark have been forced to shut down their websites after DDOS attacks that had no apparent trigger.

While DDOS attacks can be highly disruptive, the most common form of cyberattack facing police departments is ransomware. Often delivered through a virus, ransomware locks a computer’s files until a ransom (usually in Bitcoin) is paid. Since 2013, police departments in at least seven states have been victimized by such attacks. Some police departments have chosen to pay to regain access to their files. Typical payments have ranged from $500 and $1000. However, larger facilities like hospitals have to paid nearly $20,000 or even more to regain control over their files. Police departments that have refused to pay have lost access to years of data, including video footage that was intended to be used in ongoing trials.

New England police departments have experienced several ransomware attacks. The Swansea MA police department paid $750 to unlock its computers in November 2013, while the Tewksbury, MA police department paid $500 in April 2014 after an unsuccessful attempt to regain control of its computers with help from the FBI. The police department in Durham, NH was also attacked in June 2014, but refused to pay ransom.The Durham Police Department had backed up all if its files, and therefore had the option of wiping their machines clean and ignoring the ransom request. One challenge that police departments still have if they refuse to pay ransom and instead revert to backup files is that the hackers still have a copy of all their data. In some instances, these data might be extremely sensitive. There is the risk that hackers, if not paid, will release confidential data which might have some implication for impending trials.

The FBI and other cybersecurity experts generally warn against paying ransom because there is no guarantee that a hacker will release the decryption key as promised. Police departments are also usually strongly opposed to paying because their training teaches them to never succumb to criminal demands or provide funds for the promulgation of further criminal activities. So why do so many police departments choose to pay ransom? As we’ve discussed in previous blogposts, one challenge is the anonymity of their attackers. This makes negotiation or other interactions difficult. Another reason is prominent stories about police departments that lost years of data after refusing to give in, like the Cockrell Hill police department that lost eight years of video footage in a ransomware attack in 2017.

There is some evidence that virtual negotiations have been successful. , such as the release of the master decryption key for the ransomware TeslaCrypt in 2015. Our hope is that “soft” negotiation skills and defensive social engineering will enable police departments and other critical infrastructure agencies to deal effectively with cyber threats.