Cyber security expert weighs in on DC security camera hack

The Secret Service continues to investigate who hacked D.C.'s system of security cameras before the inauguration.

The mayor's office won't talk about how it happened or what's being done to prevent another breach, so FOX 5 took questions to a cyber security expert.

Some could assume that hacking into cameras in the nation's capital would require sophisticated methods, but Anup Ghosh, founder and CEO of Virginia antivirus company, says that hackers likely launched the attack through a simple email. He says that's how 90% of hacks happen.

"Of course, everyone now is familiar with the DNC hacks," said Ghosh. "Same M.O. We always see these attacks start with an email tricking a user into opening an attachment or clicking on a link."
He demonstrated how easy it is, using an email that looks it's from iTunes with an attachment that appears to be a receipt

RELATED: Secret Service still searching for more suspects after DC security cameras hack

"You'll say, 'Hey, this looks like an invoice,' but in the background, malicious code is running, dropping malware and doing other bad things to this machine," he said.

In the D.C. camera hack, malware demanding a ransom, known as ransomware, was used. In a ransomware attack, your computer will lock up, and you'll get an alert saying that your documents, photos and everything else on your computer will be encrypted until you pay a price.

"Your data is held hostage for typically anywhere between $200-$500," Ghosh said.

D.C. officials say that no money was paid to the hackers. FOX 5 has made numerous requests for an interview about how this happened and preventative measures taken, but no one from Mayor Muriel Bowser's office will speak on the matter. A statement was provided to FOX 5 reading in part: "Cyber threats are the new reality for all governments...This incident demonstrates the District was ready to respond quickly, as we detected the breach and moved within a matter of days to restore our system."

Ghosh said it's not about reacting to cyber threats, but getting out in front of them with proper training and software.

"My feeling is they haven't quite gotten there. I think D,C, needs to look at newer technology and clearly there's a public safety need there," he said.

Bowser's office confirmed two people were arrested in London in connection to the cyberattack on 123 of the District's 187 cameras. The hack was discovered about a week before the inauguration. After it was found, cameras were taken offline for at least two days. The Secret Service says it's still searching for others who may have been involved.