Eveline Cismaru, a citizen of Romania, pled guilty today to federal charges stemming from her role in a conspiracy to illegally access approximately 126 computers associated with Metropolitan Police Department (MPD) surveillance cameras and to use those computers in connection with a scheme to distribute ransomware in January 2017.
Cismaru, 28, and a co-defendant, Mihai Alexandru Isvanca, 25, were arrested on Dec. 15, 2017, in Bucharest, Romania. Both were charged in the U.S. District Court for the District of Columbia. Isvanca, also of Romania, remains held there pending extradition to the United States. Cismaru, who fled Romania weeks after her arrest, was apprehended in the United Kingdom on March 23, 2018, and extradited to the United States on in July 26, 2018.
According to the governments evidence, beginning in early January 2017, and continuing through Jan. 12, 2017, a computer hacking attack on the MPD computer network disabled two-thirds of the outdoor surveillance cameras operated by MPD in the District of Columbia, just days before the 2017 Presidential Inauguration. At the time of the computer intrusion, the U.S. Secret Service, among other federal law enforcement agencies, was preparing security for the event. During national events like the Presidential Inauguration, federal agencies such as the Secret Service utilize MPDs surveillance cameras to provide additional security.
The computer intrusion was used to execute a ransomware attack. Once activated, the ransomware locked 126 infected computers connected to MPD surveillance cameras. The ransomware then displayed instructions explaining how to unlock each computer by the payment of Bitcoin. The ransom, had it been paid for all 126 computers, would have totaled an estimated $60,800. While executing a ransomware attack, the conspirators converted a few of the computers into proxies and used those computers to disseminate additional ransomware and malware attacks. At the time investigators disrupted the scheme, the conspirators were in the process of attacking as many as 179,616 other computers using stolen e-mails, e-mail passwords and banking credentials. (Source: U.S. Department of Justice)