Police are often at the forefront of cybercrime, investigating and then enforcing the law. However, it’s becoming increasingly common that law enforcement agencies are the target of cyberattacks.
Police departments are using more policing technology such as surveillance cameras, drones, automated license plate scanners, facial recognition technology, body cameras, and deep learning analytics, making law enforcement more effective and also more vulnerable to cyber threats. When cybercriminals turn their attention on a law enforcement organization, the impact can be devastating to privacy, public safety and the integrity of the judicial process. Across Canada, law enforcement organizations are facing threats to their IT systems and data.
In recent years, several police organizations have been targeted by socio-political groups and ransomware attacks, for example doxxing after the Ferguson shooting in the US, or the DDoS attacks following Occupy Wall Street. Although the cyber threats manifest locally, they usually originate in other countries and can impact global judicial processes, making these threats of both local and global concern.
Many cyberattacks against law enforcement have, thus far, been motivated by theft and destruction of data and information; future attacks may target the disruption of systems and evidence modification.
Most likely to target police:
- State Actors
- Terrorist Organizations
- Criminal Organizations
- Purposeful or Accidental Insider
Cybercriminal’s weapons of choice
Cyber threat operations have shifted from spying, where the goal was to quietly collect information, to military operations that aim to cause “serious disruption,” said Christopher Porter, the chief intelligence strategist at FireEye cybersecurity, an ISA partner. If severe disruption is the goal, and serious cyberattacks are on the rise in Canada, then police organizations require increased cybersecurity and a robust incident response plan to protect, contain and destroy cyber threats.
In March 2019, The Police Federation of England and Wales were victims of a malware attack affecting several databases and systems rendering encrypted data inaccessible and temporarily disturbing their email system. The breach was contained to the Surrey headquarters; however, if not detected as rapidly as it was, it could have spread to the local police branches.
“The Police Federation takes data security very seriously and responded immediately on becoming alerted to this incident. Our priority has been to mitigate the damage caused by the attack and to protect the personal data of our members and others whose data we hold,” said John Apter, chair of the organisation. Protecting the sensitive data that coincides with policing, from investigative information to police officers’ personal contact information, is of growing concern as law enforcement organizations face targeted cyber threats.
Chasing down suspects and holding criminals accountable makes police susceptible to cyber threats fuelled by revenge or a sense of justice. Doxxing, when personal information is made public, is a tactic many cyberthreat actors and hacktivists have used against law enforcement, risking the safety of officers and their families. Doxxing occurred after an officer in Ferguson shot Michael Brown in 2014.
Anonymous, an international hacker collective, announced the following:
“To the Ferguson Police Department and any other jurisdictions who are deployed to the protests, this is your warning: We are watching you very closely. If you abuse, harass or harm the protesters in Ferguson, we will take every Web-based asset of your departments and federal agencies offline. That is certainly not a hollow threat, but it is a promise. If you attack the protesters, we will attack every computer and server you have. We will dox and release the personal information on every single member of the Ferguson Police Department, as well as any other jurisdiction that participates in the abuse. We will seize all your databases and e-mail spools and release them to the public. You have been warned.”
Anonymous did not make an empty threat. Within a few days, Anonymous hackers shut down the city’s website and released personal information about Police Chief Jon Belmar, including pictures of his family and his home address. Having access to the personal information of police officers makes it easier for agitators to take violent action in the face of perceived injustices.
In another alarming cyberattack against police, “the ISIS-affiliated Caliphate Cyber Army disclosed personally identifiable information of 36 Minnesota police officers and called for the officers to be killed.” Doxxing can be prevented by protecting sensitive data with a layered cybersecurity strategy.
Anonymous struck in 2011 in response to the Occupy Wall Street movement and the corresponding arrests of protestors. In this case, a Distributed Denial of Service (DDoS) attack targeted the International Association of Chiefs of Police. A DDoS attack attempts to knock online services offline by overwhelming the system with increased traffic. Anonymous tried to clog their system and shut down the organization’s communications network leading up to a significant, annual policing event in Chicago.
And, it’s not just US law enforcement agencies that should be concerned. A DDoS attack took one of Canada’s largest police departments offline a few years ago. The Toronto Police website was knocked offline by a hacker who claimed responsibility and bragged about the incident on Twitter. The user’s Twitter account, based in Turkey, claimed a connection to Anonymous.
Ransomware attacks can plague any industry. However, it’s especially catastrophic when evidence is on the line. A police department in Collinsville, AL was disabled by ransomware. The police chief refused to pay the demanded amount. As a result, Collinsville lost 8-years’ worth of documents, videos, and photos. Ongoing cases at the time of the attack risked losing crucial evidence. The mass losses of evidence from cyberattacks compromise the justice system.
It is essential to understand that any device that connects to the Internet can be hacked: If it’s connected, it’s vulnerable. Any organization, including law enforcement organizations, are vulnerable to a cyberattack. For a skilled cybercriminal, all it takes to jeopardize an entire system is access to a single device or individual.
The following are steps toward cybersecurity that your agency can take:
- Create a culture of cybersecurity in your organization – making cybersecurity a priority.
- Ask for additional cybersecurity funding.
- Partner and communicate with a cybersecurity specialist.
- Conduct a vulnerability assessment.
- Provide cyber hygiene training and cybersecurity education to all employees.
- Develop and follow a cybersecurity incident response plan.
- Conduct organization-wide cybersecurity exercises to keep staff sharp.
- Stay current on the changing threat landscape and adapt your incident response plan accordingly.
Protecting advanced policing technology is of vital importance with nation-state and hacktivist attacks increasingly targeting law enforcement organizations. The industry needs to respond with network fortification measures and police-specific incident response plans.
Talk to the cybersecurity solutions specialists at ISA, who have over 27-years of demonstrated industry excellence, about how to protect your police organization from a cyberattack.