US prosecutors have charged two Romanians with hacking Washington DC police computers linked to surveillance cameras just days before President Donald Trump’s inauguration.
The pair are being held in Romania, having been arrested at Bucharest Otopeni airport on 15 December.
Mihai Alexandru Isvanca, 25, and Eveline Cismaru, 28, allegedly accessed 123 outdoor surveillance cameras as part of a suspected ransomware scheme.
Mr Trump was sworn in on 20 January.
The perpetrators intended to use the camera computers to send ransomware to more than 179,600 email addresses and extort money from victims, the justice department said in a statement.
Investigators have identified victims who had received the ransomware or whose computer servers had been accessed, it added.
There was no evidence that the alleged hackers had physically harmed or threatened anyone, the US statement added.
A secret service agent, James Graham, said in an affidavit that two variants of “sophisticated, malicious computer code” had been placed on three police computers, one known as “cerber” and the other known as “dharma”.
In ransomware attacks, malware is secretly installed on computers, usually via rogue email attachments, which locks programs. The hackers then demand payment in exchange for unlocking the computers.
More on ransomware attacks:
Mr Isvanca and Ms Cismaru are accused of conspiracy to commit wire fraud – that is, financial fraud using computers – which carries a maximum penalty of 20 years in jail.
The EU police agency Europol says three other suspects were also arrested in Romania this month in a linked investigation into ransomware. The UK’s National Crime Agency was involved in that investigation.
The three are suspected of infecting computers with CTB-Locker (Curve-Tor-Bitcoin Locker) malware.
A Europol statement says Romanian police were tipped off in early 2017 by the Dutch High Tech Crime Unit and other authorities about a group of Romanians sending spam messages.
The spam emails had attachments made to look as if they had come from well-known companies in Italy, the Netherlands and UK. Once opened on a Windows system, those malicious attachments encrypted computer files.