1/2/2018Anonymous Hacks Italian Speed Camera Database
Hacker takes over the police email and database system in Correggio, Italy and deletes speed camera tickets.
Individuals operating under the banner of the group Anonymous remotely took control of a local police computer system in Correggio, Italy, last week. After erasing the speed camera ticket database, those responsible sent screenshots of their work to various Italian newspapers to prove that they had eliminated 40 gigabytes worth of infringement photographs (view screenshot). According to Gazzetta di Reggio, the group also released internal emails, documents and related information to the media.
"Ho Ho Ho, Merry Christmas," read the message from Anonymous, which was sent from the municipal police department's own email account.
As additional proof, the message included login information for the newly depleted "Concilia" database along with samples of the full violation data that had been accessed. The company Verbatel provided the system that integrated data for the judiciary and police in Correggio, but its security proved unreliable. Internal email messages released by Anonymous described how a municipal employee previously had to fix a "mess" by restoring the database back to December 5 -- suggesting that at least some data may be available from backups.
Gazzetta di Reggio described the documents provided to reporters as including notes from two motorists complaining that they received tickets from Correggio speed cameras, even though they had never before passed through the area. Emails between police administrators and local politicians discussed how the speed camera profits were to be distributed.
While this may be the most serious security lapse involving photo enforcement, it is far from the only incident. Last year, Victoria, Australia had to shut down 280 speed cameras after a ransomware virus infected the automated ticketing machines, causing them to freeze and reboot. In Baytown, Texas, hackers were not needed to expose the bank account details of anyone who paid a red light camera ticket with a check. As first reported by TheNewspaper in 2009, city officials mistakenly exposed the personal information of 10,000 motorists in response to a simple freedom of information act request.
In 2007, a California court revealed that the processing of speeding tickets had been outsourced to Mexico, raising questions about the potential exposure of personal information. The US Department of Transportation's inspector general confirmed that the National Driver Register containing sensitive private data on 42 million motorists lacked even the most basic forms of encryption. The department even left sensitive paper records in file cabinets with keys left in the locks (view audit report).
Red light camera ticket information in Savannah, Georgia was left exposed for anyone to access in 2006. Two years earlier, an employee for ACS left a box containing 320 speed camera tickets from Edmonton, Canada, on a park bench.