By Rick Sallinger

DENVER (CBS4) – Two men in Iran have been indicted by a federal grand jury on charges of hacking and attempting to extort money from cities, universities, and hospitals in the United States and Canada including the state of Colorado.

pm copter wednesday frame 53012 2 Iranians Indicted On Charges On Hacking Agencies Including CDOT

(credit: CBS)

Debbi Blyth is the Chief Information Office for the Governor’s Office of Information Technology. She told CBS4 the state’s transportation department was affected beginning last February.

“It was huge. It was a big impact on CDOT,” she said.

For about a month many Colorado Department of Transportation computers were going nowhere. Internal business operation computers became crippled. It impacted paychecks and vendors.

cdot 2 Iranians Indicted On Charges On Hacking Agencies Including CDOT

(credit: CBS)

The public side was not affected. The culprit, the SamSam ransomware.

iran cdot hacking 6pkg transfer frame 250 2 Iranians Indicted On Charges On Hacking Agencies Including CDOT

(credit: CBS)

It ominously warns, “you need a private key to recover your files.”

Then it demands payment in Bitcoin. At the state’s network operations center, they went into action. Matthew Johnson was the incident commander.

“This, at first, I think it’s frantic when you get into a situation of this magnitude,” he said.

iran cdot hacking 6pkg transfer frame 2350 2 Iranians Indicted On Charges On Hacking Agencies Including CDOT

(credit: CBS)

The Colorado National Guard, state emergency operations office, FBI and others were called in for a month. They traced the extortion plot to Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri from Iran who attacked systems nationwide.

suspects 2 Iranians Indicted On Charges On Hacking Agencies Including CDOT

Mohammad Mehdi Shah Mansouri, left, and Faramarz Shahi Savandi (credit: FBI)

In Washington, Deputy Attorney General Rod Rosenstein said in a news conference, “The conspirators collected more than $6 million in extortion payments and caused more than $30 million in losses.”

The loss to the state of Colorado was between $1.5 and $2 million. Blyth says they were never going to pay the ransom.

“So the state of Colorado, the last thing we want to do is fund criminal activity, so we felt the taxpayers wouldn’t want us doing that.”

The problem that led to the ransomware penetrating the CDOT computers was a temporary server that didn’t have proper security protection.

CBS4’s Rick Sallinger is a Peabody award winning reporter who has been with the station more than two decades doing hard news and investigative reporting. Follow him on Twitter @ricksallinger.

Comments

Leave a Reply

Please log in using one of these methods to post your comment:

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s