Connect with us

TOP BREAKING NEWS!

The Hapless Shakedown Crew That Hacked Trump’s Inauguration


Financial

The Hapless Shakedown Crew That Hacked Trump’s Inauguration

https://www.wsj.com/articles/the-hapless-shake-down-crew-that-hacked-trumps-inauguration-11572014333?mod=hp_lead_pos8

A lead agent jumped off his treadmill and charged toward the command center where police monitored the camera feeds day and night.

Instead of streaming videos, the computer screens displayed a message in red capital letters: “YOUR DOCUMENTS, PHOTOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!” Anonymous hackers demanded $60,800 in bitcoin to return control of the surveillance system.

The ransomware message that appeared on Washington, D.C., police computers on Jan. 9, 2017.


Photo:

U.S. DISTRICT COURT

In a Bucharest apartment 5,000 miles east,

Alexandru Isvanca

called

Eveline Cismaru

to his computer. The screen showed live footage from Washington. The 20-something couple with a history of small-time scams had inadvertently hacked the world’s most powerful nation for a five-figure ransom at a time of high anxiety over national security on Inauguration Day.

The Romanians had launched hundreds of thousands of emails embedded with ransomware in an attachment disguised as an invoice, authorities said. The list of email addresses they bought included, by chance, the Washington, D.C., police department. A recipient there apparently took the bait, opening the attachment that locked up the street-camera system. Only a payment could produce the key.

Secret Service agents debated whether the Kremlin was involved. The hackers had used Russian software. Or, maybe anti-

Trump

protesters were trying to sabotage the inauguration.

With the clock ticking down for an outdoor event expected to draw hundreds of thousands of spectators, U.S. law-enforcement officials had two goals: regain control of the surveillance system and track down the culprits.

Secret Service agents swarmed Washington, taking offline the many internet-connected elevators, fire alarms and thermostats along the planned presidential route to prevent further sabotage.

Alexandru Isvanca and Eveline Cismaru on a boat ride on the River Thames.

For years, Mr. Isvanca and Ms. Cismaru shared a sometimes-playful, sometimes-stormy partnership, supporting themselves at various times through identity-theft, credit-card fraud and ransomware attacks, according to friends, as well as U.S. and Romanian authorities.

Their latest gambit, authorities said, was the ransomware virus, which redirected the Washington video feed to their Bucharest apartment. For the couple, it seemed an unexpected stroke of good fortune.

This article about the pursuit of the hackers is based on sworn testimony, court documents, social media posts, and interviews with U.S. and European investigators, family members, neighbors, landlords and friends of Mr. Isvanca and Ms. Cismaru.

When asked for comment on the case,

Michael D’Ambrosio,

assistant director of the Secret Service Office of Investigations, said only that it illustrates how “physical systems that are dependent upon networked infrastructure are especially vulnerable.”

The couple has, over time, given conflicting and contradictory accounts. Mr. Isvanca at first admitted the hacking to the Secret Service, a court filing said. He later told The Wall Street Journal that the Washington police department wasn’t an intended target. Later, he said he hadn’t participated at all.

Ms. Cismaru initially denied her involvement to Secret Service agents. Later, as part of a 2018 plea agreement, she acknowledged her role in the scheme.

Ms. Cismaru sent a message to the Journal in June asking, “How much are you willing to pay for this interview?” (The Journal doesn’t pay for interviews.)

In August, she denied having anything to do with the computer hijacking. Communicating to the Journal by text and

Facebook

messages, Ms. Cismaru said, “I don’t know who wrote” and signed the court document in her name.

Ms. Cismaru said breaking into the U.S. capital’s video surveillance system was easy. “Americans are stupid,” Ms. Cismaru said in a text.

In fact, the couple brought about their own downfall.

Card capers

Mr. Isvanca and Ms. Cismaru, known to friends as Bobo and Eve, met in 2010. She was 21 years old. Mr. Isvanca, 18 at the time, supported himself “through computer crimes and credit card fraud,” Ms. Cismaru said in a court statement. Mr. Isvanca told the Journal she had lied about him in court and denied the allegations. His lawyer said she wouldn’t comment on the case.

Within a year of their meeting, Ms. Cismaru learned to acquire and use stolen credit cards to buy items online, according to Romanian prosecutors.

The couple kept to relatively low-risk capers using black-market software, email lists and stolen credit-card numbers, small fish in an ocean of fraud.

Share Your Thoughts

Can cybercrime be thwarted? Join the conversation below.

In the U.S., fraud involving debit- and credit-card payments in 2016 neared $7.5 billion, 60% of it from online fraud, according to the most recent surveys from the Federal Reserve.

Banks and retailers generally accept those losses, either because they don’t want to risk losing customers by refusing them refunds, or because the cost of pursuing suspects like the Romanian couple is too high. Consumers, at some point, end up paying higher prices to cover the losses.

In 2012, Ms. Cismaru was convicted in Romania of participating in credit-card fraud, according to court files.

The judge issued Ms. Cismaru a suspended 3-year prison sentence. The court required that she check in every three months with police, appointments she frequently missed, Romanian officials said.

Alexandru Isvanca and Eveline Cismaru in a photo posted on Ms. Cismaru’s Facebook page in November 2012.

By then, Ms. Cismaru had a wealthy boyfriend, her parents said in an interview, and she moved into his upscale London home in 2012. She brought Mr. Isvanca, her cousin and his girlfriend, and another friend to live there, as well.

At the London house, she and her entourage shared hacking tips and drunken, playful evenings, according to videos and pictures she posted on Facebook. Friends said Mr. Isvanca and Ms. Cismaru had romantic ties.

In early 2013, police raided the house in a cybercrime investigation involving Mr. Isvanca, Ms. Cismaru’s boyfriend evicted everyone but Ms. Cismaru. The couple had a son in 2015.

Ms. Cismaru and her boy returned to Bucharest where she rented a spacious apartment in a central-city neighborhood of new glass-tower condominiums. There, Mr. Isvanca and Ms. Cismaru worked long days blasting out the ransomware spam to email addresses from a list called USA.txt that was acquired on the dark web, a part of the internet used by cybercriminals.

They used a virus from what authorities suspect was a Russia-based group, which made money by taking a portion of the ransom in exchange for providing a password to unlock seized computers.

Using such plug-and-play ransomware is so foolproof that even bungling criminals can profit, according to cybersecurity experts.

Leaving fingerprints

On Jan. 9, 2017, Mr. Isvanca ordered food online from Andy’s Pizza in Bucharest. That day, using the same email address, he hacked the Washington street cameras, Ms. Cismaru later told prosecutors.

In Washington, ransomware disabled 126 of the 186 computers linked to the cameras, and Secret Service and police began trying to regain control.

Kidnapped Computers

Victim connected to Washington, D.C. police department network opens an infected document.

Romanian hackers send spam emails to random addresses.

Hackers hijack 126 of the 187 police computers connected to street surveillance cameras. A message gives instructions to unlock the computers: Pay $60,800 in bitcoin.

Hackers use one of the infected police computers to send more spam emails and for other online fraud schemes.

U.S. law enforcement officials erase infected computers and take connected devices offline.

Video cameras become operable three days before Trump inauguration.

Victim connected to Washington, D.C. police department network opens an infected document.

Romanian hackers send spam emails to random addresses.

Hackers hijack 126 of the 187 police computers connected to street surveillance cameras. A message gives instructions to unlock the computers: Pay $60,800 in bitcoin.

Hackers use one of the infected police computers to send more spam emails and for other online fraud schemes.

U.S. law enforcement officials erase infected computers and take connected devices offline.

Video cameras become operable three days before Trump inauguration.

Victim connected to Washington, D.C. police department network opens an infected document.

Romanian hackers send spam emails to random addresses.

Hackers hijack 126 of the 187 police computers connected to street surveillance cameras. A message gives instructions to unlock the computers: Pay $60,800 in bitcoin.

Hackers use one of the infected police computers to send more spam emails and for other online fraud schemes.

U.S. law enforcement officials erase infected computers and take connected devices offline.

A Step-By-Step Blueprint For Making Money Online, That Is 100% Dummy Proof!

GET EASY FREE TRAFFIC + AFFILIATE OFFER = COMMI$$IONS

Get The Simple Traffic Blueprint Now!

Video cameras become operable three days before Trump inauguration.

Romanian hackers send spam emails to random addresses.

Victim connected to Washington, D.C. police department network opens an infected document.

Hackers hijack 126 of the 187 police computers connected to street surveillance cameras. A message gives instructions to unlock the computers: Pay $60,800 in bitcoin.

Hackers use one of the infected police computers to send more spam emails and for other online fraud schemes.

U.S. law enforcement officials erase infected computers and take connected devices offline.

Video cameras become operable three days before Trump inauguration.

Inaugurations are the most intense event on the Secret Service calendar, and 2017 was no exception. Every would-be disrupter would be familiar with the motorcade route that President Obama and Mr. Trump would follow.

U.S. agents rushed to reinstall the operating system in stricken computers, one by one. As they worked, Ms. Cismaru posted a picture of herself at her laptop in a Bucharest restaurant: “#13Fridaynostress #workworkwork #feelinghappyandmotivated,” she wrote.

Three days before the inauguration, authorities got the surveillance cameras working.

The Bucharest building where Ms. Cismaru rented an apartment and where authorities allege the Washington hacking scheme began.


Photo:

Valentina Pop/The Wall Street Journal

Mr. Isvanca assured Ms. Cismaru that they had left no trace. He was wrong. Mr. Isvanca used the same email address for both the online pizza order and the hack.

Ms. Cismaru also left behind a glaring clue. She was using a fraudulent business account on Amazon to sell items she didn’t own. When she was alerted to an order, she purchased the product from a legitimate seller using a stolen credit card. The item was then shipped to the buyer.

Of the 126 hacked computers, the first one Secret Service agents analyzed was the very same one that hackers had used to spread the computer malware. The lucky find not only saved valuable time—the computer screen showed a tracking number for a package headed to the U.K. The couple had also used the commandeered computer in the Amazon scheme.

The package contained a hand-held meat barbecuing accessory, called the “Smoking Gun.” The device lets cooks “add a delicious smoky flavor to your food and drinks in just no time,” its producer said.

At the request of U.S. officials, the British National Crime Agency conducted a raid of the package’s destination, a London office. An officer later called the Secret Service and jokingly said, “I found the smoking gun.”

The Smoking Gun

Eveline Cismaru creates a fake business account on Amazon UK to sell products she doesn’t have.

Customer in London orders a cooking device called the ‘Smoking Gun’.

Ms. Cismaru buys ‘Smoking Gun’ from an online vendor using a stolen credit card and sends it to the London customer.

Alexandru Isvanca and Ms. Cismaru use one of the hijacked police computers to track the ‘Smoking Gun’ delivery.

Police raid a London office and find the ‘Smoking Gun’.

Eveline Cismaru creates a fake business account on Amazon UK to sell products she doesn’t have.

Customer in London orders a cooking device called the ‘Smoking Gun’.

Ms. Cismaru buys ‘Smoking Gun’ from an online vendor using a stolen credit card and sends it to the London customer.

Alexandru Isvanca and Ms. Cismaru use one of the hijacked police computers to track the ‘Smoking Gun’ delivery.

Police raid a London office and find the ‘Smoking Gun’.

Eveline Cismaru creates a fake business account on Amazon UK to sell products she doesn’t have.

Customer in London orders a cooking device called the ‘Smoking Gun’.

Ms. Cismaru buys ‘Smoking Gun’ from an online vendor using a stolen credit card and sends it to the London customer.

Alexandru Isvanca and Ms. Cismaru use one of the hijacked police computers to track the ‘Smoking Gun’ delivery.

Police raid a London office and find the ‘Smoking Gun’.

Eveline Cismaru creates a fake business account on Amazon UK to sell products she doesn’t have.

Customer in London orders a cooking device called the ‘Smoking Gun’.

Ms. Cismaru buys ‘Smoking Gun’ from an online vendor using a stolen credit card and sends it to the London customer.

Alexandru Isvanca and Ms. Cismaru use one of the hijacked police computers to track the ‘Smoking Gun’ delivery.

Police raid a London office and find the ‘Smoking Gun’.

Investigators tracing Ms. Cismaru’s online activity discovered she had used a Gmail account with her full name as a backup to accounts created for the credit-card and ransomware schemes. Investigators found one email account with the details of 2,170 stolen credit cards, as well as the same USA.txt list detected on the hacked police computer in Washington.

Ms. Cismaru said her personal email account was “fraudulently used without my knowledge,” in a statement to the Journal. She blamed the Smoking Gun purchase on others.

In late January 2017, U.S. investigators contacted Europol. By summer, Dutch, British and Europol investigators had joined agents of the Secret Service and Federal Bureau of Investigation to plan the arrest of Mr. Isvanca and Ms. Cismaru.

The couple “ended up being the mostly unlucky hackers after being the luckiest,” said a Romanian investigator who joined the dragnet.

Ten days before Christmas 2017, Ms. Cismaru’s parents said, they drove their daughter, her baby and her Swedish boyfriend to the Bucharest airport for a flight to London.

Ms. Cismaru had a ticket for seat 19C. Mr. Isvanca, unknown to Ms. Cismaru’s family, was on the same flight in seat 19D. They were arrested before boarding and confined to house arrest.

Mr. Isvanca stayed in his mother’s modest apartment in the eastern Romanian city of Onesti. Ms. Cismaru smoked cigarettes at her parents’ home outside Bucharest. They were ordered not to speak to each other.

A lamp post and security cameras in front of the White House in Washington.


Photo:

Robert Alexander/Getty Images

In early 2018, Mr. Isvanca messaged Ms. Cismaru on an encrypted app, according to her guilty plea. The Secret Service has no proof it was us, he wrote. If she testified against him, Mr. Isvanca warned, he would forge conversations incriminating her. She later shared screenshots with U.S. prosecutors.

On Feb. 16, 2018, Ms. Cismaru failed to show up for a morning appointment at Perfect Smile Dentistry in Bucharest. British police believe she left Romania and traveled by train from Hungary to France. Her boyfriend drove her from Paris to London using the channel tunnel.

Police in London, alerted by U.S. authorities, sent two officers to the boyfriend’s house. Ms. Cismaru had dashed out the back door by the time officers entered the house. She tried to hide in a garden, but two other officers were watching the back of the house.

Once trapped, Ms. Cismaru shouted, “I’m pregnant!” Officers escorted her, screaming, into a police car. She “denied any involvement in this scheme and even denied the use of her own personal email account,” according to court documents.

Ms. Cismaru and Mr. Isvanca were charged in the U.S. with 11 counts, including conspiracy to commit wire fraud, computer fraud, trespassing in a government computer and attempted extortion. Ms. Cismaru was extradited to the U.S. in July 2018. Character witnesses described her as a caring mother.

Eveline Cismaru in a recent photo posted to her Instagram account.

Alexandru Isvanca’s Facebook profile photo.

On Sept. 20, 2018, Ms. Cismaru entered a guilty plea to two of the 11 counts and agreed to testify against Mr. Isvanca. In a court statement, she “admitted to her participation in this conspiracy, along with a co-conspirator.”

U.S. prosecutors determined Ms. Cismaru played a minor role. In January, she was released for time served. In March, she was deported.

Mr. Isvanca is on trial in Romania on earlier charges involving credit-card theft. He faces extradition to the U.S., where charges in the Washington case carry penalties of up to 20 years in prison.

In London, Ms. Cismaru says she is a fashion fitness entrepreneur and Instagram influencer, posting glamour shots and ads to 90,000 followers.

A recent post shows her posing in a tightfitting dress, draping her high heels across a leather sofa, lips pursed.

“Living my best life,” she wrote, adding a crying-laughing emoji. “#BossGirl.”

Liana Fermesanu

 and Peter Rudegeair contributed to this article.

Write to Drew Hinshaw at drew.hinshaw@wsj.com and Valentina Pop at valentina.pop@wsj.com

Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Free Gift With Our Newsletter

We hate SPAM and promise to keep your email address safe

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Stories!

To Top