As more police departments are being hit by ransomware attacks, there are several issues to consider. Unfortunately, there is not a simple fix to the problem.
First, if the hackers steal data as part of the ransomware attack and then sell or publish it, it could compromise investigations or expose witnesses to physical harm if statements they made in confidence to the police are exposed publicly. After all, the reason the police investigate people is they are suspected of doing bad things.
In addition, people who have been charged with crimes could claim that evidence has been compromised as a result of the hack. It is certainly possible that they could convince a judge that the evidence against them was contaminated and must be discarded.
We have seen cases where the evidence has been completely lost as a result of a cyberattack. Bodycam video, for example, or other digital evidence. If the police don’t pay off the hackers and don’t have sufficient backups or they do pay off the hackers and the hackers are unable to recover the data, that evidence may be lost. Or they recover the data and can’t prove that it has not been changed. These are all things that a good defense attorney will try to convince a judge or jury about.
In those cases, prosecutors may choose to drop the case altogether (because prosecutors keep score and they don’t like losses – aka acquittals. It seems like a petty game, but it is reality). We saw this recently in Stuart, Florida where drug charges against 6 defendant’s were dropped after a ransomware attack.
It is certainly possible that forensic scientists may be able to determine whether evidence has been tampered with, but are they able to convince a judge or jury. Science is one thing, but human beings don’t always follow the science. That investigation likely dependent on log files that may not exist.
Victims and witnesses could become victimized again if their driver’s license, social security number, passport information, financial or medical information was sold on the dark web and used against them.
As we saw in the DC Metro police, the personal and disciplinary information of hundreds of police officers may be made public. This allows disgruntled people and people who just want to sow fear to attack police officers and their families.
During the days and weeks that information systems may be down due to a ransomware attack police cannot quickly retrieve information during traffic stops or during arrests, potentially causing the police to arrest the wrong person or let someone who is wanted go free.
If systems are down when a defendant is scheduled to go to trial, the police or district attorney may not be able to proceed with the case. It is possible that a judge will grant a continuance, but then again, maybe not.
This is more than an inconvenience; it is a public safety issue. And there is no easy fix. Credit: Data Breach Today