Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Australia Government Transportation

Roadside Cameras Infected with WannaCry Virus Invalidate 8,000 Traffic Tickets (yahoo.com) 175

Long-time Slashdot reader nri tipped us off to a developing story in Victoria, Australia. Yahoo News reports: Victoria Police officials announced on Saturday, June 24, they were withdrawing all speed camera infringement notices issued statewide from June 6 after a virus in the cameras turned out to be more widespread than first thought. "That does not mean they [the infringement notices] won't not be re-issued," Assistant Commissioner Doug Fryer told reporters, explaining that he wants to be sure the red light and speed cameras were working correctly. Acting Deputy Commissioner Ross Guenther told reporters on Friday that 55 cameras had been exposed to the ransomware virus, but they've now determined 280 cameras had been exposed. The cameras are not connected to the internet, but a maintenance worker unwittingly connected a USB stick with the virus on it to the camera system on June 6.

Fryer said that about 1643 tickets would be withdrawn -- up from the 590 that police had announced on Friday -- and another five and a half thousand tickets pending in the system would be embargoed. Fryer said he was optimistic the 7500 to 8000 tickets affected could be re-issued, but for now police would not issue new tickets until police had reviewed the cameras to ensure they were functioning properly... The "WannaCry" malware caused the cameras to continually reboot, Fryer said. Fryer said there was no indication the malware had caused inaccurate radar readings, but police were being "over cautious" to maintain public faith in the system.

Last week Victoria's Police Minister was "openly furious" with the private camera operator, saying the group hadn't notified the relevant authorities about the infection.
This discussion has been archived. No new comments can be posted.

Roadside Cameras Infected with WannaCry Virus Invalidate 8,000 Traffic Tickets

Comments Filter:
  • For once (Score:4, Insightful)

    by Anonymous Coward on Sunday June 25, 2017 @09:38PM (#54689033)

    The bad guys accidentally did society a favor.

    • by Anonymous Coward

      Not really. The people speeding will still get a ticket. A repair man as an extra expense will need to be sent out. The tax payers will get the bill for it.

      • Re:For once (Score:5, Insightful)

        by asifyoucare ( 302582 ) on Sunday June 25, 2017 @11:38PM (#54689395)

        I can't see how the motorists can be convicted. A lawyer just has to ask "Does the manufacturer warrant the accuracy of the camera device when infected with malware?"

        The answer of course will be "no". The standard of proof is not lowered just because an offence is minor.

        Once it happens in one case, all the other cases will be dropped.

        • Why do you think malware would edit the photographs or move the distance markers around? On the scale of reasonable doubt it's quite "aliens did it" but it's not far off.

          • by sjames ( 1099 )

            These are radar cameras. They snap a picture of the car and the radar determined speed. No markers.

            Now, the virus caused them to reboot frequently. What effect did that have on the radar calibration? I don't know either. Did it cause the system to go to an operational state at any point when the radar wasn't ready? Also don't know and neither do you.

            Is it worth doing extensive testing under those conditions in order to re-instate 7000 speeding tickets? Probably not.

            Now, as for your case of markers on a spee

            • You've made a case for possibly. It's nowhere near probably.

              Cosmic rays could possibly affect the reading.

              • Re:For once (Score:5, Interesting)

                by asifyoucare ( 302582 ) on Monday June 26, 2017 @07:27AM (#54690421)

                'Probably' isn't relevant here. This isn't a civil case; it's a criminal case where the standard of proof is 'beyond reasonable doubt'.

                It isn't up to the defense to do a code audit and find every possible way in which malware might affect the result - they'll just ask that very simple question "Does the manufacturer warrant the accuracy of the camera device when infected with malware?"

                • Regular speeding is a criminal matter, in AUS? It is a civil offense, most places. Well, unless you're going really fast. That is often called Criminal Speeding, a wholly different charge. I would be kinda surprised if it were criminal in Oz.

                • You've got it the wrong way round. If you're claiming doppelgangers or witchcraft as a defense it's not up to the prosecution to disprove them.

                  Just like you can't just say "self defense" against an assault charge; you have to provide credible evidence that the person was about to attack you.

                  Given that this malware had a specific purpose - which wasn't recalibrating radar guns - I'd say it made no difference.

                • 'Probably' isn't relevant here. This isn't a civil case; it's a criminal case where the standard of proof is 'beyond reasonable doubt'.

                  Some states have a civil speeding infraction as well, with a criminal charge possible for excess or reckless speed. Example: MI, MA

                  Some states have only criminal speed offenses. Example: CA, IL

              • by sjames ( 1099 )

                It's way above cosmic rays as a probability. It's a system that may or may not be doing a normal initialization and that is certainly doing so more frequently than it should. It's a system depending on stable oscillators when the temperature is swinging widely.

                Perhaps more to the point, It's a condition that the manufacturer is unlikely to certify accuracy for.

            • These are radar cameras. They snap a picture of the car and the radar determined speed. No markers.

              Now, the virus caused them to reboot frequently. What effect did that have on the radar calibration? I don't know either. Did it cause the system to go to an operational state at any point when the radar wasn't ready? Also don't know and neither do you.

              Is it worth doing extensive testing under those conditions in order to re-instate 7000 speeding tickets? Probably not.

              Now, as for your case of markers on a speed camera, Determining speed is a matter of seeing how long it took a car to get from A to B which will depend on the system clock (or frame rate) being correct. It's not that hard to imagine something being a bit off there.

              I don't see that calibration would be an issue. As you said, a speed calculation is from going from point A to point B with a certain time length. If a distortion of calibration occurs from rebooting, then it is a uniform error for both measurement of point A and B; thus, the result of calculation is still valid. However, I don't know how they handle the reboot issue during the first and second images are taken. How does their camera work? Would it take the next image after reboot and then compare with the

              • by sjames ( 1099 )

                Since the camera is actually using radar, it will depend on precision components behaving with precision. It is not at all unusual for such devices to need at least a short time to come to stable operation. Flipping power on and off frequently (as rebooting can do to peripherals) is not a good way to achieve that.

                Without manufacturer certification for accuracy under those conditions, it might as well read "for novelty use only" on the side.

          • The malware could have an effect on the internal clock.

            LK

            • Would a radar speed gun use the computer's internal clock? I doubt it would be fast enough.

              • Perhaps not but if the malware caused a delay in taking the photograph, the car that's captured might not be the one that exceeded the speed limit.

                Have they done their due diligence to show that this isn't happening?

                LK

        • by mjwx ( 966435 )

          I can't see how the motorists can be convicted. A lawyer just has to ask "Does the manufacturer warrant the accuracy of the camera device when infected with malware?"

          The answer of course will be "no". The standard of proof is not lowered just because an offence is minor.

          Once it happens in one case, all the other cases will be dropped.

          This is how it works in Australia.

          The burden of evidence is on the police, who are making the accusation.

          If you can call into question the accuracy of the evidence, your case will be dropped. You get a presumption of innocence because the evidence arrayed against you was less than rock solid.

          • Not at all true. (West Coast US) From personal experience, the Magistrate will not drop the matter, even when presented with clear evidence that the infraction is invalid. They tend to haggle, reduce the fine, redefine the offense, etc In one case I had the fine reduced from $250 to $1 (one). When I pushed the Magistrate to let go of the conviction, she countered that I could take it up with a Superior Court Judge by demanding a formal trial. A process requiring significant filing fees, and hiring a c

            • by mjwx ( 966435 )

              Not at all true. (West Coast US)

              We're talking about Australia here. In Australia, the courts place the burden of evidence on the accuser, this means the prosecution must present solid evidence for the case to be ruled in their favour.

              They tend to haggle, reduce the fine, redefine the offense, etc In one case I had the fine reduced from $250 to $1 (one).

              This does not happen in Australia. The penalty you're presented with is the minimum penalty that can be enforced. Going to court for a dismissal is an all or nothing affair. You either walk out with no ticket or a ticket plus court costs. The only way a judge can change the penalty is to increase it.

              In fac

        • The problem is described as repeated camera reboots. Quite likely the cameras worked as well as ever (not necessarily all that well) when they were working. They just weren't working much of the time. If it is established that's the case, probably the tickets will be reissued. If, OTOH there's any chance that the reboots cause a problem. If for example, there is a recalibration period after reboot that turns out upon scrutiny to be too short, the tickets presumably won't be reissued.

        • It could be argued that the reboots caused "selective monitoring" where one vehicle passing thru the intersection above the limit would get a ticket and another vehicle going above the limit would not because the system was rebooting. Since the system was not "fully operational" the ticketing was inherently unfair.

      • by dwywit ( 1109409 )

        I doubt that -"Victoria's Police Minister was "openly furious" with the private camera operator,"

        usually means "you WILL fix this, and you will NOT bill us for it, or we'll exercise our rights to terminate the contract". There are (from the summary) two other companies with speed/red light camera contracts, who I'm sure will be eager to take on the additional revenue-raisers.

    • But who the fsck chooses windows for such a device?

      I'm not a "Linux is going to be the new desktop" guy. But for this type of non user device why on earth would you put a desktop OS on it?

      • Doesn't WannaCry spread over SMB? If you did happen to use Windows for some weird reason, why on earth would you leave the SMB port open?

        Actually I've worked with people using Windows for embedded, so I can imagine what the whole system looks like. It's mainly image recognition stuff, so it was probably built by computer scientists who really don't have a clue about system building.
      • That was my immediate reaction as well, I mean, Windows on a fricken speed camera? Those things need to run under adverse conditions with dodgy power and who knows what else, and they use an OS that needs more care than an incontinent puppy?
      • Because if it is not run on every desktop, you cannot find cheap coders for it. So, if teenagers are taught in the college to work with Windows, they are not able to program anything else.

      • "But for this type of non user device why on earth would you put a desktop OS on it?"

        Reasonable question, but go check the Internet and see how many images you can find in 3 minutes of BSOD screens on kiosks, airport arrival/departure screens, ATMs, etc.

        You do need an OS for most everything except carefully hand crafted embedded systems. And even there you need an OS for development and maintenance. It's not surprising that sometimes the OS is Windows although -- all other things being equal -- it wouldn'

  • by Rick Schumann ( 4662797 ) on Sunday June 25, 2017 @09:40PM (#54689039) Journal
    This makes me happy. :-)
    • Don't worry, says right in the summary that the tickets will be reissued. The company that bribed the officials who let them put in the cameras (with steak dinners maybe) will likely be breathing down the necks of the officials until they get them reissued. Then the taxpayers will be on the hook for the costs of upgrading the systems to windows 10. And the red light cam company will use it somehow to justify lowering yellow light times.
      • That does not mean they...won't not be re-issued

        Actually, I get the feeling it says they won't be re-issued.

      • by rtb61 ( 674572 )

        That company is in serious trouble, hacking a computer network is a serious crime and they failed to notify the government when a policing system was corrupted and hence are now guilty of the crime of accessory after the fact. They should have reported it within 24 hours, a policing system to protect the public had been compromised, and they should be held legally liable, not just for the speeding ticket failure but also for not reporting a computer crime and allowing it to spread.

      • by dwywit ( 1109409 )

        As another poster mentioned, it will only take one person to take his/her ticket to court, and the case found in favour of the defendant, for all the tickets to be dropped. I'd like to see the contract's terms - especially the penalty clauses and termination triggers.

        This isn't america - Australia appoints magistrates and judges, we don't elect them, so they tend to be apolitical, so our courts don't automatically side with the govt, or its officials.

  • by Anonymous Coward

    "Doesn't mean they won't not be reissued" -- I can barely parse that.

    • It means someone went to public school.

    • by alexo ( 9335 )

      "Doesn't mean they won't not be reissued" -- I can barely parse that.

      This doesn't happen to people that won't not update their parser.

  • Won't not (Score:5, Insightful)

    by ArchieBunker ( 132337 ) on Sunday June 25, 2017 @09:42PM (#54689051) Homepage

    They really do speak the Queen's English down there.

    • That does not mean they won't not be re-issued

      going for the triple negative, technically I think this means they will not be re-issued, but I'm sure that's not what the Blue footed Boobie (that's what they call Bobbies down under, heard it on the BBC once, must be true) intended.

    • Thanks to the amazing reporting of Yahoo! news.
      I guess they can't handle it when a press release is live video they can't copy and paste.

  • So how did this work. Are the camera set to automatically execute when a USB is plugged in or did the person who stick it manually execute the program?
    • The camera SYSTEM isn't connected to the Internet. But they're connected to each other, and the system has Windows hosts on it... probably the C&C machines that collect the video feeds.

      • The camera SYSTEM isn't connected to the Internet.

        That's what they say...

        But then how is the camera data communicated to the Mother Ship?

        Of course they are connected to some kind of Intranet perhaps? And is this Intranet "air gapped"? Doubtful.

        Or perhaps they are connected by some big network of coax? Yeah, I don't think so either.

        They have their own ethernet strung all over the country? Nope...

        Or maybe by cell network? Oh, that would be received by some network connected phone device at the Mother Ship.

        My guess is these things are connected to the Interne

      • by AK Marc ( 707885 )
        No, the camera system is connected to the Internet, through a C&C machine that is network connected. That they have a firewall-like server protecting them doesn't help when those that design and administer the system don't think of it that way.

        Can you browse to www.google.com from the camera? No. So they aren't on the Internet. Can you edit their OS remotely from the Internet? Sure. Just RDP to the C&C and go for it. But since they can't get to Google, they are 110% safe.

        Hey, if the people
  • The evidence is tainted, lawyers will be able to get charges dismissed. Then buy another V-tail Bonanza. https://en.wikipedia.org/wiki/... [wikipedia.org]
  • I guess that the infection having been discovered means people will have to go back to placing burning tires filled with gasoline on them! :P

    Strat

    • by dbIII ( 701233 )
      Why do you gun nuts think that Mad Max was a documentary?
      • Come on, that's not right. They only wish it was.

  • by Anonymous Coward

    the additional loss of revenu-err... lives

  • by rsilvergun ( 571051 ) on Sunday June 25, 2017 @10:04PM (#54689119)
    to cut taxes. Local governments have to scrap for every penny and resort to crap like this. I don't think you'll find any honest traffic engineer who says these things make the world safer. If you want safe make the yellow longer. Problem solved.
    • by AK Marc ( 707885 )

      I don't think you'll find any honest traffic engineer

      Correct. The closest you get is those that run the lights back to the control room. The lights, timings, and remote control are handled by then engineers with zero decision making powers. Those that cam make decisions have them made for them by the politicians. "speed kills" when you are much more likely to be going 35 mph when you die than 110 mph (misleading, as so few go 110 mph, but no more misleading than counting drunks literally asleep at the wheel as "speed related", no matter the speed). Almos

    • People need to realize that there are worse things than taxes. Taxes are at least nominally fair, in that they apply to everyone. You could argue that some people get taxed more thanks to the idea of progressive taxation, but the counter-argument to that is that those people get taxed more because they can afford more. So it's arguable at least.

      That said, the use of traffic and other fines as revenue generation is essentially a tax in all but name - and worse, it's an unevenly applied "tax" that cares not
      • by Ichijo ( 607641 )

        the use of traffic and other fines as revenue generation [is] an unevenly applied "tax" that cares nothing about your ability to pay

        That's a good argument for making the fines proportional to income.

        The fact that in cases like the shortened yellow lights, it's actively harming (rather than helping) safety

        That's correct, if you're the bumper on a car. If you are any other part of the car, or a human inside the car, the reduced T-bone collisions at camera-enforced intersections make you safer [dot.gov]:

        Even though th

    • by dwywit ( 1109409 )

      Speeding and red light cameras in Australia are run/contracted by state governments, not local councils - but your basic position re: revenue is correct. These things are law enforcement by proxy, supposedly freeing police to tackle real crime, but not really. They're all about the money.

  • One thing is when it targets the public, then "we're going to do something about it, don't worry folks, calm down!". Nothing happens.

    It now affects a gov. major income source - you bet the military is going to be on it now!

  • Private Operator (Score:5, Insightful)

    by Dan B. ( 20610 ) <.ua.moc.rayrb. .ta. .todhsals.> on Sunday June 25, 2017 @10:05PM (#54689125)

    LOL. Once again the government outsourcing their responsibility to private operators turns out to be (yet) another million dollar mistake, fully funded by the taxpayer. Except in this instance, it's not an expense, rather a lack of revenue, and no one is crying because we all know in Victoria cameras are revenue machines, not road rule enforcement/deterrent. That's why most of them are on straight sections of highway with limits of 100kph or more.

    I reckon they should 'fine' the operator their commission for the year.

    Commission? Yes, commission; the operator gets a slice of each ticket issued.
    You think that makes them do their utmost to issue as many tickets as possible? You bet, about $1bn worth every year.

    • Re:Private Operator (Score:5, Informative)

      by Required Snark ( 1702878 ) on Monday June 26, 2017 @02:14AM (#54689751)
      The traffic camera company RedFlex Holdings [wikipedia.org] is a case study in corporate corruption and incompetence. Their US division had a massive bribery scandal in Chicago. The parent company, based in Australia, made two members of the board directors and the sales chief resign. Three execs in their US division were fired as well. One of them, the former president, ended up getting 30 months in federal jail because of bribery in Chicago and Ohio.

      If you read the Australian news article [theage.com.au] they make it clear the the virus was introduced to the cameras from an infected USB stick. On top of that, their camera systems don't work very well, and there is another investigation going on in Australia looking into that issue.

  • She said wanna cry had infected the linux systems as well as the windows ones in her statement.

    • She said a virus has infected 3 "linox" systems, she did not specify which virus.

    • by dbIII ( 701233 )
      Linux, Solaris, FreeBSD or whatever - if a file server gives read/write permission to files available to an infected host then they get read and rewritten.
      File system snapshots help and real backups help even more.
  • by dbIII ( 701233 ) on Monday June 26, 2017 @12:49AM (#54689553)
    The real story here is that the cameras were farmed out to a for-profit company.
    A "sin tax" is one thing and bad enough, giving a third party a chance to make a profit from it hurts everyone apart from the profiteers.
    Time to start looking at the former government for kickbacks or a special job for the guy who sold the farm.
    • Unless I'm mistaken, that's the most common instance - a private company offers to install the cameras and operate them for a cut of the money. It's disgusting and corrupt, and in my view, that sort of business model should be illegal.
  • by Lurks ( 526137 ) on Monday June 26, 2017 @02:06AM (#54689735) Homepage

    This should be understood on the background of how speed cameras operate here (Victoria, otherwise referred to in Australia as Police State). The damn things are everywhere. There's no responsibility to tell people where they are, so they're not used as a deterrent like other states, they're used to raise money and they're GREAT at that. More than a billion dollars in the last three years .For a place that has the population of Wisconsin.
    There's a classic one in Chadstone, which is the champion for raising $$$, located just as 70kph turns into 40kph. They must be cackling with glee over that one.

    Also, there's no leeway on these things. 77% of speeding fines are for exceeding a posted limit by less than 10kph (6mph). I've had one for being 3kph over, while being the only guy on a double lane straight highway for miles and miles... (cops hide in the vegetation in the median strip). Good one guys, beats catching rapists eh?

    Fundamentally, other \.ers have called it right. The fundamental problem is that a commercial operator will basically install as many of them as you let them since they get nice revenue from it. The state government sees this as $$$, and can pull up all sorts of charts telling you that they are 'safety cameras'. All the while, this is a state where cops do nothing about rampant tailgating, driving around with fogs + high beams, hoons spinning wheels at every traffic light, failure to indicate and so on... because that would need police work rather than just ticking a box on a form and waiting for the money to roll in.

    Occasionally, just occasionally, one sees a burnt out speed camera with still-smouldering tyres at the base of it. Digitally burn the things? Bring it oooon.

    • Good one guys, beats catching rapists eh?

      Colour me pessimistic, but it costs the State a whole lot of money to catch, try and jail rapists. Why would they do that?

    • Or just don't speed. I mean it is a 100% voluntary donation to the government so you can't really get too upset about making it.

  • by 4wdloop ( 1031398 ) on Monday June 26, 2017 @02:29AM (#54689787)

    These cameras use Windows on their embedded hardware? I suppose a bit expensive but why not? Other than security issues...

  • I think that by suspending these tickets, they are fueling the fear/suspicion that such a virus could go in and fake evidence of speeding. Sure, in theory a virus could have a dual payload: On consumer and business PCs it encrypts the data and asks for a fee. But when it finds itself on a roadside speeding camera it will start to fake photos of speeding vehicles. Right!

    Realistically, worst case, the evidence of the speeding vehicles has been lost. Then the tickets that you've already sent should be followed

  • So they can validate some red light tickets can be reissued.

    In my state we have rape kits over a decade old and the governments solution is to try to crowdfund processing rape kits (instead of allocating state funds to that cause).

  • "Fryer said there was no indication the malware had caused inaccurate radar readings, but police were being "over cautious" to maintain public faith in the system."

    I don't know what "public faith" regarding those ticket cams he's talking about, I've never heard of anyone that likes them or has ever trusted them in the first place.

How many NASA managers does it take to screw in a lightbulb? "That's a known problem... don't worry about it."

Working...