TX: Cockrell Hill police lose some evidence in ransomware attack
Jason Trahan reports that when the Cockrell Hill Police Department server was infected with ransomware after an employee clicked on a link in an email that appeared to be from the department, the department decided not to pay the $4,000 ransom demand.
As a result, Trahan reports, the department lost some video evidence and a cache of digital documents.
Don’t be confused by the fact that Police Chief describes the incident as not a hacking incident.
Stephen Barlag, Cockrell Hill’s police chief, said the incident was not the work of hackers, but acknowledged that the incident included a computer-generated ransom demand.
“This was not a hacking incident,” Barlag said in a news release Wednesday evening. “No files or confidential information was breached or obtained by any outside parties.”
So how serious are the consequences of losing some evidence? The Department has paper backups of all paper files, and some video files were reportedly backed up on CDs, but it doesn’t appear that they had an any automated or comprehensive backup system or drive for video files.
The lost evidence surfaced publicly Wednesday after [criminal defense attorney J. Colin] Beggs questioned a Cockrell Hill police detective in a hearing convened before Criminal District Court Judge Dominique Collins to compel the department to explain why it had not turned over video evidence in his client’s case. Beggs said he had been asking for it since the summer — well before the hacking incident was discovered on Dec. 12.
Beggs said the loss of video evidence is significant for his client and others charged in Cockrell Hill cases involving police video. “It makes it incredibly difficult if not impossible to confirm what’s written in police reports if there’s no video,” Beggs said. “The playing field is already tilted in their favor enormously and this tilts it even more.”
According to the press notice issued by the department, the ransomware was an “OSIRIS” virus that affected:
all Microsoft Office Suite documents, such as Word documents and Excel files. In addition, all body camera video, some in-car video, some in-house surveillance video, and some photographs that were stored on the server were corrupted and were lost. No information contained in any of those documents, videos, or photographs was extracted or transmitted outside of the Police Department. Files that were affected did go back to 2009, however hard copies of ALL documents and the vast majority of the videos and photographs are still in the possession of the Police Department on CD or DVD. It is unknown at this time how many total digital copies of documents were lost, as it is also unknown how many videos or photographs that could have assisted newer cases will not be available, although the number of affected prosecutions should remain relatively small.
Read more on WFAA.