In 2017, while the mainstream media was wasting their time yammering about potential Russian collusion in the election, a little known and far less talked about nefarious hack of Washington D.C. was actually taking place.
It was just 8 days before President Trump's inauguration that the Secret Service got a call informing them that hackers had "seized control of most of the video surveillance cameras that keep watch over the U.S. capital," according to the Wall Street Journal.
When an agent went to check on the camera feeds, he found a message that stated: “YOUR DOCUMENTS, PHOTOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!” The message also demanded about $60,000 in Bitcoin as ransom.
Meanwhile, in Bucharest, 20-something Romanian couple Alexandru Isvanca and Eveline Cismaru celebrated hacking the world's most powerful nation. Isvanca and Cismaru thought they had found an unexpected stroke of good luck when they were able, through the ransomware software, to direct the Washington video feed to their apartment.
The couple, who had a history of small-time scams, had launched hundreds of thousands of emails embedded with ransomware in an attachment disguised as an invoice. The email addresses that they bought to sent them to happened to include the Washington D.C. police department - where one recipient opened the attachment and took the bait.
This locked up the city's street camera system.
Michael D’Ambrosio, assistant director of the Secret Service Office of Investigations, said: "It illustrates how physical systems that are dependent upon networked infrastructure are especially vulnerable.”
Secret Service agents, meanwhile, were trying to figure out whether or not the Kremlin was involved. The hackers had used Russian software.
With time ticking down before the inauguration, agents swarmed Washington, taking offline many internet connected elevators, fire alarms and thermostats along the planned inauguration route.
Isvanca's story has changed multiple times: first admitting to hacking the Secret Service, later telling the Wall Street Journal that the Washington Police was not an intended target and finally just denying at participation at all.
Cismaru also denied involvement to Secret Service agents at first, before acknowledging her role as part of a 2018 plea agreement.
When approached by the WSJ, Cismaru asked “How much are you willing to pay for this interview?”
After denying involvement again to the WSJ, Cismaru finally admitted that breaking into the U.S. capital's video system was "easy" and said that "Americans are stupid".
Isvanca and Cismaru met in 2010, when he was supporting himself at 18 years old through "computer crimes and credit card fraud". Within a year of them meeting, Cismaru learned how to acquire and use stolen credit cards for online shopping. Cismaru was convicted of credit card fraud in 2012 in Romania and received a 3 year suspended prison sentence. As part of her sentence, she was supposed to check in everything three months with police, appoints that she "frequently missed".
Banks and retailers generally accept the nearly $7.5 billion in fraud using credit cards annually, because they don't want to risk losing customers by refusing them refunds - and because the cost of pursuing suspects, like the Romanian couple, is too high.
Cismaru then moved to London in 2012 with her wealthy boyfriend, bringing Isvanca and his girlfriend with her. Police raided the house in 2013 during a cybercrime investigation involving Isvanca, at which point Cismaru's boyfriend evicted everyone from the house but her.
The couple then had a son in 2015, before moving back to Bucharest.
Back in Bucharest, Cismaru and Isvanca started to blast out ransomware to a list of email addresses they ascertained off the dark web. They used a virus created by a Russia-based group that would make money by taking a portion of the ransom in exchange for providing a password to unlock hacked devices.
The couple eventually left fingerprints of their work, however.
Isvanca ordered food online from Andy's Pizza in Bucharest in 2017 and later that day, using the same email address, he hacked the Washington street cameras. The ransomware that the couple used disabled 126 of the 186 computers linked to the camera.
This left agents scrambling to reinstall operating systems in computers that had been effected. While the Secret Service was rushing to fix the issue, Cismaru was posting selfies of herself working on a laptop in a Bucharest restaurant.
It was just three days before the inauguration that authorities got the cameras working again.
Isvanca was sure that he had left no trace, but both he and Cismaru had left behind breadcrumbs. Aside from Isvanca using his email address while ordering pizza, Cismaru had used one of Washington's commandeered computers in an Amazon fraud she was running, taking ordering for items she didn't own and then shipping to buyers using a stolen credit card.
Authorities followed one such package:
The package contained a hand-held meat barbecuing accessory, called the “Smoking Gun.” The device lets cooks “add a delicious smoky flavor to your food and drinks in just no time,” its producer said.
At the request of U.S. officials, the British National Crime Agency conducted a raid of the package’s destination, a London office. An officer later called the Secret Service and jokingly said, “I found the smoking gun.”
Investigators found that Cismaru had used a Gmail account with her full name as a backup to accounts created for the fraud. From there, they were able to find one email account with the details of 2,170 stolen credit cards and the master list of e-mail addresses that the couple was using.
Cismaru told the WSJ that her email was “fraudulently used without my knowledge.”
By January 2017, global investigators had joined with the Secret Service and FBI to plan the arrest of the couple. One Romanian investigator said the couple “ended up being the mostly unlucky hackers after being the luckiest.”
Ten days before Christmas in 2017, Cismaru and Isvanca were arrested before boarding a flight to London together and confined to house arrest, as well as ordered not to speak with each other.
But in 2018, Isvanca messaged Cismaru on an encrypted app, telling her that the Secret Service has "no proof" it was them. He warned her against testifying against him. She took screenshots and shared them with U.S. prosecutors.
Cismaru left Romania sometime in February 2018, traveling by train from Hungary to France, before being driven from Paris to London by her boyfriend. Police in London sent officers to the boyfriend's house, where they caught Cismaru dashing out of the back of the house.
"I’m pregnant!” she screamed after being taken into custody. She also "denied any involvement in this scheme and even denied the use of her own personal email account."
Cismaru and Isvanca were both charged in the U.S. with 11 counts, including conspiracy to commit wire fraud, computer fraud, trespassing in a government computer and extortion.
Cismaru was extradited to the U.S. in July 2018. She entered a guilty plea to 2 of the 11 counts and agreed to testify against Isvanca. In court, she “admitted to her participation in this conspiracy, along with a co-conspirator.”
In January 2019, she was released and in March, she was deported.
Isvanca is on trial in Romania on earlier charges involving credit card theft. He faces eventual extradition to the U.S., where charges in the States could result in up to 20 years in prison.