back to article WannaCrypt blamed for speed camera reboot frenzy in Australia

A contractor in the Australian State of Victoria has managed to infect an unknown number of speed cameras with a virus, over sneakernet. Details aren't so much sketchy as they are confused: the virus has been identified as WannaCrypt, but the government's been told it infected both Linux and Windows-based cameras; there was no …

  1. Mephistro
    Happy

    This

    "Even the Linox (sic) system still uses a Windows operating system underneath it.”

    Followed by

    "I'm not a guru in technology,..."

    Gee, thanks for the warning !

    1. Jonski

      That's really strange, because I had been assured that it was turtles all the way down.

      1. Destroy All Monsters Silver badge

        IT is such a cesspool of ignorance and confusion

        But I like the "Linox". Better (R) this thing now.

    2. Adam 52 Silver badge

      Slightly unfair. She *told* the press conference, probably verbally. Whoever wrote down what she said spelled it incorrectly.

      And, FFS, if spelling problems precluded expertise in technology then most people here should be looking for new jobs.

      1. Alister

        @Adam52,

        I don't think it was necessarily the spelling mistake that D.A.M was referring to...

        Claiming that Linux, (or Linox) runs on top of Windows was probably slightly more indicative of ignorance and confusion...

        1. Vic

          Claiming that Linux, (or Linox) runs on top of Windows was probably slightly more indicative of ignorance and confusion...

          Not necessarily.

          It's how I'm running two instances of Linux here at work...

          Vic.

          1. CrazyOldCatMan Silver badge

            It's how I'm running two instances of Linux here at work...

            Indeed. It's (however), very unlikely that end-user devices like speed cameras are running under hyper-v (or QEMU on cygwin on Windows).

          2. Alister

            @Vic,

            Yes, but that's your choice, not a requirement. and as CrazyOldCatMan says it would be highly unusual to run Linux on top of a Windows hypervisor on any piece of equipment like a speed camera.

            Besides, if you consider how she phrased it, it would seem to suggest she believes that the Windows operating system is an integral part of Linux:

            Even the Linox (sic) system still uses a Windows operating system underneath it.

            1. Wensleydale Cheese

              "Even the Linox (sic) system still uses a Windows operating system underneath it."

              An educated guess might be that that is true in someone's office environment, and they extrapolated that to all instances of Linux.

    3. Jason Bloomberg Silver badge

      Gee, thanks for the warning !

      I don't think that's entirely fair on Neville. It looks like she is simply calling it how it is. Saying that's the bullshit excuse she's being fed, it doesn't fit with what else she had been told, but what would she know, she's no expert.

      I actual prefer my politicians to say "fuck knows" when they don't. Far better than making it up as they go along.

    4. Anonymous Coward
      Anonymous Coward

      To be fair, she may of just got it mixed up.

      A Linux subsystem, with a Windows VM running on top. I know a few black box devices that do this.

  2. John Smith 19 Gold badge
    WTF?

    U 1F4A9

    1 stick, 2 major suppliers.

    Smells like they both sub contracted to some one-man-band outfit to do the legwork.

    Said OMB is clueless on security.

    And it seems the state has zero idea about what's inside their speed cameras, which is actually fair enough if you just issue a performance spec, but if you spec what OS it runs to allow them to be supported it's pretty lame.

    1. Mephistro

      Re: U 1F4A9

      It could also be that a miscreant opened the camera boxes and injected the malware himself. Public utilities boxes and similar are usually easy to open. And the hacker could have used different malware on each kind of OS.

      1. John Smith 19 Gold badge
        Unhappy

        "Public utilities boxes and similar are usually easy to open. "

        I'd heard this but I'm not so sure it's true these days with assorted security theatre,

        Also the speed cams I've seem seem to be pretty heavily boxed. The flash of one going off can be like the proverbial Red rag to a bull, leading to attacks with tree branches, crow bars and even welding torches.

        1. H in The Hague

          Re: "Public utilities boxes and similar are usually easy to open. "

          "The flash of one going off can be like the proverbial Red rag to a bull, "

          Which is one of the reason why (at least in NL) they now use infrared. Also stops people pointlessly slamming the brakes on _after_ they've been flashed and possibly causing an accident.

        2. Anonymous Coward
          Anonymous Coward

          Re: "Public utilities boxes and similar are usually easy to open. "

          Where I used to live a pissed-off farmer pulled the pole down with his tractor

          1. Anonymous Coward
            Anonymous Coward

            Re: "Public utilities boxes and similar are usually easy to open. "

            Why was his tractor doing 70?!

        3. Anonymous Coward
          Anonymous Coward

          Re: "Public utilities boxes and similar are usually easy to open. "

          Also the speed cams I've seem seem to be pretty heavily boxed. The flash of one going off can be like the proverbial Red rag to a bull, leading to attacks with tree branches, crow bars and even welding torches.

          Locally there was a memorable incident involving an angle grinder. I don't think they ended up getting the guy who made off with the camera. For some strange reason Nobody noticed.

          :-)

    2. Youngone Silver badge

      Re: U 1F4A9

      @ John Smith 19

      I can't speak for Australia, because I don't live there, but where I live the courts have ruled several times against the State when people have challenged these sorts of fines.

      Basically, if the cameras have been messed about with in a manner not recommended by the manufacturer, then any fines issued become liable to be appealed.

      1. Anonymous Coward
        Anonymous Coward

        Re: U 1F4A9

        > but where I live the courts have ruled several times against the State

        My supposition(*) was that it was the Irish police. After somehow issuing around a million more summons for drunk driving than they'd actually tested for, I guess anything that called into question the whole tech aspect ("I was driving on win doze, not a lunatix, ossifer") might help shift the spotlight. Cheaper and easier to bribe an IT guy in Oz than fit up the local subcontractors for some alleged pedicure peccadillo. It's all super-fecked.

        *totally not libellously construable, constable.

      2. Adam 52 Silver badge

        Re: U 1F4A9

        "Basically, if the cameras have been messed about with in a manner not recommended by the manufacturer"

        In England and Wales speed cameras are supposed to be Home Office approved and independently tested. If the manufacturer can mess with them at will then that nullifies the testing process.

        There's a list of the approved devices here - https://www.gov.uk/government/publications/home-office-approved-speed-detection-devices-march-2007

        1. Doctor Syntax Silver badge

          Re: U 1F4A9

          "If the manufacturer can mess with them at will then that nullifies the testing process."

          If anyone can mess with them at will it nullifies the testing.

          And I sometimes wonder if they're always installed/used in accordance with the manufacturers instructions.

    3. Doctor Syntax Silver badge

      Re: U 1F4A9

      "And it seems the state has zero idea about what's inside their speed cameras"

      If they haven't there seem to be good opportunities for challenging the ticket. If you know so little about them they'd have a problem withstanding cross-examination to prove they're working correctly.

      1. Updraft102

        Re: U 1F4A9

        In the US, the speed cameras are not usually (if ever) owned by the police or any government agency. They are owned by the ticket camera company, and operated by them as well. The police aren't really involved in the process... the ticket companies like to claim that police review all of the pictures before citations are issued (by the ticket company, as always), but there are, shall we say, questions over whether that really happens.

        It all depends on state laws, but in states where the ticketing officer plays the role of the prosecutor, that role is taken on by an employee of the ticket camera company (who has, of course, no official authority or power of any kind). If there is an actual prosecutor, the ticket camera representative plays the prosecution witness.

        You can bet the ticket camera company representative knows enough about how the stuff works to satisfy the court. It's their job to do that in that gray area where the ticket industry lives, where they like to pretend that traffic infractions (i.e. a person allegedly violating vehicle code, otherwise known as "the law") are civil and not criminal offenses, allowing the state to make up whatever rules they want in order to limit motorists' ability to prevent them from cashing in.

        If it really is a civil offense to drive at 60 mph on a road signed 45, the state should have to prove how the motorist driving that speed on that day and in that time and place cost the state the amount they're requesting, and that they need the motorist to pay up to make them whole again.

        If it's as simple as "the law says 45, and you exceeded it, and it says that if you do that, there's a penalty of $100," then that's not really civil... it's clearly statutory, unless you want to do away with the protections for the accused that exist within the criminal code. So now we have an entire industry built around treating minor offenders as a cash cow to be milked, and the existence of ticket camera companies (and the way the whole system is set up) is just one sign of that.

        1. Uncle Slacky Silver badge
          Thumb Up

          Re: U 1F4A9

          > So now we have an entire industry built around treating minor offenders as a cash cow to be milked, and the existence of ticket camera companies (and the way the whole system is set up) is just one sign of that.

          This must be an example of that wonderful free market innovation leftpondians are so proud of.

  3. Nick Stallman

    Typo

    "WannaCrypt blamed for speed camera re-boot frenzy, despite lack of ransom debands"

    No debands eh? :P

  4. sanmigueelbeer
    Thumb Down

    No internet, huh?

    because the devices lacked any Internet connection

    And how do the camera efficiently upload the images they've captured to the server without access to the internet? Those things have a 3G/4G modem inside.

    1. Kevin Johnston

      Re: No internet, huh?

      Colour me a N00b but how would a modem to upload the images to a Police server equal an internet connection?

    2. Nick Ryan Silver badge

      Re: No internet, huh?

      One would hope that the 3G/4G modem inside was connected to a private internet, not the public Internet. Most mobile providers are, or should be, capable of providing such network connectivity. As a result, malware shouldn't be able to connect to anything that it may require, particularly as most malware instances are delivery platforms for the real payload.

    3. Hans Neeson-Bumpsadese Silver badge

      Re: No internet, huh?

      Quite a lot of cameras here (UK) still have film. There's one down the road from the office, and on my commute I quite often see a guy changing the film canister over.

      1. Wiltshire

        Re: No internet, huh?

        I thought it was replacing the Lucas wiring smoke canister?

      2. Alan Brown Silver badge

        Re: No internet, huh?

        "Quite a lot of cameras here (UK) still have film. "

        And given that it's been demonstrated how useless the "antitamper" provisions on the digital ones are, it's likely to stay that way.

    4. CrazyOldCatMan Silver badge

      Re: No internet, huh?

      And how do the camera efficiently upload the images they've captured to the server without access to the internet?

      Private APN (which is effectively a private circuit).

      Now it could be argued that a private APN == some sort of internet but I wouldn't equate them - any more than a private PTP circuit that goes via a single carrier is 'internet'.

  5. MJI Silver badge

    What is wrong with JCBs or old tyres

    They seem to work very well.

    I know of one used for high speed testing which was eventually removed by a farmer.

  6. Kiwi
    Boffin

    Evidence

    He said “there has been no evidence” that the infected cameras were issuing incorrect fines.

    Speed cameras are an evidential device which, at least in NZ and I assume everywhere else, have a requirement to be certified so that it can be certain that they're pinging people who are infringing and not pinging those who are not infringing.

    Part of the certification process must involve the software (including OS) of the device. If the OS messes up the calculations used to determine speed...

    If any unauthorized and/or untested software finds its way onto a camera, that's the end of its certification.

    Anyone tickted by a suspect camera (ie area and timeframe) who has the ticket re-issued should challenge it on the basis that the camera was no longer compliant with its last inspection and certification, and therefore should not have been in use until properly tested and verified.

    HTH someone.

  7. handleoclast
    Coat

    Lisa could be right

    It's barely possible that a speed camera would run a Linux guest on a Windows host. Doesn't make much technical sense to me, but maybe it could be used to justify a higher price.

    More likely she was talking out of her arse. Or possibly a mouth guest running on an arse host.

    1. Anonymous Coward
      Anonymous Coward

      Re: Lisa could be right

      Ms Neville should get in touch with Amber Rudd. I'm sure they'd get on like... well, let's avoid the obvious but insensitively-timed simile and just say they'd have a lot in common.

  8. Anonymous Coward
    Anonymous Coward

    Some friends of mine when they broke down on an A road just before a speed camera decided to have some fun. They went and stood in front of the camera waving whilst the cars sped by and had a fantastic time waiting for the AA to arrive. They were then thrilled when subsequently watching Top Gear and saw the boys doing exactly the same thing.

  9. JimboSmith Silver badge

    A good mate of mine who was racing to the birth of his new son was snapped by a speed camera doing 77mph along the local dual carriageway. He received a fixed penalty notice in the post and was horrified that he didn't get a copy of the photo. He wrote back saying he was happy to pay and admitted he'd done it with the reason.

    He also asked for a copy of the picture:

    i) As a memory of the day his first child was born,

    ii) To prove that his ancient Mini Cooper was actually still capable of doing 77mph.

    1. Anonymous Coward
      Anonymous Coward

      Guilty until proven innocent

      At least two organisations run things this way, OFSTED and Speed Camera Enforcement.

      With the former, you are guilty even if there is no evidence, with the latter, you can only have the evidence AFTER you have been proven guilty.

      Anon, because I was targeted by OFSTED; who stalked me for 12 weeks before having me arrested and my house stripped, based on a claim the Police had thrown out THREE times, as the woman was a serial accuser.

      Actually, I should add, not only did I not do it, I was in Hospital at the time I was supposed to have been committing a 4 hour long attack.

      1. Alan Brown Silver badge

        Re: Guilty until proven innocent

        "Actually, I should add, not only did I not do it, I was in Hospital at the time I was supposed to have been committing a 4 hour long attack."

        if you can prove that I'd imagine you have a pretty good case to extract a 6+ figure settlement out of them.

    2. Anonymous Coward
      Anonymous Coward

      he may want to pop along to Z-cars.

      Ever seen a classic mini leaving a Porche for dust? Great fun.

      Their website is a bit "under-construction" though

    3. roytrubshaw
      Pint

      "He received a fixed penalty notice in the post and was horrified that he didn't get a copy of the photo."

      It used to be asking for the evidence (after a suitable delay) was a good way to get the charge dismissed as the police were apt to dispose of the photographs before the 6 weeks had elapsed.

      (Though now I think more critically about this, it's probably an urban legend. Sigh!)

  10. Anonymous Coward
    Anonymous Coward

    "With the former, you are guilty even if there is no evidence, with the latter, you can only have the evidence AFTER you have been proven guilty."

    No, you can ask for the photo before you agree to pay. You just risk going to court. If you know it wasn't you, then you have nothing to lose.

  11. vistisen

    Ransomware hits speed cameras, Presumably you have to pay to NOT get your files back.

  12. JJKing
    Black Helicopters

    Revenue cameras

    A senior idiot plod stated that fines would be withdrawn if there was any doubt because the public need to have 100% confidence in the system. Who is that fuckwit fooling? The public don't have any confidence in the revenue collection cameras. I remember a young woman was ticketed for driving her clapped out Datsun 120Y at a 147kph. This was disputed and the poor woman was denied justice because the cameras were never wrong. A local TV station got involved and had a professional race driver take the car round a track and he stopped at 120kph because it was too dangerous even at that speed. Still too more prodding to have the ticket withdrawn.

    Another camera was complained about for EIGHTEEN MONTHS before it was checked and found to be faulty. Oh yeah, a YUUUUGE amount of lack of confidence in a faulty and corrupt system.

    If memory serves me right, last year in Victoria, the "safety cameras" collect $500,000,000 for the governments consolidated fund. Safety my arse.

    Read a traffic article where half the cameras in the UK were decommissioned and the number of road deaths actually dropped. The same article said the speed limit was increased in Italy and again road deaths decreased. Guess the cameras ain't as safe as the plods and pollies purport.

    1. -tim

      Re: Revenue cameras

      The congestion related accidents in Victoria are going up faster than new car technology and trauma response are saving lives.

      If you study traffic engineering in Australia, you must go to a university that is sponsored by Redflex and you must toe their line. I figure that is only resulting in about 20 to 40 deaths a year in Victoria.

  13. gargoyle

    WINE is the culprit!

    My guess would be that the software runs only on Windows and so, in order to make it run on Linux boxen, they've put a Wine run-time on there. Wine would also host Wannacry and any files that were writeable by the Wine user could be encrypted, even outside the Wine C: drive. If Wine is running with high enough privileges that could cause the system to crash and reboot, or perhaps it's just the software that is crashing and restarting.

    Just adding to the confusion. :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like