NYPD tech vendor accidentally slipped malware into computer system
/By David Brand
A tech worker servicing computers at the NYPD Academy in College Point mistakenly introduced malware into the department’s computer network at some point last year, a police source familiar with the bug told the Eagle.
The malware affected 23 machines, including about 12 of the NYPD’s roughly 200 LiveScan machines, which scans fingerprints and checks records electronically, an NYPD spokesperson confirmed by email. After the malware was identified, the NYPD shut down all LiveScan machines, the NYPD said.
The malicious software was transferred to the computer system when the vendor plugged in a small Intel microprocessor — Intel NUC — into a machine.
“The vendor was interviewed and it was determined this was not a targeted attack,” the NYPD told the Eagle in an email.
“This malware never executed, never destroyed any data or rendered any machines inoperable,” the NYPD added. “The malware was immediately detected by our Information Security Team. It was also quickly determined that the encryption routine of the malware was failing to execute.”
An NYPD source, speaking on condition of anonymity, said the FBI began an investigation to determine how the malware got into the IBM device.