UPDATE 3pm: Victoria Police has taken the extraordinary step of immediately cancelling all fines issued by speed and red-light cameras hit by a computer virus.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
Acting Deputy Commissioner Ross Guenther made the announcement on Friday afternoon.
About 55 cameras were affected by the the WannaCry ransomware virus between June 6 and June 22.
The cameras, most of them in inner-city Melbourne, issued 590 speed and red-light fines during that time.
Mr Guenther said drivers would soon receive letters noting that those fines had been cancelled.
Despite the cancellation, Mr Guenther said he had confidence the cameras had been correctly issuing fines.
He decided to cancel the fines in the interest of community confidence in the camera system, he said.
"I cancelled the fines because I think it's important the pubic has 100 per cent confidence in the system," Mr Guenther said.
"My advice is during the period the cameras were operating correctly and were not impacted by the virus. I'm confident in the advice I've been given that the fines would stand."
Cybersecurity experts have serious doubts about that claim.
Dr Vanessa Teague, a cybersecurity expert from the University of Melbourne, said given the ransomware had only just been detected it was almost impossible for camera-system operator RedFlex to be fully confident in their technology.
She said the ransomware only affected old computer software that had not been recently patched. Microsoft released a patch for Windows machines to stop the virus in March.
"This indicates that we need to invest in just some basic infrastructure for cybersecurity. Basic things, like running updated and patched operating system. It's the very most basic thing that you need to do."
Security researcher Matthieu Suiche said the virus was designed to encrypt files on infected machines.
He said it was very unlikely, given the damage to organisations such as Honda and Britain's National Health Service, the security cameras would have come through unscathed as claimed.
Typically ransomware spreads by people unwittingly opening emails, clicking on unsafe links or opening attached documents infected with a malware.
But the WannaCry developers have taken advantage of an old Windows exploit (a hole in the code) that meant they could remotely access computers and install their encryptor, allowing the virus to attack networks across the world.
Britain's National Health Service had to turn away patients after WannaCry locked up hospital computers, forcing the closure of wards and emergency rooms.
A Honda car plant in Japan was also hit by the virus, forcing it to shut down.
The virus typically locks up infected computers and demands a ransom – payable in Bitcoin – to unlock them.
But Mr Guenther said it was his understanding that no ransom demands had been made.
Liam Mannix – The Age
EARLIER: Central Victorian sites are among the 55 speed and red-light cameras to have been hit by a computer virus.
The red-light camera in Ironbark and two cameras on the Midland Highway in Bagshot were infected by the "WannaCry" virus.
The Department of Justice and Regulation confirmed yesterday the virus had hit private camera operator RedFlex, which operates most cameras in the state.
It follows the WannaCry ransomware attack in May - believed to be the world's biggest online extortion attempt - which struck more than 100,000 organisations in 150 countries, including British hospitals, German rail operators and Chinese universities.
A Department of Justice and Regulation spokesman said 55 intersection and highway cameras were impacted by the virus which was mistakenly introduced by a contractor.
"There is no evidence that this was the result of a cyber attack," he said. "It occurred as a result of human error."
He said the department was in the process of removing the virus from the affected cameras.
"The remaining sites will be rectified in the next couple of days. A system patch has been applied which prevents the spread of the virus."
Victorian Police Minister Lisa Neville has referred the matter on to the Road Safety Camera Commissioner to investigate.
"If the Road Safety Camera Commissioner's investigation finds that people have been incorrectly fined, in line with normal practices, those fines will be withdrawn," he said.
"While the software virus has impacted 55 camera sites, it has not caused any damage to these sites or the system more broadly. All cameras have been operating correctly and accurately during this period."
- 3AW & Melissa Cunningham, The Age