Cyber Incident Victim: Perceptics
Date:
May 2019
Location:
United States of America
Summary
A US border surveillance technology manufacturer specializing in license plate readers suffered a significant cyber intrusion, resulting in the theft and public release of extensive internal data on the dark web. An attacker exfiltrated nearly 65,000 files including sensitive blueprints, financial records, government client documents, HR information, and operational databases, alongside multimedia files suggesting broader system access. The compromised data encompassed proprietary designs, border checkpoint specifications, and potentially sensitive imagery from surveillance systems. The company acknowledged the breach and collaborated with law enforcement during the investigation, while its website experienced temporary disruption. The attacker publicly distributed hundreds of gigabytes of corporate data without evident ransom demands, mirroring previous cybercriminal patterns.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 23, 2019, Tennessee-based Perceptics, a manufacturer of license plate recognition (LPR) systems used extensively by US Customs and Border Protection (CBP) and other government agencies, confirmed a significant cybersecurity breach. An individual using the pseudonym "Boris Bullet-Dodger" contacted *The Register* to disclose the incident, providing evidence of nearly 65,000 exfiltrated files from Perceptics' corporate network. The stolen data, totaling hundreds of gigabytes, included Microsoft Exchange and Access databases, ERP systems, HR records, SQL Server data stores, financial records, business plans, technical blueprints, internal designs, and data sheets. File types ranged from .xlsx spreadsheets labeled with geographic locations and zip codes to .jpg and .mp4 files referencing "driver" and "scene" captures, .docx documents linked to government clients like ICE, and miscellaneous files such as .txt, .asp, .mdb, and .json. The presence of timestamped media files suggested extensive captures of license plate data, while personal files like .mp3 music tracks (including songs by Stevie Wonder and AC/DC) indicated potential compromise of employee workstations.
The attacker publicly released the data on the dark web in multiple .rar archives without demanding payment, mirroring the "Boris" persona’s prior CityComp hack in April 2019 where data was leaked after a refused ransom. Perceptics acknowledged the breach and engaged law enforcement to investigate but declined to disclose specifics about the intrusion vector or remediation steps. The company’s website temporarily redirected to Google.com during the disclosure period but resumed normal operation shortly before *The Register* published its report. Given Perceptics’ role in border security surveillance, toll collection, and commercial vehicle tracking, the breach raised concerns about exposure of sensitive government and citizen data. No evidence indicated operational disruption to border LPR systems, though the theft of proprietary designs and client information posed reputational and contractual risks, particularly following Perceptics’ recent contract award with CBP to upgrade LPRs at 43 border checkpoints.