A Police Department in Dallas Lost Years of Evidence After a Cyberattack

They refused to pay the ransom of bitcoin worth $4,000.

Konkov Sergei/Zuma

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

In early January, Collin Beggs, a criminal defense lawyer in Dallas, was talking with a Dallas County prosecutor about police video evidence that he’d been trying to get for months on behalf of one of his clients. The prosecutor explained that he wouldn’t be receiving the video evidence he needed as part of a case involving the Cockrell Hill Police Department, which serves a town of about 4,300 people near Dallas. The reason? “They got hacked by Russians,” Beggs tells Mother Jones, “and they held them up for ransom and took all their stuff. They didn’t pay to get it back, so they lost all their videos.'”

“My mouth kind of hung open for a split second,” Beggs says, and then he told the prosecutor, “You want me to go back to my guy and tell him to plead to 10 years in prison and tell his momma that? And the response to why we don’t have any more evidence is Russian hackers? I can’t do that.”

“Russian hackers” have become part of the national conversation as a result of their alleged attempts to swing the presidential election, but cybercrime is as old as the internet and law enforcement agencies and other public institutions have not been spared. The Cockrell Hill Police Department is just the latest police department to fall victim to ransomware, an attack in which malicious software is installed on a computer after a link is clicked in an email or an email attachment is opened. Once installed, the software encrypts as many documents and folders as it can. A page will appear informing the victim that their files are locked, and they can only get them back by paying a certain amount of money. Bitcoin, a web-based currency that allows for more anonymity, is often the preferred currency.

It happened to the Tewksbury, Massachusetts, police department in December 2014; the Midlothian Police Department in suburban Chicago in January 2015; the Dickson County, Tennessee, sheriff’s department in October 2014; and the Durham, New Hampshire, police department in June 2014. A ransomware attack hit the San Francisco Metropolitan Transit Agency in November 2016 demanding roughly $73,000. A security researcher found that the attacker had “successfully extorted at least $140,000” from other organizations, including private companies, according to journalist Brian Krebs, a computer security reporter. Hospitals are perhaps the most frequent victims of ransomware attacks due to the value of medical information, according to some estimates.

Officials from the Cockrell Hill Police Department did not respond to requests for comment, but a statement issued by the department on January 25 reported that a server containing documents, videos, and photos dating back to 2009 was hit by “OSIRIS,” a ransomware variant, on December 12. The attackers wanted roughly $4,000 worth of bitcoin to unlock the files. After consulting the FBI and the department’s IT staff, and taking into account the possibility that the files might not be unlocked even if the $4,000 were paid, the decision was made to wipe the server and delete all its contents.

The police department claimed that they still had paper copies of all the documents on the server and physical copies of much of the video. But in a letter sent to the county prosecutor, the department said “all bodycam video, some photos, some in-car video, and some police department surveillance video were lost.” The department tried to recover as much as possible but said that “if requests are made for said material and it has been lost, there is no chance of recovery or producing the material.”

“[This has] been happening increasingly at law enforcement agencies and other government facilities,” says Nick Selby, a police detective in the Dallas area and director of the Secure Ideas Response Team, a computer security services organization. “The reason is that ransomware is sort of like spam…a low-tech approach that capitalizes on human vulnerability.” Selby says the problem is exacerbated in small and medium police departments, where police chiefs are given relatively small budgets with large responsibilities. “Every dollar spent on [security training and software security programs] is a dollar you didn’t spend on a cop in the street or a new Tahoe or a new jail.”

These attacks are not necessarily deliberately targeting police departments, Selby and others note. Instead, the computer systems in police departments might be more vulnerable. “These are automated attacks that are seeking victims to click on something on underprotected networks to propagate,” Selby says.

Mike Geraghty, director of the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), agrees. There’s a difference between phishing, he says, “where you just cast your line into the ocean and hope to catch a fish,” or spear phishing, “where you’ve got a target in mind and you’re going after a target for a particular reason.” It’s hard to know how widely these online scammers cast their net, but “they may have sent out 100,000 emails and they caught that one fish.”

“If you look at what ransomware is about, it’s about extorting money by any means,” he says. “Maybe the police department is not the one that an extortionist would really go after. There are other low-hanging fruit.”

Geraghty, whose organization is a division of the New Jersey Office of Homeland Security and Preparedness, says police departments may not be specifically targeted, but the loss of evidence is a major problem. Any break in the chain of evidence is going to cast doubt on the integrity of whatever remaining evidence may be introduced in court.

Cockrell Hill Police Chief Stephen Barlag told a local television station that no “critical information” was lost, but that’s not going to help Beggs’ clients. Beggs is still working out what to do in one of the cases. But in others—for example, the one in which a dashboard camera video was taken when his client was allegedly driving under the influence—the lack of evidence may work to his client’s advantage.

“Which side of that jail cell door you’re on makes a huge difference. We might have been able to prove that they didn’t have the right to pull you over, the right to stop you…or yes, this police officer did use excessive force,” he says. “It’s already a completely unlevel playing field to begin with,” but an event like this “makes it even harder.”


Mother Jones was founded as a nonprofit in 1976 because we knew corporations and billionaires wouldn't fund the type of hard-hitting journalism we set out to do.

Today, reader support makes up about two-thirds of our budget, allows us to dig deep on stories that matter, and lets us keep our reporting free for everyone. If you value what you get from Mother Jones, please join us with a tax-deductible donation today so we can keep on doing the type of journalism 2024 demands.

payment methods


Today, reader support makes up about two-thirds of our budget, allows us to dig deep on stories that matter, and lets us keep our reporting free for everyone. If you value what you get from Mother Jones, please join us with a tax-deductible donation today so we can keep on doing the type of journalism 2024 demands.

payment methods

We Recommend


Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.


Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.