A lead agent jumped off his exercise treadmill and charged toward the command centre where police monitored the camera feeds day and night.

Instead of streaming videos, the computer screens displayed a message in red capital letters: “YOUR DOCUMENTS, PHOTOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!”

Anonymous hackers demanded $US60,800 (currently $89,000) in bitcoin to return control of the surveillance system.

In a Bucharest apartment 8000km east, Alexandru Isvanca called Eveline Cismaru to his computer. The screen showed live footage from Washington.

The 20-something couple with a history of small-time scams had inadvertently hacked the world’s most powerful nation for a five-figure ransom at a time of high anxiety over national security on Inauguration Day.

The Romanians had launched hundreds of thousands of emails embedded with ransomware in an attachment disguised as an invoice, authorities said.

The list of email addresses they bought included, by chance, the Washington, DC, police department. A recipient there apparently took the bait, opening the attachment that locked up the street-camera system. Only a payment could produce the key.

Secret Service agents debated whether the Kremlin was involved. The hackers had used Russian software. Or, maybe anti-Trump protesters were trying to sabotage the inauguration.

With the clock ticking down for an outdoor event expected to draw hundreds of thousands of spectators, US law-enforcement officials had two goals: regain control of the surveillance system and track down the culprits.

Secret Service agents swarmed Washington, taking offline the many internet-connected elevators, fire alarms and thermostats along the planned presidential route to prevent further sabotage.

For years, Mr Isvanca and Ms Cismaru shared a sometimes-playful, sometimes-stormy partnership, supporting themselves at various times through identity-theft, credit-card fraud and ransomware attacks, according to friends, as well as US and Romanian authorities.

Their latest gambit, authorities said, was the ransomware virus, which redirected the Washington video feed to their Bucharest apartment. For the couple, it seemed an unexpected stroke of good fortune.

This article about the pursuit of the hackers is based on sworn testimony, court documents, social media posts, and interviews with US and European investigators, family members, neighbours, landlords and friends of Mr Isvanca and Ms Cismaru.

When asked for comment on the case, Michael D’Ambrosio, assistant director of the Secret Service Office of Investigations, said only that it illustrated how “physical systems that are dependent upon networked infrastructure are especially vulnerable”.

The couple has, over time, given conflicting and contradictory accounts. Mr Isvanca at first admitted the hacking to the Secret Service, a court filing said. He later told The Wall Street Journal that the Washington police department was not an intended target. Later, he said he had not participated at all.

Ms Cismaru initially denied her involvement to Secret Service agents. Later, as part of a 2018 plea agreement, she acknowledged her role in the scheme.

Ms Cismaru sent a message to the Journal in June asking, “How much are you willing to pay for this interview?” (The Journal doesn’t pay for interviews.) In August, she denied having anything to do with the computer hijacking. Communicating to the Journal by text and Facebook messages, Ms Cismaru said, “I don’t know who wrote” and signed the court document in her name.

Ms Cismaru said breaking into the US capital’s video surveillance system was easy. “Americans are stupid,” Ms Cismaru said in a text.

In fact, the couple brought about their own downfall.

Card capers Mr Isvanca and Ms Cismaru, known to friends as Bobo and Eve, met in 2010. She was 21 years old. Mr Isvanca, 18 at the time, supported himself “through computer crimes and credit card fraud”, Ms. Cismaru said in a court statement. Mr Isvanca told the Journal she had lied about him in court and denied the allegations. His lawyer said she would not comment on the case.

Within a year of their meeting, Ms Cismaru learned to acquire and use stolen credit cards to buy items online, according to Romanian prosecutors.

The couple kept to relatively low-risk capers using black-market software, email lists and stolen credit-card numbers, small fish in an ocean of fraud.

In the US, fraud involving debit and credit-card payments in 2016 neared $US7.5bn, 60 per cent of it from online fraud, according to the most recent surveys from the Federal Reserve.

Banks and retailers generally accept those losses, either because they don’t want to risk losing customers by refusing them refunds, or because the cost of pursuing suspects like the Romanian couple is too high. Consumers, at some point, end up paying higher prices to cover the losses.

In 2012, Ms Cismaru was convicted in Romania of participating in credit-card fraud, according to court files.

The judge issued Ms. Cismaru a suspended three-year prison sentence. The court required that she check in every three months with police, appointments she frequently missed, Romanian officials said.

By then, Ms Cismaru had a wealthy boyfriend, her parents said in an interview, and she moved into his upscale London home in 2012. She brought Mr Isvanca, her cousin and his girlfriend, and another friend to live there, as well.

At the London house, she and her entourage shared hacking tips and drunken, playful evenings, according to videos and pictures she posted on Facebook. Friends said Mr Isvanca and Ms Cismaru had romantic ties.

In early 2013, police raided the house in a cybercrime investigation involving Mr Isvanca, Ms Cismaru’s boyfriend evicted everyone but Ms Cismaru. The couple had a son in 2015.

Ms Cismaru and her boy returned to Bucharest where she rented a spacious apartment in a central-city neighbourhood of new glass-tower condominiums. There, Mr Isvanca and Ms Cismaru worked long days blasting out the ransomware spam to email addresses from a list called USA.txt that was acquired on the dark web, a part of the internet used by cybercriminals.

They used a virus from what authorities suspect was a Russia-based group, which made money by taking a portion of the ransom in exchange for providing a password to unlock seized computers.

Using such plug-and-play ransomware is so foolproof that even bungling criminals can profit, according to cybersecurity experts.

Leaving fingerprints On January 9, 2017, Mr Isvanca ordered food online from Andy’s Pizza in Bucharest. That day, using the same email address, he hacked the Washington street cameras, Ms Cismaru later told prosecutors.

In Washington, ransomware disabled 126 of the 186 computers linked to the cameras, and Secret Service and police began trying to regain control.

Inaugurations are the most intense event on the Secret Service calendar, and 2017 was no exception. Every would-be disrupter would be familiar with the motorcade route that then president Barack Obama and Mr Trump would follow.

US agents rushed to reinstall the operating system in stricken computers, one by one. As they worked, Ms Cismaru posted a picture of herself at her laptop in a Bucharest restaurant: “#13Fridaynostress #workworkwork #feelinghappyandmotivated,” she wrote.

Three days before the inauguration, authorities got the surveillance cameras working.

Mr Isvanca assured Ms Cismaru that they had left no trace. He was wrong. Mr Isvanca used the same email address for both the online pizza order and the hack.

Ms Cismaru also left behind a glaring clue. She was using a fraudulent business account on Amazon to sell items she didn’t own. When she was alerted to an order, she purchased the product from a legitimate seller using a stolen credit card. The item was then shipped to the buyer.

Of the 126 hacked computers, the first one Secret Service agents analysed was the very same one that hackers had used to spread the computer malware. The lucky find not only saved valuable time — the computer screen showed a tracking number for a package headed to the UK. The couple had also used the commandeered computer in the Amazon scheme.

The package contained a hand-held meat barbecuing accessory, called the “Smoking Gun.” The device lets cooks “add a delicious smoky flavour to your food and drinks in just no time”, its producer said.

At the request of US officials, the British National Crime Agency conducted a raid of the package’s destination, a London office.

An officer later called the Secret Service and jokingly said, “I found the smoking gun.” Investigators tracing Ms Cismaru’s online activity discovered she had used a Gmail account with her full name as a backup to accounts created for the credit-card and ransomware schemes. Investigators found one email account with the details of 2170 stolen credit cards, as well as the same USA.txt list detected on the hacked police computer in Washington.

Ms Cismaru said her personal email account was “fraudulently used without my knowledge”, in a statement to the Journal. She blamed the Smoking Gun purchase on others.

In late January 2017, US investigators contacted Europol. By the northern summer, Dutch, British and Europol investigators had joined agents of the Secret Service and Federal Bureau of Investigation to plan the arrest of Mr Isvanca and Ms Cismaru.

The couple “ended up being the mostly unlucky hackers after being the luckiest”, said a Romanian investigator who joined the dragnet.

Dow Jones Newswires

More related stories

The Wall Street Journal

Recession fears prompt big New Zealand rate cut

The Reserve Bank of New Zealand lowered the official cash rate to 4.75 per cent.

Read more

The Wall Street Journal

Explainer: A weakened Iran still has a major deterrent … the nuclear option

With Hezbollah reeling and its missiles failing to do much damage, attention turns to the threat posed by Tehran’s nuclear program. How close is it to a bomb and what can Israel and the US do in response?

Read more