Suffolk Closeup: County attacked in cyber space
Suffolk County government’s computer network was struck on Sept. 8 by a massive cyber attack, and last week — three weeks later and hoping it was over — the county began what a spokesperson termed a “rolling restoration” of computer operations.
The County government’s websites, email and other online systems were taken offline immediately after the cyber attack. Still, last week, most county computers remained shut.
“Anything we have done has had to be manual,” County Comptroller John M. Kennedy, Jr. told me last week.
Suffolk government has had to go back to using paper.
Its Information Technology division is involved in dealing with the cyber attack and the FBI has joined in.
Meanwhile, the hackers leaked county documents, including details about businesses that have had contracts with the County and County records containing personal information of people with sensitive information such as their addresses and dates of birth.
County government advised residents to periodically check their credit reports from one of the national credit reporting companies and look for “suspicious” activity.
The hackers have been threatening to leak more if Suffolk County government did not pay an amount of money that has not been publicly disclosed.
The website DataBreaches.net, which publishes information about data breaches — under its title is the line “The Office of Inadequate Security” — has been providing details about Suffolk government hacking.
One dispatch from DataBreaches.net, dated Sept. 16, was titled “NY: Suffolk County struggles to recover from BlackCat ransomware attack.” It stated: “Suffolk County on Long Island joined the ranks of those hit by a ransomware attack, and the results and impact are not surprising. One headline on Sept. 13 said it all: ‘County IT systems crippled, with websites, email down, five days after discovery of cyber attack.’” (That headline was on the website RiverheadLocal.)
DataBreaches.net continued that “County officials were working to send out paper checks to pay county vendors” and “nonprofits contracted to perform social services were a high priority for payment.”
“Then a ransomware team stepped out of the shadows to claim responsibility for the attack,” said DataBreaches.net. “Variously called ALPHV or ‘BlackCat,’ they issued a post on their dark web leak site.”
The ALPHV or BlackCat post, according to DataBreaches.net, was: “The Suffolk County Government was attacked. Along with the government network, the networks of several contractors were encrypted as well. Due to the fact that Suffolk County Government and the aforementioned companies are not communicating with us, we are publishing sample documents extracted from the government and contractor network.”
“The total volume of extracted files exceeds 4TB,” it said. TB in computer terms stands for terabyte. “A terabyte (TB) is a unit of digital data that is equal to about 1 trillion bytes,” explains the website Techtarget.com.
The post from the hackers went on: “Extracted files include Suffolk County Court records, Sheriff’s Office records, contracts with the State of New York and other personal data of Suffolk County citizens. We also have huge databases of Suffolk County citizens extracted from the clerk.county.suf. domain in the County administration.”
“The post,” added DataBreach.net, “was accompanied by screencaps of various files that appear to have been exfiltrated from county systems.” Some of those files are then displayed in screen shots and thus are now accessible online.
The Suffolk County Police Department called upon the New York City Police Department for help and it sent 10 operators to assist the Suffolk department’s Communications Section.
“While operations have continued, our emergency call operators had been operating around the clock and unfortunately had to go back to our old system where call details were recorded by hand,” said Suffolk Police Commissioner Rodney Harrison.
The county’s Traffic Agency has been unable to process outstanding tickets. Civil service exams were postponed. And this was just part of the cyberspace mess being faced.
