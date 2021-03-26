City Hall

On Friday, March 19, the global cyber attack that has affected thousands of Microsoft Exchange users also knocked out some City of Stoughton services.

The shutdown ultimately affected services such as email addresses, phones, software and internet, preventing residents from contacting staff, and vice versa.The services are still down as of Friday, March 26.

The Stoughton Public Library had its main line shut down and emails to city addresses were sent back as undeliverable. Mayor Tim Swadley said the hack impacted 100 or so full-time city employees who had either an email address or a phone, and interrupted operations for nearly every department.

Swadley said the IT department shut down the systems before the hackers could breach any information, including anything sensitive, personal or financial. Swadley said the IT department has security protections installed, and frequently gets notifications on potential hacks.

“When (IT director John Montgomery) got to the point where he understood the severity and the potential of this one, he just shut it down, which was the right thing to do,” Swadley said.

James Hewitt, a cyber security consultant who lives in Stoughton but is not affiliated with the city’s efforts to bring its services online, said it is important to let an investigation play out before revealing exactly how the hackers infiltrated.

He said if there was a breach of information, however, the city is required by law to notify people about that breach.

Hewitt has not studied the hack that occurred in the city specifically, so he can’t speak directly about it but he said there are two main ways hackers infiltrate.

“Ninety-five percent of all cyber security attacks on companies and hackers taking over systems and ransomware happen because of phishing emails,” he said.

Phishing is a type of online scam that targets systems by sending a user an unthreatening email. Unless the computer has an anti-malware software, once the user opens the email, the hacker is able to infiltrate their personal computer, and then gain access to their network server and spread from there.

Hewitt said that malware infections happen every minute of every day.

“Government particularly is vulnerable because a lot of smaller government agencies don't have the training in place for security professionals to come in and show them how to recognize potentially malicious emails,” he said.

He said the other way for hackers to gain access to servers is for system security updates, or patches, to go be ignored.

“Whether you're running Microsoft Windows or Linux or any Mac OS, it's all vulnerable if it's not kept up to date with the latest patches,” Hewitt said.

The city is still investigating how the hack happened, Swadley said. But they are implementing safeguards to prevent future attacks like degrouping department communications, so they are not all dependent on the same servers.

The city is rebuilding their software program and systems similar to when you buy a new computer and it is at network settings, Swadley said.

The city hopes to have systems operating normally again on Monday, March 29.

A national problem

The Microsoft Exchange hack was discovered in early January and was attributed to Chinese cyberspies targeting U.S. policy think tanks, an March 22 Politico article states. Then in late February, five days before Microsoft Corp. issued a security update, there was an explosion of infiltrations by other intruders, piggybacking on the initial breach.

In 2019, more than 40 cyber attacks occurred on cities throughout the United States, the New York Times reported in an August 22, 2019 article. Business Inside reported more than 104 cities that fell victim.

Victims included major cities such as Baltimore, Albany and Laredo, Texas, to smaller towns including Lake City, Florida.

Lake City paid a ransom demand — about $460,000 in Bitcoin, a cryptocurrency — because it thought reconstructing its systems would be even more costly, the article states.

There are three main purposes for hacking: criminal, script kiddies and nation state, Hewitt said.

Script kiddies are usually inexperienced hackers who are doing it for the thrill, and nation state hacks usually affect bigger companies and governments, he said. An example of a nation state hack is the Solarwinds software hack which Reuters first reported in December 2020. That hack affected the hundreds of thousands of companies that used Solarwinds for computer management.

The ransomware or criminal hacker looking for money is most common, said James Hewitt, a Stoughton cyber security consultant. They start by harvesting a large quantity of email addresses and sending out malware which then locks up their systems and encrypts them so they can’t be used.

“Then they would send you a little notice saying you've got 24 hours to pay me $300, or I'm gonna delete all your files,” Hewitt said. “That used to be what ransomware was when it started, now they're focusing more on governments and like healthcare and energy -- any kind of big company that can afford to pay $10,000 or $20,000, $50,000 to unlock all their systems. Well, now it's been up in the millions.”

Library impact

During peak times, Stoughton Public Library staff might receive several calls in the span of a minute from patrons wanting to pick up their library holds, library director Jim Ramsey wrote to the Hub in an email.

So when the library phones went down on Friday, staff were scrambling.

Fortunately, city director of technology John Montgomery recognized the issue and worked with Hansen Electronics to come up with a solution early Monday, four days after the cyber attack occurred, Ramsey said. Unlike most other city services, which remain shut down.

The solution involved rerouting the main number to a cell phone so the library’s line was restored quicker than some other city services.

The cyber attack did not affect the library's internet or computers, Ramsey added, as they are on a separate network administered by the South Central Library System.

