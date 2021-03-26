On Friday, March 19, the global cyber attack that has affected thousands of Microsoft Exchange users also knocked out some City of Stoughton services.
The shutdown ultimately affected services such as email addresses, phones, software and internet, preventing residents from contacting staff, and vice versa.The services are still down as of Friday, March 26.
The Stoughton Public Library had its main line shut down and emails to city addresses were sent back as undeliverable. Mayor Tim Swadley said the hack impacted 100 or so full-time city employees who had either an email address or a phone, and interrupted operations for nearly every department.
Swadley said the IT department shut down the systems before the hackers could breach any information, including anything sensitive, personal or financial. Swadley said the IT department has security protections installed, and frequently gets notifications on potential hacks.
“When (IT director John Montgomery) got to the point where he understood the severity and the potential of this one, he just shut it down, which was the right thing to do,” Swadley said.
James Hewitt, a cyber security consultant who lives in Stoughton but is not affiliated with the city’s efforts to bring its services online, said it is important to let an investigation play out before revealing exactly how the hackers infiltrated.
He said if there was a breach of information, however, the city is required by law to notify people about that breach.
Hewitt has not studied the hack that occurred in the city specifically, so he can’t speak directly about it but he said there are two main ways hackers infiltrate.
“Ninety-five percent of all cyber security attacks on companies and hackers taking over systems and ransomware happen because of phishing emails,” he said.
Phishing is a type of online scam that targets systems by sending a user an unthreatening email. Unless the computer has an anti-malware software, once the user opens the email, the hacker is able to infiltrate their personal computer, and then gain access to their network server and spread from there.
Hewitt said that malware infections happen every minute of every day.
“Government particularly is vulnerable because a lot of smaller government agencies don't have the training in place for security professionals to come in and show them how to recognize potentially malicious emails,” he said.
He said the other way for hackers to gain access to servers is for system security updates, or patches, to go be ignored.
“Whether you're running Microsoft Windows or Linux or any Mac OS, it's all vulnerable if it's not kept up to date with the latest patches,” Hewitt said.
The city is still investigating how the hack happened, Swadley said. But they are implementing safeguards to prevent future attacks like degrouping department communications, so they are not all dependent on the same servers.
The city is rebuilding their software program and systems similar to when you buy a new computer and it is at network settings, Swadley said.
The city hopes to have systems operating normally again on Monday, March 29.