New York County Cyberattack Prompts State CIRT Response

Otsego County and Cyber Incident Response Team officials identified a remote server in a county employee's home as the source of the breach and believe cryptominers are behind the attack.

by Erin Jerome, The Daily Star / October 11, 2018
Shutterstock

(TNS) — A breach of the Otsego County, N.Y., government computer system identified last week has blamed on international hackers using the system's computing power to mine cryptocurrency.

The county website, www.otsegocounty.com, was down over the weekend as the county information technology department, led for 22 years by Brian Pokorny, worked to root out and protect vulnerable areas. The state Cyber Incident Response Team was called in to investigate and assist in cutting off the hackers.

A problem was first detected Sept. 29, when systems were running very slowly, Pokorny said. The CPUs were maxed out and the department contacted its software vendor to adjust some settings. Everything seemed to be running well Monday, until several servers showed alerts of a potential virus.

The CIRT arrived within two hours of being called and were able to successfully shut down the hacker's access after isolating suspicious internet traffic.

A remote desktop server in a county employee's home was identified as the source of the breach. Public-facing servers connected to the county system through the internet at employees' homes remain offline, Pokorny said, and the department is looking at implementing new technologies to put them back online soon.

While the financial system and confidential employee information was vulnerable, “at this point there is no evidence that data was looked at or manipulated,” or that the system was targeted as a government, Pokorny said.

The CIRT is still investigating the hack, but it appears that the hackers wanted to use the county system for its processing power. Pokorny would not comment on whether the hackers were Eastern European and said it was highly unlikely that they would ever be found and prosecuted.

There has been an uptick in cyber attacks ahead of fall elections in the U.S., and the county is in contact with the Federal Bureau of Investigation and state Board of Elections to fortify systems and make sure data can't be tampered with, he said.

“Cryptojacking” attacks are on the rise, as they allow hackers to hijack processing power to calculate complex mathematical problems and generate cryptocurrency.

The county website is back online, save for a piece hosted by a third party that includes Real Property Tax Service information.

Although the county website has been updated in recent years and Pokorny believes it to be solid, “you're never going to be 100 percent bulletproof,” he said. He offered a warning to be aware and vigilant, saying that if the hackers didn't max out the CPUs on Saturday, they could have run undetected on the county systems for years. Some more sophisticated security software will look for unusual behaviors rather than specific malicious files.

The IT department has been working on a new county website that will launch in about six months, Pokorny said. The site is being designed to be more interactive and compliant with the Americans with Disabilities Act.

It should be more secure, Pokorny said, because rather than being hosted internally it will be run by a consultant that specializes in government websites.

©2018 The Daily Star (Oneonta, N.Y.) Distributed by Tribune Content Agency, LLC.