Riviera Beach, Fla., Works Toward Normalcy Post-Cyberattack

"We have not discussed the details of what's going on," said city spokeswoman Rose Anne Brown. "We feel it's expedient not to do that until we worked our way through this."

by Frank Cerabino, The Palm Beach Post / June 17, 2019
Shutterstock/smolaw

(TNS) — The malware attack that has paralyzed the city government of Riviera Beach may have its roots in international espionage.

On May 29, somebody in the city's police department opened an email that initiated a virus that shut down the city's computer network. Since then, the city has had to function with hand-written documents and pre-Internet communications, as it looks to the purchase of 310 new desktop and 90 laptop computers as the best fix for its computer-bug infestation.

The source of this $1 million cyberattack on Riviera Beach hasn't been disclosed by tight-lipped city officials.

"We have not discussed the details of what's going on," said city spokeswoman Rose Anne Brown. "We feel it's expedient not to do that until we worked our way through this."

What's happening with Riviera Beach isn't an isolated incident. Other American cities have experienced similar system-wide and mysterious cyber attacks during the last two years.

It cost the city of Allentown, Pa., more than $1.2 million to recover from a similar malware attack. The government of San Antonio, Texas, was attacked through a breach in a single computer in the basement of its county jail.

And more recently, the FBI took over the investigation of a cyber attack on the city government of Greenville, North Carolina, that began on April 10. Three weeks later, a cyber attack on Baltimore, Maryland's city government took down its computers and disabled its 911 automatic dispatch system. That attack has already cost that city more than $18 million.

The recent attacks in those cities have been linked to a ransomware virus called "RobinHood."

The attackers in Baltimore posted a bitcoin ransom demand that the city didn't meet. The ransom message, obtained by The Baltimore Sun, was as follows:

"We've (sic) watching you for days and we've worked on your systems to gain full access to your company and bypass all your protections."

"We won't talk more, all we know is MONEY!. Hurry up! Tik Tak, Tik Tak, Tik Tak!"

Brown, the spokeswoman for Riviera Beach, declined to say whether city officials have had any contact with the attackers.

"I can't confirm or deny that there has been a ransom demand," Brown said.

These attacks trace back to a bit of reckless spycraft practiced by the National Security Agency (NSA), a national intelligence agency so secretive that the joke is its initials really stand for No Such Agency.

Years ago, NSA programmers discovered a flaw in Microsoft's operating system, and they developed code that would allow their hackers to shut down any computer using this operating system.

Rather than inform Microsoft of this flaw, which could have been fixed by the company with a simple software update, the NSA decided to secretly exploit the system flaw for its own purposes.

The agency called the hacking code "EternalBlue", which was short for "eternal blue screen", which was what happened when a computer network was infected with the malware.

The NSA had sole use of EternalBlue for a few years, but then a shadowy online organization that calls itself "The Shadow Brokers" disclosed in 2017 what the NSA had done, and published online the hacking code for EternalBlue for anyone to see and use.

Microsoft issued software patches to close the exploit, but computers that continued to operate on the older, non-updated systems were still vulnerable.

Shortly after the public disclosure of EternalBlue, North Korea used the code to launch a worldwide cyber attack, which became known as WannaCry. It infected about 200,000 computers in 150 countries.

It temporarily crippled the National Health Service hospital computers in Great Britain, brought a temporary stop to European auto manufacturers assembly lines, and temporarily disabled state governments in India, Russian railways, and the Saudi Telecom Company.

The next EternalBlue attack was launched from Russia. And although it was aimed at Ukraine, the attack, which became known as NotPetya, spread globally. Among its victims was FedEx, with more than $400 million in costs, and the giant pharmaceutical company, Merck, with an estimated $670 million in costs.

This year's RobinHood attacks are the latest iteration of the EternalBlue breach, The New York Times reported.

Cybersecurity expert Thomas Rid told the newspaper that NSA's role in these breeches ought to be examined.

"The government has refused to take responsibility, or even to answer the most basic questions," Rid told The New York Times. "Congressional oversight appears to be failing. The American people deserve an answer."

Others have defended the NSA and focused the blame on local governments that haven't taken the available safeguards to protect their data systems against breaches such as EternalBlue.

"Focusing on a single exploit, especially one that has a solution through a patch that was issued years ago, is really shortsighted," the NSA's top policy adviser Rob Joyce said at a cybersecurity conference last month. "Vulnerabilities will continue to be found. Doing the basics is required for responsible network administration."

©2019 The Palm Beach Post (West Palm Beach, Fla.). Distributed by Tribune Content Agency, LLC.

 

Platforms & Programs