Lawyers for protesters and the state attorney general’s office wrote in a letter in Manhattan Federal Court that their adversaries in the Law Department seemed in the dark about the scope of the hack now in its fourth day.
“Defense counsel said that due to the disruption of the Law Department’s computer systems — which the Law Department says has shut down their entire computer system, making even the most basic litigation tasks impossible — she could not say when Defendants will begin producing documents. Counsel had no specific information concerning the technical issues in her office, which appear to be caused by a hacker, nor an expected timeline for resolving them,” lawyer Remy Green wrote, recounting a Tuesday phone call with a city attorney.
Green and other lawyers seek a hearing to address the delays and want a technical expert from the city to attend and answer questions about the hack.
Judge Colleen McMahon is overseeing lawsuits, including one filed by state Attorney General Letitia James, alleging the NYPD violated protesters’ civil rights last summer following the police killing of George Floyd in Minneapolis.
“My sense on the call was that they very much do not have it under control and do not know what’s going on,” said Joshua Moskovitz, another attorney on the protest cases.
Meanwhile, city officials continued to dodge questions about whether the Law Department used multifactor authentication, which is widely considered a cybersecurity best practice.
A policy memo issued by the New York City’s Cyber Command two years ago stated the security measure is a requirement for city workers with “restricted” or “sensitive” information access as of April 23, 2019.
But city officials refused to say whether the Law Department used multifactor authentication at the time of the hack.
A Law Department spokesman declined to comment on the matter aside from saying that discussing it in public is “sensitive.”
NYC Cyber Command czar Geoff Brown also declined to answer a direct question about the multifactor protocol Wednesday, though he approved the 2019 memo.
“We were able to detect the attack because we have defensive monitoring in the environment. We have added additional security and additional security elements to insure safety moving forward, and we will continue to make recommendations to all agencies as this investigation continues. As we learn more, we will be able to defend better,” Brown said.
He declined to comment on the source of the attack or its intent, but said “there is still no evidence of damage to city systems from the attacker.”
“There is no evidence of unauthorized encryption of city systems or data and no evidence establishing data exfiltration,” he said. “Cyber Command has established security protocols to reinstate access to all Law Department IT infrastructure and services.”
On Tuesday, NYPD Deputy Commissioner of Intelligence and Counterterrorism John Miller acknowledged authorities were still trying to determine a motive for the attack.
One attorney who recently spoke to Law Department lawyers said they would not disclose whether other agencies, including the NYPD, district attorneys’ offices and outside vendors handling evidence, might have also been compromised. The chief judges of state and federal courts were notified of the hack — a sign that it is serious, the attorney added.
“This is not what under control looks like!” the lawyer said, adding that the city couldn’t give an estimate of when Law Department systems would be restored.
©2021 New York Daily News. Distributed by Tribune Content Agency, LLC.
