Local Municipalities Fight Back Against Hackers


Every day, hackers are finding new ways to infiltrate computers, either through “phishing” scams or a more direct attack. And common antivirus software just isn’t cutting it.

Recently, school districts and municipalities across the United States have fallen victim to what’s commonly referred to as ransomware — an encryption virus that essentially renders the affected computer or server useless, and all its data unavailable and in danger of being lost, until a ransom is paid to the attacker.

Last month, 22 municipalities in Texas were targeted by a statewide ransomware attack, with hackers seeking millions of dollars to undo the damage. None of the municipalities paid the ransom. Earlier this summer, on Long Island, Rockville Centre paid ransom of $88,000 in cryptocurrency to unlock encrypted files.

Southampton Town, although not directly affected, had its first experience with ransomware in March, when the municipality’s public access channel, SEA-TV, was hacked.

The channel, which broadcasts Town Board and regulatory board meetings, was unavailable for roughly a week after a power outage caused the server to reboot, according to audio visual aide Sarah Pleat. Upon starting back up, the files were found to be encrypted and inaccessible.

Further investigation revealed a text file that was saved to the hard drive, which directed the user to download a torrent — on an anonymous browser — to establish a bitcoin account to pay the ransom.

Instead, Ms. Pleat explained that the station was advised by their contractor, Tightrope Media Systems, to replace the infected hard drive and reinstall the broadcast software.

The infected hard drive was subsequently delivered to the Suffolk County Police cyber security team for investigation. However, Ms. Pleat said that “there was nothing to learn from the drive.”

She added that the station has since increased cyber security throughout its network by updating the system’s Internet Protocol, or IP, address and adding an additional router. “It just made it so if the person knew the IP address of the machine before, it’s no longer that,” she said. “We locked it up tight, and we changed the locks. Going forward, it shouldn’t be a problem.”

Fortunately, Ms. Pleat said that the attacker did not have access to any confidential information, and that the encrypted files, which included nearly 20 terabytes of archived videos, were backed up on a separate computer that was not affected by the virus.

In fact, backing up information is one of the best defenses against cyber-attacks, according to Ed Lindley, the owner of East End Computers, which manages the computer networks in East Hampton Village, Sagaponack Village and Shelter Island Town.

“We take a very serious approach to recoverability. It’s the most effective thing you can do,” he said. “If something does happen, you’re going to be able to recover from it.”

However, according to Southampton Town Director of Information Management Paula Pobat, “nothing is 100 percent,” adding that “education is key.”

She said that in addition to completing an annual state-mandated online training course, town employees, including elected officials, are required to partake in occasional town-issued phishing tests, during which, Ms. Pleat and her team evaluate user’s ability to recognize phishing attempts — emails masked to look like safe communications, encouraging someone to click a link or open an attached file.

“The best defense is a well-educated user of a computer and being able to spot these things that are not right that are baiting them into doing something that they shouldn’t be doing,” Mr. Lindley said.

He added that other defense techniques include commercial anti-virus software, such as McAfee and Norton Anti-Virus. However, he said that they are only “mildly effective.”

Instead, commercial agencies, companies and municipalities are often equipped with high-end security software, such as CrowdStrike, FireEye and Carbon Black.

“The bad guys are constantly one step ahead of the defenses that are out there,” Mr. Lindley said. “The generic, popular ones are easily circumvented.”

A recent victim, Hamptons.com — an online guide to news and events happening in Southampton, East Hampton, Westhampton Beach, Montauk, Sag Harbor and Bridgehampton — was recently hacked, despite its safeguards. In an email to customers last week, the website’s publisher, Joseph Kazickas, apologized for the outage and assured users that the attackers had not gained access to any confidential information.

He added that the website’s information technology team was working to install additional safeguards to prevent future attacks.

Eric Friedberg, co-president of Stroz Friedberg Inc., a New York City-based cyber security firm, explained that there are two forms of attack: direct and indirect.

In short, indirect attacks often consist of an email connected to a malicious link or document. Hackers can either send out a “shotgun blast” of 20 emails, which could include something as common as a U.S. Postal Service tracking number, or send a targeted email, in which the attackers may appear to be a colleague or friend of the potential victim.

“However, as this has become a very big business for organized crime, they’re no longer relying on clicks,” Mr. Friedberg said.

He explained that direct attacks go one step further, and that hackers are now launching more sophisticated campaigns, which include “breaking crews” tasked with mapping an agency’s server or network and implanting the malware on critical machines.

He pointed to an attack in 2016, when Hollywood Presbyterian Medical Center paid a $17,000 bitcoin ransom to a hacker who seized control of the hospital’s computer system.

Additionally, in 2018, he said that Maerska, a global shipping company, suffered more than $300 million in damages after being forced to reinstall 45,000 servers following a ransomware attack.

While Mr. Friedberg said that hackers are commonly targeting big commercial companies, hospitals and e-retailers, he added that, based on budgetary restrictions, municipalities are easy targets.

“Imagine if you’re some chief information security officer, and you’re saying, ‘I need $50,000 to pay this ransomware.’ What’s the town supervisor going to say? No?”

Ms. Pleat confirmed those suspicions last week, noting that it’s often a struggle to balance the town’s budget with the necessary security upgrades each year. “Municipalities work within budgets,” she said. “Knowing that budget, we develop the best plan to secure our network.”

Pointing to the attack on SEA-TV in March, Southampton Town Supervisor Jay Schneiderman said, “We weren’t going to pay it, even if it was $5.” He added, “All towns have financial limitations — how much money they can put into protecting their systems.”

Fortunately, Southampton Town, East Hampton Village and Sagaponack Village have only had to sort through occasional phishing emails, rather than deal with a full-fledged ransomware attack, officials said.