officials

now browsing by tag

 
 

Cyber #security a #priority for #area #election #officials

With election season quickly approaching, Grand Island workers are taking steps to secure their data.

Election officials from across the state are taking advantage of training opportunities to stay up-to-date on cyber security measures.

Last fall Secretary of State John Gale hosted a big presentation. Tracy Overstreet, the Hall County Election Commissioner attended.

Overstreet had the opportunity to meet with officials from Homeland Security and the FBI to learn about ways to protect elections from hackers.

She says there are also risk-assessment analysis taking place on the state and local level right now.

“We’ve got the anti-virus software, we’ve got the firewalls up. The election information isn’t even available to any outside site. The only thing that comes out of the election office that goes out to the election site is our election results on election night,” said Hall County Election Commissioner Tracy Overstreet.

Overstreet says Hall County still uses paper ballots for their elections. She feels this provides even more security and also a paper trail to refer back to.

advertisement:

The post Cyber #security a #priority for #area #election #officials appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hack of #Baltimore’s 911 #dispatch system was #ransomware #attack, city #officials say

The hack that forced Baltimore’s 911 dispatch system to be temporarily shut down over the weekend was a ransomware attack, city officials said Wednesday.

Such attacks — another of which occurred in Atlanta last week — take over parts of private or municipal computer networks and then demand payment, or ransom, for their release.

Frank Johnson, chief information officer in the Mayor’s Office of Information Technology, said he was not aware of any specific ransom request made by the hackers of Baltimore’s network, but federal authorities are investigating.

“The systems and the software and the files are all being investigated by the FBI right now,” Johnson said.

No personal data of city residents was compromised, he added.

Dave Fitz, an FBI spokesman, could not be reached Wednesday. On Tuesday, Fitz said the agency was aware of the breach and providing assistance to the city, but otherwise declined to comment.

The attack infiltrated a server that runs the city’s computer-aided dispatch, or CAD, system for 911 and 311 calls. The system automatically populates 911 callers’ locations on maps and dispatches the closest emergency responders there more seamlessly than is possible with manual dispatching. It also relays information to first responders in some cases and logs information for data retention and records.

The breach shut down the CAD system from Sunday morning until Monday morning, forcing the city to revert to manual dispatching during that time. While the city’s 911 calls are normally recorded online on Open Baltimore, the city dispatch logs stopped recording them at 9:54 a.m. Sunday and didn’t resume recording them again until 7:42 a.m. Monday.

Johnson said the attack was made possible after a city information technology team troubleshooting a separate communications issue with the server inadvertently changed a firewall and left a port, or a channel to the Internet, open for about 24 hours, and hackers who were likely running automated scans of networks looking for such vulnerabilities found it and gained access.

“I don’t know what else to call it but a self-inflicted wound,” Johnson said. “The bad guys did not get in on their own without the help of someone inadvertently leaving the door open.”

Once the “limited breach” was identified, city information technology crews “were able to successfully isolate the threat and ensure that no harm was done to other servers or systems” on the city’s network, Johnson said. And once “all systems were properly vetted, CAD was brought back online.”

Johnson said the city “continues to work with its federal partners to determine the source of the intrusion.”

The Baltimore hack comes amid increasing hacking of municipal systems across the country, and follows one in Atlanta last week that paralyzed that city’s online bill-payment system, with hackers demanding a $51,000 payment in bitcoin to unlock it. That attack occurred Thursday, and Atlanta employees only turned their computers back on Tuesday.

Johnson said his office works diligently to prevent cyberattacks and is looking to invest more in safeguarding its networks.

Baltimore also faced cyberattacks during the unrest in 2015, when its website was taken offline. Johnson said he was unaware of any other successful attacks on the city’s networks. He said the city would be obligated to disclose any attacks that compromised residents’ personal information, health information or crime data.

Johnson said he feels the city recovered well from the breach once it was identified, but that he did not want to go into detail about what was done lest he expose the city to more attacks.

The city has a $2.5 million contract with TriTech Software Systems to maintain its CAD software and provide “technical support services to ensure the functional integrity” of the city’s CAD system.

Scott MacDonald, TriTech’s vice president of public safety strategy, said the company worked with city IT personnel to shut down the CAD software after the attack. The breach was not related to the company’s software, MacDonald said.

“When we were alerted of it, it was reported that the server had some sort of compromise,” he said. “Our techs connected and worked with the IT staff there, and the CAD system was taken down manually, in combination between our staff and theirs, while the servers could be troubleshooted by the city.”

advertisement:

The post Hack of #Baltimore’s 911 #dispatch system was #ransomware #attack, city #officials say appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Intel didn’t #tell US #cyber security officials about the #Meltdown and #Spectre flaws until after it #leaked in news #reports

Source: National Cyber Security News

Intel did not inform U.S. cyber security officials of the so-called Meltdown and Spectre chip security flaws until they leaked to the public, six months after Alphabet Inc notified the chipmaker of the problems, according to letters sent by tech companies to lawmakers on Thursday.

Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with U.S. authorities as hackers had not exploited the vulnerabilities.

Intel did not tell the United States Computer Emergency Readiness Team, better known as US-CERT, about Meltdown and Spectre until Jan. 3, after reports on them in online technology site The Register had begun to circulate.

US-CERT, which issues warnings about cyber security problems to the public and private sector, did not respond to a request for comment.

Details of when the chip flaws were disclosed were detailed in letters sent by Intel, Alphabet and Apple Inc on Thursday in response to questions from Representative Greg Walden, an Oregon Republican who chairs the House Energy and Commerce Committee.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Hackers #redoubling efforts after #Meck Co officials #decline #paying #ransom

Hackers are reportedly “redoubling their efforts to penetrate the county’s systems” after Mecklenburg County officials decided not to pay a ransom to unfreeze hacked servers, officials said Thursday.

Mecklenburg County remains open for business as it continues to restore services.

According to county officials, cybercriminals are trying to use emails with fraudulent attachments and viruses to further damage the county’s systems. County officials are asking residents and employees to remain patient.

County Manager Dena Diorio says hackers froze 48 county servers, and asked for two bitcoins in ransom, which totals about $23,000. This, despite claims made by other county officials to WBTV that the hackers were actually seeking a ransom on each server, which would have run the ransom into a range of the hundreds of dollars.

On Thursday, officials said ITS is disabling county employees’ option to open attachments in Drop Box and Google Documents. Officials released this statement:

“The best advice for now is to limit your use of emails containing attachments, and try to conduct as much business as possible by phone or in person. “

As the county manager refuses to pay the hackers, the county’s IT team begins work on repairing the 48 frozen servers, and bringing the affected county departments back to normal working order. These departments include the tax office, register of deeds, LUESA, assessor’s office, park and recreation, department of social services, child support enforcement, finance, sheriff’s office, and the courts.

The county was experiencing a county-wide computer system outage Tuesday afternoon. Just after 6 p.m., officials told reporters that the servers were being held for ransom.

Officials have not given a timeline for how long the repairs will take, but say they will take “days.” They have prioritized repairs on servers affecting health and human services, the courts, and LUESA.

Diorio told WBTV that bringing the 48 servers back to full strength is a process that could go into early 2018.

“Now understand things will come back up incrementally, so as we bring systems on line we won’t be shot down that long, but by the time we get everything fully restored I would say the first of the year,”Diorio said.

Rather than pay hackers demands to get rid of ransomware, the county is taking matters into  its own hands.

One place impacted and where business practices have changed is the Mecklenburg County Tax Office.

Online payments have become the norm, but with computers being down fees collected in person.

Daniel Chisholm ended up with handwritten receipt and a dose of reality.

“I am paranoid about using the internet and I use it all the time. Problem is that’s the wave of the future and you can’t get around it,” Chisholm said.

Theresa Payton and her company Fortalice Solutions is one of the companies hired by Mecklenburg County to work through this series of challenges.

She is also a WBTV cyber security expert who says hackers in most instances are hoping to beat the odds.

“For cyber criminals they have nothing to lose and everything to gain. If you think about, you have to get it right 365 days out of the year, and they only have to get it right once,” Payton said.

Getting right during this period of recovery is the goal of the county manager.

“We just ask people to work with us and be patient to the best of their ability,” Diorio said.

Dioro also expects work to continue through the weekend and through the holidays.

In the meantime, they have asked customers to call these departments to check on their services.

Below is information from county officials given Thursday of offices affected during the server outage, along with direction for customers moving forward.

Assessor’s Office (CAO)
Non-Operational:

  • County Assessor’s Office reports AssessPro (The Real Property appraisal system), NCPTS (the personal property appraisal system and the billing and collection system) are down.
  • Polaris and Tax Bill look up county web links are not working.

Criminal Justice Services
Non-Operational:

  • Research & Planning cannot run the daily population numbers without OMS interfacing with our data warehouse.  (Please note that we anticipate a spike in the jail numbers due to the release process being slowed.)

 Child Support Enforcement (CSE): CSE is in full Manual Services- still seeing customers here and in the Courthouses, all records are being hand-written and the Clerk’s office is printing/making copies for the Court.

  • Advantage is Down
  • ACTS- Automated Collection and Tracking System is down- which is used to interface with other state and federal systems; document generation; pay histories; charging and billing functions, etc
  • Compass/OnBase is down
  • Dept. Of Vital Records is down
  • Qflow- Used to track customer visits by date, time, visit purpose, service provider, etc.
  • VMWare

Community Support Services: The Domestic Violence Victim Services phone line (704-336-3210) is now fully functioning.
Non-Operational:

  • ECHO for Substance Use Services (they are documenting on paper & will scan into the system once operational),
  • OnBase for Veterans Services & secure printing and copying. We are seeing clients but Veterans Services may run slower. As soon as we have access to a copier we will run much smoother.
  • All secure printing & coping DOWN.
  • Community Support Services Prevention & Intervention Division is unable to transfer a call from the receptionist to a clinician.

 Department of Social Services (DSS): All DSS services and programs are up and running with the exception of individual medical transportation scheduling.

  •  All Public Assistance programs and services are available.  We have made adjustments to work around the systems that are unavailable.
  • Adult Protective Services and Child Protective Services are fully operational.

 Transportation Message:
If you have made a transportation reservation through DSS/MTS scheduling, please call Customer Connection at 704-336-4547 to confirm your transportation.  This includes reservations made for bus passes and vendor transportation for trips scheduled through December 11, 2017.

Finance
Non-Operational:

  • Services/support are all manual and limited as most all of our work relies on Advantage as our core financial system.
  • Automated payments, invoicing, procurement, etc.  This means no Electronic funds transfers, processing of procurement requests in the system, or other similar transactions.  Because many of our internal controls are automated, or rely on systems (verifying funds, etc.), most of our services will be manual and slowed, but we should be able to perform them.  We also cannot apply payments received to the balance owed in the system—meaning we will have a backlog and some risk to the extent collections are continuing.

 Human Resources
Non- Operational:

  • Applicants cannot apply for vacant positions

Library

  • No changes since last communication

 LUESA
The LUESA offices on Suttle Ave continue to operate to provide services to our building community.  If you have urgent permitting and inspection needs, please call 980-314- CODE (2633) and staff will be able to coordinate your request for service.

Non-Operational:

  • Code and Storm Water Services cannot review plans or issue new permits until POSSE/Winchester and other supporting systems including GIS, Navision (payment processing) are up.
  • GIS cannot provide addressing and other services including processing register of Deeds data until the GIS servers are back online.
  •  Air Quality services for asbestos reviews etc cannot be performed until the permitting system is up.

MEDIC: Nothing affected at this time.

Office of the Tax Collector
Non-Operational:

  • Property tax payments cannot be made at the Wilkinson Boulevard location.
  • Tax records and payment information cannot be accessed online or by telephone.
  • Research requests for bankruptcy, tax certificates, tax lien research, or any other service requiring reference to the tax records cannot be performed.
  • All online services including online payment options are not available.

As of Wednesday night, the county’s domestic violence hotline was down. They were directing callers to Safe Alliance reached at 704-332-2513.

County officials say employees’ payroll will not be affected by the Dec. 15 pay date. Officials say most printers are still offline, with a limited number enabled in specific offices.

View full post on National Cyber Security Ventures

Officials push cybersecurity education amid rise in malicious attacks

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans SALT LAKE CITY — Digital security breaches that impact megacompanies like Equifax, Sony or Yahoo tend to dominate headlines when they occur, but it’s far more common for small businesses to fall victim to cybercriminals and, when they do, the results are typically far more catastrophic. […] View full post on AmIHackerProof.com | Can You Be Hacked?

County Officials Didn’t Protect Computer Systems from Obvious Hacking Risks, Auditors Say

Source: National Cyber Security – Produced By Gregory Evans

Orange County officials failed to implement essential safeguards to protect county computer systems, which left the county unnecessarily vulnerable to hacking and other malicious activity until the problems were uncovered in recent months by a comprehensive audit. “We found that physical and [software access] security to data and programs WAS…

The post County Officials Didn’t Protect Computer Systems from Obvious Hacking Risks, Auditors Say appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Credit skimmers not spiking locally; officials still preach vigilance

Source: National Cyber Security – Produced By Gregory Evans

State and local officials are preaching vigilance over rising instances of identity theft around the state due to credit card skimmers in gas pumps. Sergeant Brian Sawyer with the Collier County Sheriff’s Department said that while his department had not yet noticed a significant increase of devices in the area,…

The post Credit skimmers not spiking locally; officials still preach vigilance appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

U.S. education officials contact University of Oklahoma over cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

The U.S. Department of Education has been in contact with the University of Oklahoma regarding a lapse in security protocol that allowed anyone with a campus-issued email to search for and view sensitive student records. The now corrected cybersecurity error enabled anyone with an @ou.edu email to search for records…

The post U.S. education officials contact University of Oklahoma over cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Massachusetts voting system not vulnerable to hacking, officials say

Source: National Cyber Security – Produced By Gregory Evans

Massachusetts voting system not vulnerable to hacking, officials say

From inside a vault, Northboro town clerk Andy Dowd pulled out a vote-counting machine. It has buttons and a screen like a computer, but no connectivity cables. “Right now, (with) our option there’s no way to connect this to the internet,” Dowd told WCVB. As with all voting-counting machines in…

The post Massachusetts voting system not vulnerable to hacking, officials say appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Officials say Clay High student found with ‘shoot list’

Parents of students at Clay High School are upset after learning a student brought a “shoot list” to school Thursday morning.

The boy, whose name and age were not released, did not have a weapon and told investigators it was a joke. He was arrested and will also face discipline for violating Clay County schools’ code of conduct.

By mid-morning, parents got an automated call from the principal. Many of them showed up to pull their children out of the school despite assurances that the student was in custody.

“This happened a couple years ago in Keystone, as well, and I don’t trust it,” parent Desiree Milleston said.

Read More

The post Officials say Clay High student found with ‘shoot list’ appeared first on Parent Security Online.

View full post on Parent Security Online