The recent ransomware attack against the Suffolk County Government has raised important questions about the relationship between citizens, governments and technologies.

There was a confirmed ransomware event in early September. The hack crippled the county’s computer infrastructure, and recovery efforts continue.

In the wake of these events, the hack prompted critics to question the digitization of sensitive information and how governments can better secure their IT networks.

What is Ransomware?

Nick Nikiforakis is an associate professor in the Computer Science Department at Stony Brook University. The search for him focuses on web security and privacy. In an interview, he described how ransomware works.

“Ransomware is, in fact, malicious software that infiltrates a machine, starts encrypting all kinds of private documents, spreadsheets, anything of value, and then leaks the encryption key to the attacker, and potentially the data that has been encrypted,” he said. .

Some forms of ransomware only target a single machine, according to Nikiforakis. Other strains can spread to multiple devices, potentially infecting an entire network.

Ransomware is the confirmed attack vector for Suffolk County. However, how the hackers first got into the county system is unknown to the public.

While details of the county’s hack are scarce, Nikiforakis said cyber attackers commonly use emails with malicious attachments. In other cases, they can locate vulnerable software within a network, exploit that weakness, and breach that system. Once hackers gain access to the system, they hold sensitive information for ransom.

“The original idea behind ransomware is that if you don’t pay the attacker the money they ask for, then you lose access to your data,” Nikiforakis said.

Backup software was developed, in part, to mitigate this concern. Regardless, as technologies have evolved, so has cybercrime.

“Even if you have the ability to restore your data from backups, now you are faced with the attacker who has access to your data and threatens you to make it public, which is what is happening in this case,” Nikiforakis said.

Based on available information, Nikiforakis said the attackers likely gained access to speeding tickets and various securities, among other sensitive materials. “That’s definitely a cause for concern, and that’s why, in some cases, people decide to pay, to avoid this backlash that will come from the data being made public.”

A matter of payment

Ransomware raises an ethical dilemma for government officials, namely whether to use public funds to pay a ransom.

“People can take a philosophical approach and say, ‘We don’t negotiate with terrorists,’ and I understand that,” Nikiforakis said, “But then the rational thing for the attacker to do is make the data publicly available. Because if he doesn’t, the next victim won’t pay for it either.

The profitability of the ransomware operation depends on the victim’s confidence that the criminals will comply with the terms of the transaction. The ransomware business model would fail if cyberattackers generally go against their word.

Because of this, Nikiforakis said payment and compliance could sometimes be in both parties’ best interests.

“I think it’s a very rational decision to say, ‘Let’s pay up and accept this as a financial loss and make sure it doesn’t happen again,'” he said.

In Suffolk County, however, putting this theoretical framework into practice is more complicated. Responsibility for paying ransomware payments would rest with the Office of the Comptroller, which oversees county finances.

During an election interview last month with County Comptroller John Kennedy Jr. (R), he hinted that compromising with cybercriminals is out of the question.

“There is no predicate in the statute, in New York State county law, in the Suffolk County code, to take taxpayer money and give it to a felon,” he said.

“Technology is moving so rapidly that it’s incredibly difficult for government to keep up.”

—Sarah Anker

The effect on the county government operations

The ransomware attack also exacerbated concerns about the county’s computer security. Kennedy likened the problem to a fire code, saying that fire codes often include provisions for masonry walls and other buffers that reduce the spread of a fire.

“If a fire breaks out, it doesn’t bring down the whole complex. It stops at the masonry wall,” he said. “Our system wasn’t configured with those forced outages, other than some segregation of duties in Riverhead at the county clerk’s office.”

Suffolk County Legislator Sarah Anker (D-Mount Sinai), whose office was attacked by ransomware in 2017, has been advocating for some serious IT reform. She has been following county technology closely and has expressed frustration with how the initial attack occurred.

“I could tell, and I could feel, that more needed to be done,” she said. “You have hindered the government, you have affected our constituents. Maybe it could have been worse, but it never should have happened.”

Suffolk County Sheriff Errol Toulon Jr. (D) explained his office’s many challenges following the attack. Although communications systems are slowly coming back online, the initial attack disrupted both external and internal communications within the sheriff’s office.

“From a prison and a police perspective, it really got in our way at first,” he said. “Emails we have received from other law enforcement agencies or any communication with our community have been disrupted for a significant amount of time.”

The New York State Division of Homeland Security and Emergency assisted the sheriff’s office as Toulon personnel worked without an operational communications network. Because of this coordination, Toulon argued that the functions of the prisons were performed more or less appropriately.

“We wanted to make sure that any individual who should have been released from our custody was released on time,” the county sheriff said. “Nobody was jailed longer than they should have.”

Preparation for the future

Toulon suggested that the existing IT network is too centralized and interconnected. To prevent future failures of the entire network, he proposed creating separate silos for each department.

“I hear that the district attorney’s office, the sheriff’s office, the [County] The clerk’s office and the comptroller’s office should be totally separate from the county executive’s office,” Toulon said, “So if, God forbid, this were to happen again in the future, we wouldn’t be directly affected as all the others.

Anker said she and a new group of county lawmakers are beginning to explore ways to strengthen the network and apply strategies that work elsewhere.

“As we move forward, we need to see what other municipalities and companies are doing,” he said. “What kinds of programs and software do they have to prevent these attacks?”

The rate of software development, according to Anker, is outpacing governments’ ability to respond effectively. While IT departments must stay ahead of cybercriminals to protect their digital infrastructure, staying ahead of the curve is easier said than done.

“Technology is moving so rapidly that it’s incredibly difficult for government to keep up,” he said. “I would like to see more accountability in all respects and from everyone as we move forward with the new technology.”

While the recent cyberattack focuses on the government, Anker believes ordinary citizens are also at risk from hostile online actors. The county legislature argued that more work should be done to alert community members to these dangers.

“Not enough is being done as far as community outreach is concerned,” she said. “There needs to be more education about preventing an attack on your home computer as well.”

Nikiforakis proposed to pay more attention to the digitization of personal documents. According to him, those discs in the wrong hands could unleash serious damage.

“Ransomware has been a big game-changer for attackers because it allows them to monetize data that traditionally wouldn’t be monetizable,” he said. “Through ransomware, suddenly anything of value can be monetized.”

The SBU associate professor supports software updates, cybersecurity protocols, and other measures that protect against ransomware. But, he said, a broader conversation needs to take place about the nature of digitization and whether individuals and governments should store sensitive files online.

“More and more things that weren’t online are suddenly available online,” he said. “We need to reevaluate the enthusiasm with which we put everything online and see if the convenience we get from these online systems is a good return on investment, given the risks.”

Leave a Reply

Your email address will not be published. Required fields are marked *