The Department of Homeland Security issued a release on Thursday saying President Joe Biden has designated them as the lead agency “to coordinate domestic preparedness and response efforts related to the current Russia-Ukraine crisis,” and “while there are no specific threats to the homeland at this time, DHS is taking appropriate steps to ensure Federal efforts are coordinated should the need arise.”
In December 2020, a malware attack disrupted the Butler County Sheriff’s Office including the Computer Aided Dispatch system and other parts of the sheriff’s department operations. It cost nearly $180,000 for equipment, repairs and overtime to fix the breech.
Sheriff Richard Jones said it appears someone in his office clicked an email they shouldn’t have and that’s how they got in the system.
“When they do this they make it look like it’s legit, like it’s coming from me or the chief,” Jones told the Journal-News. “And when they do it, they hit that one button and once you accept it you’re poisoned, they’re in you.”
Jones said they were told the hackers were likely from Russia and they have been hitting law enforcement and other arms of government for years.
“We were in shock about why would they try to hit us, and they’re still trying to hit us,” Jones told the Journal-News. “We have a sophisticated system but some of these large, large police departments, law enforcement, and we were told not only were they from foreign countries but they felt it was in Russia. They were wanting ransom but we didn’t pay it. Seemed like in the beginning they were wanting millions.”
Chief Deputy Anthony Dwyer at the time described the extent of what they needed to do to make sure no other malware was lurking. They detected the hacker almost immediately because they have an alert system.
“We went into ultra-safe mode. We basically disconnected everything and went back to redo our complete system,” Dwyer said. “Whenever you get malware there’s always a chance of it re-infecting something. So we were ultra cautious, we took everything offline and the technical services guys touched every computer in the agency and every computer that touched our system, to wipe them clean.”
The breach mainly impacted the CAD system, which meant dispatchers and the crews they were sending to emergencies had to resort to pulling out maps and pens and paper to get the job done and reports generated.
Dwyer told the Journal-News the county’s insurance company — which paid all but $70,000 of the bill — hired the company they used to scrub their system to ensure no seriously sensitive data was accessed. Generally speaking, he said, this is how these ultra-secret companies work.
“These computer experts can go in and kind of see how long they were in and where they went, it’s really amazing,” Dwyer said. “They can kind of see what the bad actors did and what they possibly got access to. In our case what they got access to was not that relevant.”
He said the breached documents were public records anyway and they had back-ups, but the mess took months to clean up. He said they send pfishing emails to staff now and if they click it they will be disciplined.
“If they do it more than once it could get you fired here, it’s serious stuff,” Dwyer said. “I preach to everyone I know, make it serious. That was one of the most devastating events we’ve had. We’re used to the crime, and the murders and all the things that we do. But this was outside our arena a little bit and it was a very, very difficult several months trying to piece all that back together.”
He said private companies will often pay a ransom because they don’t want their data released “on the dark web.” He said the security companies deal with the hackers so they can get samples of what they stole and determine if paying ransom is worth it.
“Big companies if they choose to pay to get their data released, it’s really kind of an art form, they’re like criminals with a reputation, in other words go check us out, if you pay us and we say we’ll give you your data back we will,” Dwyer said. “They’ve got like a better business bureau, you can see historically they publish stuff that says yeah, we got into this lumber company they didn’t want their data released, they paid us, we gave them their data back, ask them, everything was good, we’re a man of our word kind of deal, thieves with integrity.”
The sheriff’s computer systems are separate from other county departments so the hack stopped there. Many county departments have sensitive data from residents like Job & Family Services but all of those computers and servers are on the state system. The county auditor, treasurer, courts and other offices all deal with information about the public. As for payroll for nearly 2,000 employees Fletcher said that information is encrypted.
Fletcher said he has spent $50,000 to $65,000 upgrading their systems recently and more upgrades are planned, “we’re doing things daily to make sure the data is protected for the public and employees of the county.”
Commissioner Don Dixon acknowledged what is happening overseas is scary.
“A prudent person would be concerned, it’s a big deal,” Dixon said. “But we’ve kept up to speed on all the programs and the stuff we deal with. We feel we’re as protected as we can be. You just do the best you can do and see what happens, but I think we’re the best prepared we can be.”
About the Author