SUFFOLK CLOSEUP

By Karl Grossman

Suffolk County government is far from alone in having its computer network hacked last month—a massive data breach from which only in recent weeks has it begun to recover.

“Top 10 Biggest Government Data Breaches of All Time in the U.S.” is the title of a report on the website Digital Guardian. The list is topped by the hacking of the U.S. Voter Database in 2015. In this, “the largest government data breach to date, a database of 191 million voters was exposed,” it says. “Again, and almost unfathomably, the problem came down to human error and oversight: the database was incorrectly configured and exposed on the open Internet. It contained the personal information—names, dates of birth, party affiliations, emails, addresses, and more—of all registered voters in the 50 states…”

At Number 2, the National Archives and Records Administration got hacked. In 2009 after “a hard drive malfunctioned” and NARA sent it to “their private IT contractors for repairs.  The problem: the hard drive contained the highly sensitive information for a reported 76 million [military] veterans, and NARA forgot to wipe the drive before sending it off premises.”

Also included is Virginia, and how in 2009 “a hacker reportedly breached a Virginia government health website used by state pharmacists and stole the personal information of 8.3 million Virginians. The hacker later taunted the government and FBI, demanding $10 million for the safe return of the information.” Then there’s the hacking of the Office of Texas Attorney General in 2012 with 6.5 million people “compromised,” this office having “mistakenly included sensitive information, including Social Security numbers, in a voter database file released to plaintiff’s attorneys.” And the list goes on.

Says Digital Guardian: “From U.S. federal government agencies to state agencies, cyberattacks have dug up U.S. citizens’ private information through every level of government.”

Cyberspace is clearly a new Wild West. And Suffolk County government has become a victim. Those who hacked into the Suffolk computer system have demanded a ransom, as is the way the cybercriminals operate. Who are the sheriffs in this computer-based Wild West and are governments—including Suffolk County government—doing what they might to protect people’s sensitive information?

As to U.S. government cyberspace would-be sheriffs, the Government Accountability Office, a watchdog unit within the federal government, last week issued a 70-page report stating the  agencies that are supposed to protect us from hacking “can improve collaboration.” These include the FBI, Secret Service and the Cybersecurity and Infrastructure Security Agency.

However, the issue goes way beyond our nation’s borders with hackers functioning globally. As the international police organization, INTERPOL, with 194 member countries, declares under the title “Cybercrime” on its website: “Today, the world is more digitally connected than ever before. Criminals take advantage of this online transformation to target weaknesses in online systems, networks and infrastructure. There is a massive economic and social impact on governments, businesses and individuals worldwide.” So, INTERPOL “is increasing the capacity of our member countries to prevent, detect, investigate and disrupt cybercrimes.”

A successful initiative at the grassroots to combat cyberattacks has been happening. In the current issue of New York magazine is an article about how Lawrence Abrams, “founder and owner” of the website Bleeping Computer in 2016 “helped organize…what became known as the Ransomware Hunting Team.” This “band of about a dozen tech wizards in seven countries soon proved indispensable to victims who couldn’t afford, or refused out of principle, to pay ransoms to cybercriminals. Without charging for its services, the team has cracked more than 300 major ransomware strains and variants, saving an estimated 4 million victims from paying billions of dollars in ransoms.” 

This extensive, must-read piece says of the cybercriminals: “Concentrated in countries such as Russia and North Korea, where they appear to enjoy a measure of government protection, the attackers are often self-taught, under-employed tech geeks.”

Did Suffolk County government do all of what it should have to try to prevent the hacking attack on it? No, says Suffolk Comptroller John M. Kennedy, Jr. of Nesconset. He says county government through a private contractor acquired a “million-dollar firewall” but, says Kennedy, “some of its features our people weren’t able to successfully activate.”

Karl Grossman is a veteran investigative reporter and columnist, the winner of numerous awards for his work and a member of the L.I. Journalism Hall of Fame. He is a professor of journalism at SUNY/College at Old Westbury and the author of six books.