____________________________________________________________________________________


 

 

 

 

Wednesday
Oct122022

SUFFOLK CLOSEUP: Being Hacked Is Not Unique To Suffolk County

SUFFOLK CLOSEUP

By Karl Grossman

Suffolk County government is far from alone in having its computer network hacked last month—a massive data breach from which only in recent weeks has it begun to recover.

“Top 10 Biggest Government Data Breaches of All Time in the U.S.” is the title of a report on the website Digital Guardian. The list is topped by the hacking of the U.S. Voter Database in 2015. In this, “the largest government data breach to date, a database of 191 million voters was exposed,” it says. “Again, and almost unfathomably, the problem came down to human error and oversight: the database was incorrectly configured and exposed on the open Internet. It contained the personal information—names, dates of birth, party affiliations, emails, addresses, and more—of all registered voters in the 50 states…”

At Number 2, the National Archives and Records Administration got hacked. In 2009 after “a hard drive malfunctioned” and NARA sent it to “their private IT contractors for repairs.  The problem: the hard drive contained the highly sensitive information for a reported 76 million [military] veterans, and NARA forgot to wipe the drive before sending it off premises.”

Also included is Virginia, and how in 2009 “a hacker reportedly breached a Virginia government health website used by state pharmacists and stole the personal information of 8.3 million Virginians. The hacker later taunted the government and FBI, demanding $10 million for the safe return of the information.” Then there’s the hacking of the Office of Texas Attorney General in 2012 with 6.5 million people “compromised,” this office having “mistakenly included sensitive information, including Social Security numbers, in a voter database file released to plaintiff’s attorneys.” And the list goes on.

Says Digital Guardian: “From U.S. federal government agencies to state agencies, cyberattacks have dug up U.S. citizens’ private information through every level of government.”

Cyberspace is clearly a new Wild West. And Suffolk County government has become a victim. Those who hacked into the Suffolk computer system have demanded a ransom, as is the way the cybercriminals operate. Who are the sheriffs in this computer-based Wild West and are governments—including Suffolk County government—doing what they might to protect people’s sensitive information?

As to U.S. government cyberspace would-be sheriffs, the Government Accountability Office, a watchdog unit within the federal government, last week issued a 70-page report stating the  agencies that are supposed to protect us from hacking “can improve collaboration.” These include the FBI, Secret Service and the Cybersecurity and Infrastructure Security Agency.

However, the issue goes way beyond our nation’s borders with hackers functioning globally. As the international police organization, INTERPOL, with 194 member countries, declares under the title “Cybercrime” on its website: “Today, the world is more digitally connected than ever before. Criminals take advantage of this online transformation to target weaknesses in online systems, networks and infrastructure. There is a massive economic and social impact on governments, businesses and individuals worldwide.” So, INTERPOL “is increasing the capacity of our member countries to prevent, detect, investigate and disrupt cybercrimes.”

A successful initiative at the grassroots to combat cyberattacks has been happening. In the current issue of New York magazine is an article about how Lawrence Abrams, “founder and owner” of the website Bleeping Computer in 2016 “helped organize…what became known as the Ransomware Hunting Team.” This “band of about a dozen tech wizards in seven countries soon proved indispensable to victims who couldn’t afford, or refused out of principle, to pay ransoms to cybercriminals. Without charging for its services, the team has cracked more than 300 major ransomware strains and variants, saving an estimated 4 million victims from paying billions of dollars in ransoms.” 

This extensive, must-read piece says of the cybercriminals: “Concentrated in countries such as Russia and North Korea, where they appear to enjoy a measure of government protection, the attackers are often self-taught, under-employed tech geeks.”

Did Suffolk County government do all of what it should have to try to prevent the hacking attack on it? No, says Suffolk Comptroller John M. Kennedy, Jr. of Nesconset. He says county government through a private contractor acquired a “million-dollar firewall” but, says Kennedy, “some of its features our people weren’t able to successfully activate.”

 

Karl Grossman is a veteran investigative reporter and columnist, the winner of numerous awards for his work and a member of the L.I. Journalism Hall of Fame. He is a professor of journalism at SUNY/College at Old Westbury and the author of six books. 

Tuesday
Oct112022

LTE: Why Does Smithtown Reject Help From The Disabled?

To the Editor
Smithtown Matters

My son Riko is a 52 year old man with severe autism who was born, raised and for the past 30 years lives in a group home in Smithtown. In October of last year Riko and his Direct Support Professional (DSP) saw a flyer from the Town of Smithtown Senior Citizen Department urgently looking for volunteers for their Meals on Wheels Program. Homebound seniors were at risk of missing meal delivery and suffering increased isolation due to an inadequate number of volunteer to make the deliveries.

Riko has been delivering Meals on Wheels for ten years and loves his volunteer work delivering Meals on Wheels in Center Moriches. Riko’s DSP called to volunteer to help with the MOW program’s crisis in Smithtown. To her utter dismay they were rejected on the grounds of contract and liability issues, issues that other municipalities were able to overcome. 

The then Exectuive Director of Developmental Disabilities Institute (DDI) wrote to Supervisor Wehrheim regarding the problem and seeking a resolution. He received an email from Supervisor Wehrheim’s assistant stating that the matter was being turned over to Council member Lynne C. Nowick who was the liaison to the Senior Citizens Center. Council member Nowick responded on December 2, that she had an upcoming meet with the newly appointed director of the Senior Citzens Department where she would raise the issue of Riko volunteering for the MOW program. On April 22, almost 5 months later, DDI finally received a 3 page officious response from Doreen Perrino, Program Director, Smithtown Senior Center. In her response Ms. Perrini cited a laundry list of “requirements” set forth by the Suffolk County Office of the Aging and the New York State Office for the Aging that Riko would be unable to meet starting with the fact that the meals must be delivered by a person with a valid New York State drivers license. Clearly, Riko a man with severe autism, would not possess a valid drivers license.

Ms. Perrini goes on to “address” DDI’s statement that the agency works with other meals programs in Suffolk County. Apparently, in her mind, the fact that only two programs permit disabled people to volunteer to deliver meals and that they created specific routes to accommodate them was reason enough to reject Riko’s offer to help address Smithtown’s crisis by volunteering! Clearly, Ms. Perrini is not familiar with The Americans with Disabilities Act (ADA) which prohibits discrimination against people with disabilities in several areas and requires that accommodations be made to include them. She also added that “it was reported” that the disabled volunteers were either unreliable or exhibited behavior problems and that the person “overseeing” the disabled volunteer was disinterested and not alert.

I reached out to the Moriches Nutrition Program regarding their evaluation of Riko and his DSP’s work as volunteers for its Meals on Wheels Program. The Assistant Director said that she has known Riko for years. She went on to say that everyone loves Riko, he greets everyone by name with a smile and that the various people with him over the years have been, without exception, excellent with Riko.

After all that transpired last year, I was saddened to read the article in the recent issue of Smithtown Matters that, one year later, the Smithtown Senior Center was still desperately looking for volunteers to deliver Meals on Wheels to seniors who were home bound. Seniors are missing out on nutritious meals that could have been delivered by my son Riko—a smiling, friendly man with a severe disability who wants nothing more but to give back to his community but was, despite years of experience delivering meals for other towns, rejected as an unsuitable volunteer by the town he has lived in all his life—Smithtown.

I can NOT escape the very strong whiff of discrimination. 

Disappointed,
Margaret Raustiala
Member Save our Services
CC Senator Mario Mattera
Assemblymember Michael Fitzpatrick
Jihoon Kim, Deputy Secretary for Human Services and Mental Hygiene
Kim Hill, Chief Disability Officer
Kerri Neifeld, Commissioner OPWDD

 

Wednesday
Oct052022

SUFFOLK CLOSEUP: Suffolk County's Cyberattack 

SUFFOLK CLOSEUP

By Karl Grossman

Suffolk County government’s computer network was struck on September 8 by a massive cyberattack, and last week—three weeks later and hoping it was over—the county began what a spokesperson termed a “rolling restoration” of computer operations. 

The county government’s websites, email and other online systems were taken offline immediately after the cyberattack. Still, last week, most county computers remained shut. 

“Anything we have done has had to be manual,” County Comptroller John M. Kennedy, Jr. of Nesconset told me last week. 

Suffolk government has had to go back to using paper.

Its Information Technology division is involved in dealing with the cyberattack and the FBI has joined in.

Meanwhile, the hackers leaked county documents including details about businesses that have had contracts with the county and county records containing personal information of people including sensitive information such as their addresses and dates of birth. 

County government advised residents to periodically check their credit reports from one of the national credit reporting companies and look for “suspicious” activity.

The hackers have been threatening to leak more if Suffolk County government did not pay an amount of money that has not been publicly disclosed.

The website DataBreaches.net which publishes information about data breaches—and under its title has the line “The Office of Inadequate Security”—has been providing details about Suffolk government hacking.

One dispatch from DataBreaches.net, dated September 16, was titled “NY: Suffolk County struggles to recover from BlackCat ransomware attack.” It stated: “Suffolk County on Long Island joined the ranks of those hit by a ransomware attack, and the results and impact are not surprising. One headline on September 13 somewhat said it all: ‘County IT systems crippled, with websites, email down, five days after discovery of cyberattack.’” (That headline was on the website RiverheadLocal.)

DataBreaches.net continued that “county officials were working to send out paper checks to pay county vendors” and “nonprofits contracted to perform social services were a high priority for payment.”

“Then a ransomware team stepped out of the shadows to claim responsibility for the attack,” said DataBreaches.net. “Variously called ALPHV or ‘BlackCat,’ they issued a post on their dark web leak site.”

The ALPHV or BlackCat post, according to DataBreaches.net, was: “The Suffolk County Government was attacked. Along with the government network, the networks of several contractors were encrypted as well. Due to the fact that Suffolk County Government and the aforementioned companies are not communicating with us, we are publishing sample documents extracted from the government and contractor network.”

“The total volume of extracted files exceeds 4TB,” it said. TB in computer terms stands for terabyte. “A terabyte (TB) is a unit of digital data that is equal to about 1 trillion bytes,” explains the website Techtarget.com. 

The post from the hackers went on: “Extracted files include Suffolk County Court records, sheriff’s office records, contracts with the State of New York and other personal data of Suffolk County citizens. We also have huge databases of Suffolk County citizens extracted from the clerk.county.suf. domain in the county administration.”

“The post,” added DataBreach.net, “was accompanied by screencaps of various files that appear to have been exfiltrated from county systems.” Some of those files are then displayed in screen shots and thus are now accessible online.

The Suffolk County Police Department called upon the New York City Police Department for help and it sent 10 operators to assist the Suffolk department’s Communications Section. “While operations have continued, our emergency call operators had been operating around the clock and unfortunately had to go back to our old system where call details were recorded by hand,” said Suffolk Police Commissioner Rodney Harrison. The county’s Traffic Agency has been unable to process outstanding tickets. Civil service exams were postponed. 

And this was just part of the cyberspace mess being faced.

Karl Grossman is a veteran investigative reporter and columnist, the winner of numerous awards for his work and a member of the L.I. Journalism Hall of Fame. He is a professor of journalism at SUNY/College at Old Westbury and the author of six books. 

Thursday
Sep292022

SUFFOLK CLOSEUP : Rising Sea Level Is A Problem For Long Island

SUFFOLK CLOSEUP

By Karl Grossman

“The water is coming—there’s no longer much doubt about that,” began an article in The Washington Post this month. A just-issued analysis, it reported, done by Climate Central, a Princeton, New Jersey-based non-profit research group, determined that “hundreds of thousands of homes….and other properties” would “slip below swelling tide lines over the next few decades.”

That increased sea level rise is already happening.

And, the Climate Central researchers found, said The Post, that “nearly 650,000 individual, privately-owned parcels across as many as 4.4 million acres of land” along the coastlines of the United States “are projected to fall below changing tidal boundaries by 2050. The land affected could swell to 9.1 million acres by 2100.”

Long Island will be among the areas heavily affected.

Indeed, the East Hampton Town Board this month, in a unanimous vote, approved a Coastal Assessment Resilience Plan (CARP), “in recognition of the need for proactive planning to address its vulnerabilities to sea level rise, shoreline erosion and flooding.” CARP, an analysis put together over two years, flatly warned that the projected range of sea level rise “will transform East Hampton into a series of islands with permanent submergence of low-lying areas as early as 2070.” 

It says: “Rising sea levels and increased intensity of coastal storms undoubtedly will have an impact on nearshore homes and communities.”

CARP proposes a “retreat” of waterfront development away from the shoreline.

And that is a breakthrough for this area.

Perhaps “retreat” isn’t the best word to use. In a prescient talk in Suffolk County in 2013, titled “Alternatives for Protecting Our Dunes and Beaches,” Dr. Robert Young, director of the Program for the Study of Developed Shorelines at Western Carolina University and co-author of the then recently published book, The Rising Sea, said “I don’t say ‘retreat’ anymore.” That’s because Americans, he said, don’t like to talk about retreating. Said Young: “No, we say relocate.”

Whether it’s called “retreat” or “relocate”—that is what is needed in the face of rising seas largely caused by melting glaciers caused by global warming.  

Still, despite the realism out of East Hampton, all over Long Island, says Kevin McAllister, founder and president of the Sag Harbor-based organization Defend H20, in an effort to ostensibly protect houses built along coasts, what’s now happening is a “rapid transformation of natural shorelines” with the placement of steel and vinyl bulkheads, geotextile sandbags and giant boulders.” 

This effort at “armoring” shorelines, says McAllister, “if left unchecked will erase walkable beaches and critical shoreline habit”—and also lead to more coastal erosion as armoring, in fact, ends up accelerating coastal erosion.

In a number of states, the folly of coastal armoring is being recognized. Stateline, the web publication of Pew Charitable Trusts, published an article last year about Virginia and Washington having “recently enacted laws to discourage armoring structures and promote ‘living’ shorelines which use natural elements to slow erosion and maintain habitats.” 

Stateline said “seawalls and bulkheads…known collectively as shoreline armoring, can block the natural flow of sand and sediment down the coast and multiply the forces of waves onto nearby shoreline—accelerating erosion elsewhere.”

The New York Times last week reported on how “a little-noticed section” of recent climate legislation passed by Congress and signed into law by President Biden marks “a shift by the federal government toward funding nature-based climate solutions.” It said: “Escalating climate threats have prompted a continuing debate among policymakers and experts about how best to guard against devastating damage, between those who prioritize building manmade infrastructure like sea walls—sometimes called “gray infrastructure”—and those who favor nature-based solutions, or so-called green infrastructure.”

Long Island is far from alone. A headline this month in USA Today: “Oceans rise, houses fall. The California beach home is turning into a nightmare.” Its story said: “Tens of thousands of people who live along California’s coast may be forced to flee in coming decades as climate change leads to rising seas and makes swaths of the state’s iconic coast uninhabitable.”

Harmonizing with nature and relocating structures built in the teeth of the sea, both are essential as seas rise. Still, the New York State Department of Environmental Conservation is allowing armoring all over Long Island with “permissive permitting,” says McAllister. And many local boards, he says, aren’t doing much better. 

Karl Grossman is a veteran investigative reporter and columnist, the winner of numerous awards for his work and a member of the L.I. Journalism Hall of Fame. He is a professor of journalism at SUNY/College at Old Westbury and the author of six books. 

Thursday
Sep222022

Cyberattack In Suffolk County Personal Information Accessed

On or about September 8, 2022, Suffolk County determined that its systems had been affected by what appeared to be a cyberattack. While the cyber assessment remains ongoing, we believe that the threat actors accessed and/or acquired certain personal information from one or more County agency servers. The County promptly hired multiple cybersecurity firms to conduct an examination to protect employees and residents as well as restore online services.

The County will notify any affected individuals as required by law, and all of those affected individuals will be offered free identity theft protection services. However, because the assessment is ongoing, Suffolk County wants to ensure that employees, residents and stakeholders are informed about precautionary measures they can take to help them protect themselves from becoming victims of fraud or identity theft.

What Can You Do?

Review Your Accounts and Credit Reports

You should regularly review statements from your accounts and periodically obtain your credit report from one or more of the national credit reporting companies. When you receive your credit report, look it over with care. If you notice anything suspicious – accounts you did not open, inquiries from creditors that you did not initiate, personal information such as a home address or Social Security number that is not accurate – or you see anything you do not understand, call the credit reporting agency at the number listed in the report. If you find fraudulent or suspicious activity in your credit reports, you should promptly report the matter to the proper law enforcement authorities.

Follow the steps recommended below for reporting fraudulent or suspicious activity.

Place a Fraud Alert on your Credit Files

If you are interested in protection against the possibility of identity theft, we recommend that you place a fraud alert on your credit files. A fraud alert conveys a special message to anyone requesting your credit report that you suspect that you may be a victim of fraud. When you or someone else attempts to open a credit account in your name, the lender should take measures to verify that you have authorized the request. A fraud alert should not stop you from using your existing credit cards or other accounts, but it may slow down your ability to get new credit. An initial fraud alert is valid for ninety (90) days. To place a fraud alert on your credit reports, contact one of the three major credit reporting agencies at the appropriate number listed below or via their website. One agency will notify the other two on your behalf. You will then receive letters from the agencies with instructions on how to obtain a free copy of your credit report from each.

Place a Security Freeze on your Credit Reports

New York residents can also consider placing a Security Freeze on their credit reports. A Security Freeze prevents most potential creditors from viewing your credit reports and therefore, further restricts the opening of unauthorized accounts. For more information on placing a security freeze on your credit reports, please go to the New York Department of State Division of Consumer Protection website at https://dos.nysits.acsitefactory.com/consumer-protection.

Remain Vigilant

Even if you do not find signs of fraud on your credit reports, we recommend that you remain vigilant in reviewing your credit reports from the three major credit reporting agencies. You may obtain a free copy of your credit report once every 12 months by visiting www.annualcreditreport.com, calling toll-free 877-322-8228 or by completing an Annual Credit Request Form at: www.ftc.gov/bcp/menus/consumer/credit/rights.shtm and mailing to:

Annual Credit Report Request Service
P.O. Box 1025281
Atlanta, GA 30348-5283

For more information on identity theft, you can visit the following websites: