Tue, Jun 04, 2019 - Page 7 News List

US cities struggle to fend off hackers

MONEY!Baltimore last month joined Atlanta, San Diego and Newark on the list of US cities hit by ransomware attacks, and the cyberintrusions are expected to continue

The Guardian

“We won’t talk more, all we know is MONEY! Hurry up!” said the ransom note that confronted Baltimore, Maryland, officials on May 7, when hackers crippled government computers with a virus, taking the systems hostage.

The ongoing cyberattack has halted real-estate transactions and shut down Web sites for processing water bills and other services.

The horrors of ransomware — where cybercriminals break in, lock up computer data, then demand payments to restore access — have increasingly hobbled cities and municipalities across the globe in recent years.

The crisis in Baltimore, where officials have refused to pay the US$76,000 bitcoin ransom, follows similar incidents in Atlanta, Georgia; Newark, New Jersey; and San Diego and Los Angeles, California.

These cyberintrusions are expected to continue disrupting ill-prepared local governments and public services, with devastating financial impacts and potentially life-threatening consequences, experts said.

Any agency that depends on digitized records could be at risk, including emergency services, water utilities and other infrastructure, healthcare services, voting systems and public education.

“We have an exponentially increasing problem,” said Katie Moussouris, founder and CEO of Luta Security, which helps businesses and governments work with hackers to identify vulnerabilities. “We don’t have an exponentially increasing workforce. If we don’t see cities and towns ... start pouring a bunch of resources into hiring more people, we are going to see it happening over and over again.”

The mess in Baltimore has attracted particularly intense international scrutiny following a New York Times report suggesting the cybercriminals used a malware component that originated with the US National Security Agency.

The agency allegedly lost control of the tool, called EternalBlue, in 2017, enabling hackers to paralyze vulnerable towns and cities across the nation.

Security experts hope Baltimore’s ongoing crisis motivates municipalities to take these threats seriously. Baltimore leaders have estimated that the attack could cost at least US$18.2 million, from lost and delayed revenue and costs to restore infected systems.

Baltimore Mayor Bernard “Jack” Young has said the city would not pay the ransom, though at one point, he hinted he was considering paying it to “move the city forward.”

City agencies are especially ripe targets because they often maintain databases of vital and sensitive information while having constrained information security budgets and inadequate technological safeguards.

“Municipal governments and hospitals ... just don’t have the top cybersecurity out there, and the criminals know this,” said Jeff Kosseff, assistant professor of cybersecurity law at the US Naval Academy. “You can see loss of life happening if the hospitals are not able to function... What terrifies me is if it happens on a large scale.”

Disruptions to the functioning of ambulances, rescue squads, fire stations, waste collection and other services could all have serious human consequences, he said.

When a massive cyberattack hit the state of Colorado last year, the first step was to shut down 2,000 infected government workstations. The next task was more complicated: Figure out if people’s lives were in danger.

“That day one was brutal,” Colorado chief information security officer Deborah Blyth said, recounting the ransomware that afflicted the state transportation department and quickly sparked fears of harmful disruptions to traffic operations: “Right away, it was impossible to even understand the scope.”

This story has been viewed 1497 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top