Cyber Attack: Suffolk Legislature Forms Committee to Investigate September Breach

The Suffolk County Legislature has formed a bi-partisan committee to investigate the source

of a September 8 cyberattack that shut down a portion of the county’s functions and online

services for over a month.

The breach suspended some services like online property title searches. Other more important operations, such as the 911 Call Center, were targeted and crippled. Both operations have been restored.

Suffolk County dispatch was relegated to pen and paper instead of the computer system they

typically use. The NYPD aided the call center with additional operators. Some county documents were leaked, and a group, allegedly the cybercriminal gang “BlackCat” claimed responsibility in a post on the “dark web,” an anonymous, underground portion of the Internet that serves as a breeding ground for illicit activity and services.

BlackCat, also known as “DarkSide” in some scenarios, uses the “double (or triple) extortion”

threat, wherein data is stolen, encrypted, and then either released or returned for a ransom

payment. The affected party must pay for the data back and for the data to remain private.

The group employed that exact technique with Suffolk County, as the group released some of

the documents and requested a “small reward” for highlighting the susceptibilities in the county’s

computer systems. A specific ransom amount has not been identified.

The group first made headlines in May 2021 when it took responsibility for the Colonial Pipeline ransomware attack that sent the Southeastern US into a gas shortage, with some regions experiencing exorbitant gas prices. The group was paid $5 million by the pipeline.

BlackCat is especially devious since they use an obscure programming language called Rust.

Since it’s little known to many, it makes their work more difficult to detect and reverse engineer and understand by cybersecurity professionals. Legislator Anthony Piccirillo (R-Holbrook),

(picture above) chairman of the Government Operations and Information Technology

Committee, will head the probe of the attack. The committee’s main mission is not necessarily to go to court but rather to learn what led to the attack, patch any vulnerabilities, and work to prevent further attacks.

“The taxpayers deserve to know exactly how and when this cyber intrusion happened, how

long they were in our networks, and what personal information was compromised,” Piccirillo said in a statement.

“The committee will determine how taxpayer money earmarked for cybersecurity was spent

in prior years and what steps must be taken to ensure that our systems are not vulnerable to a

future attack.”

As the probe continues, the public will learn exactly how much egg the county has on its face.

Suffolk officials were warned of a possible cyberattack as early as June this year. An FBI

agent tipped off District Attorney Ray Tierney (R) about similar events taking place nationwide,

likely off the heels of the Colonial Pipeline attack by the same group that

breached Suffolk.

To any Messenger readers concerned about cybersecurity: while groups like BlackCat are highly unlikely to target private citizens, cybersecurity overall is a growing threat in an increasingly-online world. Take some simple steps to protect data, your machines, and yourself.

1. Never open emails/texts that appear to be from your bank, online payment service

(such as Venmo or PayPal) or other vendor/ institution that has your personal information. These groups will never reach out via text or email asking for ID verification. If you’re concerned, call these groups directly.

2. Never click on anything you’re unsure of. Merely receiving a suspicious text or email is fine. Clicking on it is how you give hackers the key to your life.

3. Hover before you click. In an email you might receive on your PC, hover over the sender’s email with your cursor without clicking on it. The full email name will pop up in a small window, and it will likely not resemble anything remotely close to what appears in your inbox. This is called email “spoofing,” and hackers use it to appear as close contacts with whom you might regularly correspond.

Exit mobile version