Traverse City Record-Eagle

October 31, 2012

Cyber attackers target TC government website

BY BRIAN McGILLIVARY
bmcgillivary@record-eagle.com

TRAVERSE CITY — City officials learned the hard way that bad things can happen when computer system technology and security upgrades are ignored.

Cyber attacks that originated in Eastern Europe from unknown sources caused havoc on the city's neglected website for more than two months. Someone gained access to the administrator's page, discovered a hole in the city's software, used the site to send hundreds of thousands of cloaked emails, and repeatedly crashed the site.

The city spent $3,750 so far to patch its holes and move its website to a newer, updated computer server that is able to detect attacks.

"We got hit because, one, our software version was not current, and two, because the server we were on was a low-grade server," said Makala Vitous, assistant city manager.

The person who previously maintained the city's website left eight months ago. The position wasn't filled due to budget constraints and no one took over website duties to keep the software current, Vitous said.

The city contracts with Grand Traverse County to run its internal computer system and uses another provider to host its website on a high-capacity computer known as a server. Because the two aren't linked, no confidential information, such as credit card payments, were compromised, Vitous said. Public information is the only data on the city's website.

The city's site began to crash sporadically in August and the frequency picked up in September through early October, Vitous said. Crashes were caused by what's called a "distributed denial of service attack," in which someone makes a coordinated attack using hundreds of "botnet or zombie" computers.

Botnet computers are infected with a type of virus that gives control to a hacker to make coordinated download requests, often without the computer owner's knowledge, said Timothy Gillen, president of Terrapin Networks, a business technology company based in Garfield Township.

Coordinated requests to download hundreds of documents overwhelms and crashes the server.

"It's just a malicious attack to take down servers," Gillen said. "The same reason someone throws a trash can through a ... window on Saturday night, because they think it's fun."

The city hired a consultant to fix the denial of service attack and the consultant also discovered attacks on the administration page and unauthorized access to send hundreds of thousands of emails.

Vitous said city officials aren't sure how the fraudulent emails were used.

"Those files were neatly cleaned, so it was difficult to follow," Vitous said.

Gillen said there likely are two different scenarios: either someone turned the city's web server into a botnet, or they used it to send out emails cloaked under the city web server's unique Internet protocol address.

"It makes the emails look like they come from the city, so someone might be more likely to open it," he said.

Emails can be used by those who send mass emails — or spam — or to deliver some type of computer virus.

"That's not a huge deal, but they have a responsibility not to participate," Gillen said. "They have to take that seriously, especially if they are taking any kind of personal information."

Gillen said any computer user should never wait to install patches or security-related upgrades.

"You have to keep those things patched," he said. "Hackers are always trying to find ways to break these things."