TRAVERSE CITY — A foreign-based hack prompted a former Grand Traverse County official in 2014 to sign an agreement that allowed FBI officials to monitor county computer communications.

That federal wiretap never went active, although a monitoring device was wired into county computer hardware, said Don Sheehan, who until his departure in 2016 headed the county’s information technology department. He said officials cooperated with the FBI to determine whether hackers accessed information on county servers, which contain personal information and sensitive documents.

“They told us none of our information was at risk,” he said.

Many local officials remained in the dark about the cybersecurity breach and subsequent FBI agreement for two years. County Administrator Tom Menzel learned about the incident in December and informed department heads and officials in two entities — the City of Traverse City and Traverse City Light & Power — that use the county’s IT infrastructure.

“We think it may have come from Russian hackers,” he said. “We’re not sure, but we know it came from a foreign source.”

An ongoing review of county IT systems uncovered agreements signed Dec. 10, 2014 by Sheehan that consented to FBI officials’ monitoring and interception of computer communications.

The agreement followed a hack in which an internet-facing web server for the county’s geographic information system was infected with a computer virus, said Paul Knific, a county IT consultant and CEO for Epic Technology Solutions in Saginaw.

Knific said the server sat between internal systems at the county and the external public-facing website.

“Once a server is compromised on the network then any other computers that are on that same network can then become targets,” he said.

Sheehan said the hacker or hackers were able to replace a public file, but not much else.

“It was kind of like, ‘Hey we’re here,’” he said.

Officials contacted the FBI after the hack. Sheehan said FBI agents asked IT staff to keep the server — which he upgraded — running. The agreements arose amid that FBI bid to track down any attempts to hack the server, he said.

One agreement allows FBI officials to install a device that allowed them to monitor, record, and retain “any and all communications, including content” on a specific computer server. The other authorizes FBI intercepts of communications of a computer trespasser.

"This authorization does not extend to the interception of communications other than those to, through, or from a trespasser(s)," the document states.

FBI officials didn't return a call for comment.

Sheehan scrawled his signature on both documents as the computer system's "consenting party" and owner or operator. He said he told county and city administrators — who have since left their respective posts — about the hack and probe.

But Grand Traverse County Prosecutor Bob Cooney — the county's top law enforcement official and its civil counsel — didn't know about the hack or agreements until Menzel informed him. Cooney said he didn't have enough information to comment on the hack, but found it concerning.

“My understanding is wiretap laws require a judicial oversight," he said. "I would expect there would be some sort of court order."

Cooney said he's reviewing the situation.

Menzel said no current county officials he has talked to knew about the hack. He said FBI officials were asked to discontinue any active wiretaps.

Former county and city administrators who Sheehan said knew about the situation couldn't be reached for comment. Assistant City Manager Penny Hill said Sheehan informed her about discommissioning the server, but she didn't know about FBI involvement.

Sheehan said he would have preferred to disconnect the server, but city officials need it to run a software program. He said IT staff never configured the monitoring equipment for use because the FBI's requirements proved too onerous.

That equipment remained hooked up with lights on until recently.

"I only think that we were trying to act within the best interests to work with the FBI and trying to resolve the glitch," Sheehan said.

This Week's Circulars