Sign In

Communications of the ACM

ACM News

How Hackers Used One Software Flaw to Take Down a County Computer System

View as: Print Mobile App Share:

Lisa Black, the chief deputy county executive of Suffolk County, NY, is shown here working with other county officials to bring services and record retention back online at a mobile command post with secure Internet.

Credit: Johnny Milano/The New York Times

The malicious cyberattack that forced Suffolk County government offline for weeks this fall, plunging it back to the pen and paper and fax machines of the 1990s as it fought to stem the threat, began more than a year ago, county officials revealed on Wednesday.

A forensic digital investigation into the cause of the attack, in which hackers stole sensitive data, forcing officials on Long Island to disable email for all 10,000 civil service workers as the New York county scrubbed software to stave off the intrusion, revealed that hackers first penetrated Suffolk's computer system on Dec. 19, 2021. They entered via the county clerk's office, exploiting a flaw in an obscure but commonplace piece of software.

Hackers spent much of the next year at large in the clerk's system, the investigation found, ultimately managing to breach the wider county network in late summer, before they revealed themselves in September, posting ransom notes on the dark web. In response, the county took itself offline, and did not pay. On Wednesday, officials revealed for the first time the amount of ransom the hackers demanded: $2.5 million.

From The New York Times
View Full Article


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account