The City of Atlanta Goes Down What has happened in Atlanta, Georgia is incredible and demonstrates how good computer security is necessary throughout the government and with commercial institutions who have our data. Atlanta was hit with a cyber attack which has paralyzed the city. The attack was an attempt by cyber criminals to extort money from the municipality to have their computer systems restored. I don’t know what type of computer security the city had, but when we think of computer security we tend to believe we are protected from attacks such as the ransomware attack on Atlanta. The truth is not so simple. First of all, the people who write the security software are only human as are the criminals and depending on who is doing the attacking they could have a larger more proficient force than even the company writing the security software and having a connection inside the security company might not be out of the question. It took five days for the city to get back on some of its computers and even after that the system was not completely restored. An example of this was people trying to pay their bills to the city by computer who couldn’t get access. Some computer experts believe there is not a system on earth which couldn’t be broken and I tend to agree with them. I have said this before, but I remember when the government let a computer expert try and hack the nuclear force to see if it could be done and the guy had only an Apple computer and went into a hotel room for a few days and came out after being successful. These codes were supposed to be unbreakable. That was many years ago. The city of Atlanta was completely shut down. One of the questions which has to be asked was there more to this attack than just blocking access to the city’s computer system. Did the hackers gain access to a myriad of information which could not only affect those in the city, but possibly compromise systems in other cities or people’s personal data. City hospitals have the medical history of those who use them and their social security numbers and maybe credit card numbers. The police have information which could put some people’s lives in jeopardy, such as witnesses to crimes and such. Taxing authorities might even have a lot more financial data on people. Could the hackers have gotten the account numbers of banks where the city keeps its funds? Atlanta has a population of almost 500,000 people which is pretty big, but can you imagine if the hackers were able to do this to either New York, Los Angeles or Huston? Since New York is where the stock exchange is stationed it might be the city which if hit could bring the nation to a halt financially. Could the hack have been accomplished by another country testing its ability on a medium sized US city? If so, it could be the prelude to a much worse one. Many times, we find out the protection being used is quite insufficient. There are so many cases of very weak and non existent passwords. Our personal information which has been hacked so many times on commercial sites because of this poor security and the lack of punishment is an example of what I am talking about. It was found on some sites a password wasn’t needed to get into our personal data. This is not to say Atlanta didn’t protect their system, I just don’t know. It is believed the hackers have been identified, but only the group and they are known as the SamSam hacking crew. This was according to Dell SecureWorks. Supposedly they are one of the more meticulous crews which use the ransomware tactic. Ransomware is a software program which gets onto a computer and then locks the computer denying entry. Typically, a notice is sent to the computer demanding payment within so many days and threatening your data with deletion if no payment is received. One of the reasons it is getting numerous is the fact some companies would rather pay than have to redo all their data because it is often cheaper. When the computer system was tied in knots the hackers left access open to 911 and a few other things. The criminal justice system was taken offline. Dell SecureWorks and Cisco Security were still working on the system as of 27 March 2018. The city claims no personal data was lost, but I have to wonder how they can be so sure? Groups this smart might just be able to get into this type of information without leaving a trace or if they did they might be able to make it look like it was just a sanctioned official entry such as the police or some other agency. It is said the group SamSam has already received more than one million dollars in ransom this year alone and we are only into March. The time has come not only to make any company or any government authority responsible if they have personal data which was not protected adequately. There has to be steep fines and criminal charges in some cases. In the case of municipalities, the federal government should issue fines if personal data was lost and these fines should be put into a fund to improve cyber security. When you think about it, things can get much worse for states and cities. They can’t get much worse for us since it seems our data is not safe anywhere and is even in the hands of companies which we never gave permission to hold such as Equifax which has lost many millions of people’s data already without being punished. |