In December of 2018, Lassen County found itself in a situation no public entity wants to find itself in: on the receiving end of a cyber-attack.

The Attack

Over the course of three days, Lassen County’s network was hit. Initial access was through a vulnerable Internet security camera. A hacker made inroads into the server, cracking the account of a local administrator and making a second account to use for the rest of the attack.

Once the domain administrator password was compromised, which took minutes, the hacker created an account with full privileges and began surveilling the County’s network.

For over 12 hours the hacker launched tools intended to prep for an encryption attempt. The County’s antivirus was successful in blocking the encryption attempts, but the hacker tried to use their own tools against them. The County IT staff noticed poor network performance and delayed automated reports, and confirmed they had been compromised.

The Defense

County staff disabled the accounts compromised by the hacker, changing passwords, and disconnecting any servers that were not critical. They began assessing the damage.

Approximately half of the County’s servers were accessed by the hacker while surveilling.

It was time to get some assistance. The County was referred to a new taskforce at the CA Department of Technology (CDT), under the Governor’s Office of Emergency Services.

The Experts

On December 26th, the special team arrived at the county site in Susanville. “We were pleasantly surprised at the quick reaction and capabilities of the team that came to assist us,” Richard Egan, Lassen County Administrative Officer said of the CDT team.

The CDT’s mission is to partner with state, local government, and education entities for their Information Technology needs. They oversee the state’s IT strategic plan, policies and procedures, and  state IT projects, as well as “provides IT infrastructure services to its customers, for their public facing and mission critical systems, and offers a myriad of cloud and on premise services,” according to the CDT’s website.

The County’s IT staff compiled data in preparation for the arrival of the OES team. They “maintained vigilance to the network and looked for any other openings in the network that should have been closed,” according to Egan.

“The California Department of Technology turned out to be an outstanding partner for the County…They provided resources beyond our capabilities and consulted with us to improve our security posture moving forward.” Egan explained. He recommends that public entities engage with the CDT before an incident occurs.

The Outcome

Though the thought of being the victim of a cyber-attack is unsettling at best, Lassen County’s experience brought about a new partnership with CDT, with whom they now have an ongoing MOU.

“Hopefully none of you find yourself in this circumstance,” Egan said. “We were considerably fortunate. The attacker was minutes, hours, or perhaps a day from causing us considerable harm by encrypting our data.” 

 

Richard Egan will be speaking at the October Board of Directors Meeting Workshop session Cyber Attacks Hitting Public Agencies: A Panel Approach to Finding Solutions.