Questions and theories are mounting as the city of St. Paul marks a week into the cyberattack on its internet-based computer networks, though few answers have been offered.
The breach was first detected last Friday, July 25. The city voluntarily cut off most of its own access to Wi-Fi and internet services Monday. Mayor Melvin Carter declared a state of local emergency Tuesday, and now the city is being assisted by the FBI’s and Minnesota National Guard’s cybersecurity experts.
St. Paul police and firefighters are still responding to 911 calls, but they don’t have all the technology they’re accustomed to. For example, officers use in-squad laptops to check if someone has a warrant or a vehicle is stolen. Now, they are temporarily having to obtain that information by phone or over police radio.
Libraries, recreation centers and other buildings remain open, but with no access to internet-based services, some check-in and registration activities are affected.
RELATED: St. Paul cyberattack: Which city services are available?
The Pioneer Press spoke with cybersecurity expert Betsy Cooper, the founding director of the Aspen Policy Academy and former executive director of the University of California, Berkeley’s Center for Long-Term Cybersecurity, to understand the potential scope of the attack.
A Bay Area-based initiative of the Washington, D.C.-headquartered Aspen Institute, the Aspen Policy Academy is a program designed to help experts and community members get involved in policy, with a focus on cybersecurity.
This interview has been edited for length and clarity.
Betsy Cooper Q&A
Q: How widespread could the range of impact be when a city’s internet-based computer networks are attacked?
Betsy Cooper, a cybersecurity expert and founding director of the Aspen Policy Academy. (Courtesy of the Aspen Policy Academy)
A: It can have a wide range of impacts. If your internet basically goes down, your city systems won’t work, your payments won’t work, staff who are doing every type of job at the city – from picking up garbage bins to processing taxes – won’t be able to do that work if they don’t have a way to do it without the internet.
Thankfully, in St. Paul’s case, it sounds as though 911 is not affected. A worst-case scenario could see emergency services affected.
We live in a digital era: most of the work that we do as a city is digital. All of those operations can be affected when there is a cyberattack that interferes with internet communications.
Q: Why might someone choose to attack a city in this way?
A: I put motivations into 4 categories: Money, revenge, data and fun.
Potentially the most common is money, which often occurs with a ransomware attack. In a ransomware attack, a malicious actor will block systems and ask the city, or whatever entity is being attacked, to pay bitcoin to release the data or the system.
Revenge would mean someone has it out for the city of St. Paul for some reason, maybe a disgruntled city member for example, and they are seeking to do this to get revenge for one reason or another.
Sometimes malicious actors want to collect some form of data. Is there something about the city of St. Paul that has sensitive information on certain citizens or leadership of the city? Is there a reason why somebody might want data from the city?
Lastly, there are people that find it fun and amusing to hack cities and other organizations. They are proud of their ability to cause this sort of havoc. It’ll be annoying, but the effects will be less likely to be long-lasting.
Whatever the initial reason looks to be, it’s still going to be important for the city to do forensics and make sure, because someone could launch a ransomware attack to distract from the fact that they’re collecting data.
Another example could be the hackers trying to make it look like someone’s just having a bunch of fun, when it is actually a nation state with more specific goals than might initially appear.
Q: What is the worst-case scenario for the city in a breach like this?
Related Articles
7 pets featured in our Morning Report newsletter in July
South St. Paul woman seriously injured in Eagan crash Friday
Little Africa Festival & Parade includes debut of deli, market, gallery
Delays possible on St. Croix River bridge as crews work to remove epoxy coating
St. Paul City Council extends state of emergency in cyberattack for 90 days
A: The worst case would be if data is manipulated or disappears. For instance, one of my biggest fears in a situation like this is not just that records are unable to be accessed for a short amount of time, but what if the records are tampered with or removed altogether?
Say they take the tax payments and change all of the numbers or mix them all up so the city has no record anymore of the information. Or, say they delete that database altogether.
For instance, you can imagine a situation where a city no longer has records of who paid property taxes and if individuals don’t have those records themselves, it’ll be very hard for everybody to sort all of that out. (St. Paul’s property taxes are collected through Ramsey County, so there may be outside records that could be used as a backup.)
For the city, you hope for sensitive systems like criminal record systems, that they have backups in a separate place. Without paper backups, it becomes incredibly difficult to restore that information.
Q: What is the worst-case scenario for individuals in a breach like this?
A: Worst case for individuals, for example, would be if you don’t have a record that you paid your taxes and the city doesn’t have its records — that’s gonna be a big difficulty to unwind.
Another example would be if someone changes records to make it look like you have a criminal record when you don’t. How do you prove a negative?
Those are some of the scenarios I most worry about, but I will say the average hack is probably not going to reach those scenarios. In all likelihood, it is a more traditional hack seeking to gather data or extract money.
Q: What are some factors that St. Paul residents should consider?
A: If the data is tampered with or missing, that would be something ordinary people will want to care about. They are going to want to hear from the city what systems were affected and what data was collected.
For instance, if the hackers got into sensitive city systems like voter records, the actor may have access to sensitive data about the people who live in the city.
If that happens, you may want to consider getting credit monitoring and consider the implications that could have. For the average person, it may not be that sensitive, but for people in certain categories, like those with criminal records they may not want public, that could be cause for concern.
Q: Could the scale of this attack be cause for concern?
A: The fact that they called in the Minnesota National Guard suggests that the city believes this is a pretty serious attack.
There are attempts at attacking cities regularly, but this is a particularly broad one for the city of St. Paul, so the effects are pretty significant.
We’ve seen significant cyberattacks before, Cleveland experienced something similar, so I don’t think this is entirely novel. The city of St. Paul will be able to reach out to other cities once they know more about their attack and should be able to figure out some systems and best practices. While the attack on St. Paul is serious, it is not unique.
Q: How can everyday citizens keep their information safe?
A: We work closely with a campaign called Take9. The program is all about getting people to take a 9-second pause to think about their cybersecurity when they’re online.
Take9 is a great moment for people to reflect: Is that email legit? Is someone really offering you free Taylor Swift tickets? Have you set up multi-factor authentication on your computer system? Have you compartmentalized your data into different places so if someone gets access to one system, they don’t get access to all your data?
Related Articles
Eagan police hope new device helps stop some pursuits in their tracks
St. Paul City Council extends state of emergency in cyberattack for 90 days
Best Buy, Ikea to collaborate with in-store kitchen gadget displays
St. Paul Mayor Melvin Carter says city work continues despite cyberattack
A business technology expert weighs in on St. Paul’s cyberattack
Q: Could we see more cyberattacks in the future?
A: I do think cyberattacks are on the rise because artificial intelligence is going to make it easier to take on these sorts of attacks.
Very often, though not always, humans are the weakest link in a cyberattack. A phishing scam will trick someone into clicking on a malicious link and, with artificial intelligence, it’s getting easier and easier to send targeted attacks that look to be legitimate.
Using the Taylor Swift tickets example, with artificial intelligence, an attack could be targeted only to people who have posted on social media about Taylor Swift, which would increase their likelihood of clicking a link.
Leave a Reply