Cybersecurity and Attacks on Law Enforcement
Woesnotgone Meadow has their own police department dedicated to our municipality. They maintain the peace and enforce the laws. Although the work they do is primarily manual, as this involves working directly with the public, face-to-face. There is also the back-end of the work, involving among other things the computer systems. While the vehicles are at risk mostly while on the road, the police department computer network may be attacked at any time, any day of the week. The Rockaway Township police department found this out the hard way.
The attack itself occurred on Thanksgiving. From the attacker’s view, the timing could not have been better. There were many officers, and especially admin staff, off for the holidays. The focus was on their computer system. The attack brought down the system. This wasn’t merely someone who wanted to quickly deface a website, but someone who wanted to hinder the operations. The attacker was good enough so that two weeks after the attack, the department did not know who conducted the attack. The police are still unsure of how this occurred, the vulnerabilities, or distinct exploits.
There are a few issues that are significant, and would worry me if I happened to live within their municipality. With the resources and budget, seemingly their computer system would have some form of an IDS/IPS to manage these occurrences. On a secondary note, the police were still unsure how this actually happened. From a rudimentary Incident Response (IR) view, they should have some idea of what happened.
To assist with this, the police had contracted with a third party to assist the police department with remediation and data restoration services. But wait, there’s more! The township management is tasked with managing the township. The management team is unhappy with the lack of progress with the investigation. The investigation was still ongoing as of 12/10/2018.
Dissent. (2018, December 10). Rockaway twp. Police computer hacker still unknown; leaders want answers. Retrieved from https://www.databreaches.net/rockaway-twp-police-computer-hacker-still-unknown-leaders-want-answers/
Myers, G. (2018, December 8). Rockaway twp police computer hacker still unknown; leaders want answers. Retrieved from https://www.northjersey.com/story/news/local/morris-county/2018/12/08/rockaway-twp-police-computer-hacker-still-unknown-leaders-want-answers/2242543002/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.