McLEAN, Va. - The FBI is releasing more information about the nature of a hack to Baltimore’s 911 call center over the weekend that disabled some of its systems.
Investigators say it was a ransomware attack, meaning the person or people behind the breach were seeking money. The FBI has not indicated what the hackers demanded in ransom, if anything.
“The question now becomes – 'Are these people amateurs or professionals?” explained Mary Beth Borgwing, President of Standish Cyber Corporation.
Borgwing is an expert in the field of data breach and recovery and says by and large, hackers have a much more vast network than most people realize and are working together in these attacks.
“They’re like digital gangsters,” added Borgwing. “They’re like a mafia. They’re very organized. They work together.”
It has yet to be determined if amateurs or professionals are responsible for the Baltimore attack. Authorities say while trying to fix another IT problem, an employee in the city’s call center inadvertently left a port open (a “back door” of sorts) for hackers to get in. These criminals have systems which scan networks for vulnerabilities and take advantage when one comes along.
This is happening more and more to critical infrastructure in cities and counties – and calls into question the safety of our own emergency services.
“We need to be more proactive and we need to be looking at our critical infrastructure,” added Borgwing. “Because most of these really bad fraudsters, they are making plans way ahead of us. So to get ahead of them, we need to be thinking about, ‘Are they sitting in our critical infrastructure? Are they waiting for a vulnerability? Are they waiting for someone to be distracted?' They wait for the chaos to strike. Think of our utilities and water system.”
Borgwing says it is easier to catch these disrupters than most people think.
“It takes them time to build up their ransomware, so you can find them before they find the vulnerabilities,” she explained.
Standish Cyber Corporation monitors potential threats, reporting to federal authorities and to the companies themselves. But often times, the problem is a lack of funding, resources and the right experts who know how to properly keep the bad guys out.
Because of this, small businesses are especially vulnerable.
“Forty percent of the attacks now are small businesses,” Borgwing explained. “Some financial institutions only have five people working for them. But they are managing people’s money. Think of it like robbing a bank in the old days. They don’t need to do that anymore. They just go on the internet and rob the bank.”
People are personally vulnerable as well. Most don’t realize just how much sensitive data they have online that hackers can either use to blackmail them (such as pictures) or sell to fraudsters overseas (such as financial information).
Borgwing recommends people be hyperaware of what they allow to be posted online. And if someone feels their information may be compromised, consider asking an expert to step in.
“The key is to get ahead of problem,” added Borgwing. “People just need to be aware these are the risks we open ourselves up to when we share so much on the internet.”
Bigger businesses usually have more security in place, but can have undetected holes too.
Last week, a more severe ransomware cyberattack staggered the city of Atlanta's computer network. The city had been warned months before of the vulnerabilities. Their IT department was reportedly “on life support” and did not have the resources to secure the network and manage the risk.
In January, a hospital in Atlanta fell victim to a ransomware attack. Criminals held the hospital’s integral systems hostage, demanding payment via Bitcoin, which is virtually impossible for authorities to track.
In Baltimore’s case, the attack didn’t stop people from getting help. But for 22 hours, 911 operators had to manually route calls instead of the much more efficient automatic system. Experts isolated the threat so it couldn’t spread to the rest of the network.
“But what we don’t know is – are they still in our system?” added Borgwing. “And is this plan to go after others so they can have a lot of information across the board? So maybe they are going to go across the country, across the globe, attacking the system so they can create vulnerabilities.”
Borgwing explained that most expert hackers target many small paydays to fund their illegal activity, instead of a few big paydays, in order to stay under the radar.
“But that’s the really low bar,” said Borgwing. “What people are really out for is critical information they can sell to nation states, as we see have seen in multiple political campaigns around the world. Those are the things they want, to make a difference. And then there are the people who have made a career of being the bad guy. And they are making a lot of money. They are the new digital mafia.”
The challenge for cyber security experts is to determine if these hackers just want a pay day – or if they have plan in mind and the public is only seeing the tip of the iceberg.
Borgwing is heading up the Uniting Women in Cyber Symposium which will focus on a range of cyber security topics, including the scope of the threat and innovations to fight global attacks.
The event, which is being held in Tyson’s Corner, also encourages more women to go into a field which is severely lacking qualified talent to fill future jobs, which will be in high demand.
“It’s already engrained in our world more than people know,” she added.