HOW BAD has the City of Savannah’s extensive — yet oddly underreported — malware infection been?
So bad that I’ve received several scam emails posing to be from..... wait for it.... the City of Savannah’s official spokesperson!
Of course, Michelle Gavin, director of the City’s Office of Public Information, wasn’t personally at fault and I promise you I’m really not picking on her.
It could have been anybody — perhaps literally anybody with a City email account. The problem has been that large.
Until I told her, Gavin was unaware her identity had been used to send what are called “phishing” attacks, of the type that has paralyzed a large percentage of City business for nearly a month.
But there couldn’t be a more ironically appropriate gaffe to happen. More importantly, it displays just how wide-ranging the system-wide failure might be.
Even if the infection is resolved by the time you read this, it hasn’t exactly been a shining moment in local governance.
If you know absolutely nothing about this matter, don’t feel bad. There has been not only little mention of it in local media, but also, at this time, no public reassurance by either City Manager Rob Hernandez or Mayor Eddie DeLoach.
In the meantime, taxpayers weren’t able to fight parking tickets, couldn’t do business with the City’s purchasing department, and couldn’t send emails to the City with PDF attachments, among other problems.
Some folks have been told by their employers not to open any email sent to them from the City of Savannah for fear of malware and/or viruses.
The City was diligent in informing citizens of the most high-profile problem, namely the rescheduling of several days of Traffic Court, itself administered by the already beleaguered Recorder’s Court.
But as the days go by and more City business is impacted, it has seemed long past time for the City to not only continue taking serious steps in fixing the problem, but to fully inform and reassure a largely clueless public.
The City is giving us in the media alternate, safer ways to make inquiries. But the public has been told less.
Why hasn’t the Mayor or City Manager made even a brief statement? As I write this, none seems forthcoming.
Unfortunately, this malware infection isn’t that new and could possibly be getting worse instead of better.
It was discovered three weeks ago, when a virus and/or malware, reportedly linked to an email phishing scheme, was discovered the afternoon of Feb. 9.
So far, several sessions of Traffic Court have had to be rescheduled due to the breakdown.
This requires new subpoenas to be sent out and new court days and times to be set, which of course has a compounding domino effect on other court business and costs.
Criminal court sessions haven’t been affected, the City says.
As a precautionary measure, City IT staff temporarily halted communication between City servers to limit the spread of the virus, Gavin informs us.
The City’s software system used for the finance, purchasing and payroll units was temporarily suspended through Feb. 13 as a precaution.
A week ago, the City’s IT staff was preventing attachments to be received via email by City staff, and was urging people to use an FTP to transfer files.
As of this writing, the City says that IT staff and contract help is “working around the clock” to fix the problem.
There have been various and so far unconfirmed reports of 911 dispatch being compromised and the City’s 311 service having its backup files deleted.
But City spokesperson Gavin says, “There have been no interruptions at 911, and no data loss at 311 (or anywhere that we know of).”
“There is no question this virus has been a big inconvenience for City staff. So far there’s no evidence of any data that has been compromised or files that have been deleted,” she says.
“There has been minor impact to the public, by that I mean money could not be taken at the Parking Services office, you could only pay online,” she says.
“Traffic court has to be rescheduled, the City’s bid/purchasing website has been unaccessible and IT is prohibiting staff from receiving PDF attachments from outside email until this virus is eliminated, “ Gavin says.
“The city is continuing to provide uninterrupted Public Safety and core services such as water/sewer, sanitation, parking, etc,” Gavin relates.
That said, even with what little we know of the malware infection, it’s likely that City business has incurred not just “inconvenience,” but extensive real world cost which will probably be transferred to taxpayers.
Keep in mind we are already paying a sizeable new Fire Fee specifically because of past financial mismanagement which cost the City more money than budgeted, as well as unforeseen costs from the breakup of the police merger.
And that followed yet another computer controversy, as the software system governing City utility bills was screwed up for the better part of a year.[content-3]
In this new case, the root cause could be a mundane one.
A local IT expert I interviewed, who prefers to stay anonymous, speculates that “compromised ad servers from Facebook Quiz related websites is the most likely culprit. That and people doing online shopping on city systems.”
The expert also says it wouldn’t surprise him if it were a more targeted attack.
“There are actors out there trying every door they can to see if any of them are unlocked,” he says.
The expert says the City did the right thing in bringing in help from outside contractor Level 3.
Comparing Level 3 to “calling in the National Guard,” the expert tells me, “They’re kind of of a big dog in the industry. I’m glad the City IT Department recognized they were outclassed.”
While hacking happens to nearly everyone these days, one could be forgiven for concluding that the City of Savannah seems to be at a uniquely vulnerable point with regards to systems and finance management overall.
Let’s just hope they don’t have the idea to pass another new fee to cover the cost of this latest screw-up — the full cost of which we aren’t able to add up yet.
Or maybe it’s best that we don’t give them any more ideas at all....