Anderson County Mayor Terry Frank has written a letter formally requesting the TBI and/or the FBI to join in the investigation into a server breach at the Courthouse reported in August of last year.
The computer security breach is being investigated by law enforcement. The scope and nature of the breach has not been publicly divulged and while it is unclear what type of information may have been compromised, officials last year urged all county employees to closely monitor all of their accounts for any suspicious or unauthorized activity. Law enforcement officials have consistently refused comment on the case, citing the ongoing investigation.
Updating County Commissioners in September, Finance Director Natalie Erb said that an audit performed by an IT consultant had shown that “the IT systems and operations that were in place were not secure. The information and data were left open and vulnerable to numerous risks. The controls and safeguards were inadequate and ineffective, and there was potential for fraud to occur.”
The report found that administrative and user passwords were weak and followed a known sequence. The analysis found that the firewall was not logging accurately and in fact were being overwritten every 24 hours, which erased the log-in trail.
The IT consultant performed a network audit of the Courthouse, which turned up a device commonly referred to as a “man-in-the-middle” as well as several unknown switches in the maintenance rooms. In layman’s terms, the man-in-the-middle device intercepts emails and sends them not only to their intended destination but also makes a copy and sends that to an unknown, third-party location.
Officials also found that the Courthouse badging system, which records access to county offices, was open internally and externally through an open port. A separate badging system was also found to be in place, unbeknownst to county officials, activity on which was not recorded on a known server. The second badging system was removed and placed into the custody of the Human Resources Department.
In a press release issued this morning (Wednesday January 4th), Mayor Frank says that while Anderson County Sheriff’s Department Detective Don Scuglia and now-IT director Brian Young have worked “very hard” on the case, they both “lack the vital resources as well as time to address what appears to be shaping into something far different than a common ‘hacking’ of data information.” Frank stated that while she respects the efforts being put forth by both men, “they are “not trained in forensics and are doing what they can with the limited resources available to them. Until they know the full extent of what has happened, there is no guarantee we’ve properly addressed the issue.”
Mayor Frank says that she made a motion during the December 12th meeting of the county Finance Committee to draft a letter to the FBI and/or the TBI requesting their assistance in the ongoing investigation. The committee agreed to the proposal, but Frank says that after nine days had passed with no letter sent, she drafted and sent the letter herself to the US Attorney’s Office and the FBI on December 21st and is awaiting a response.
The matter will likely be a topic of discussion when the Finance Committee meets on Monday January 9th at 3 pm.
You can read the mayor’s press release in its entirety on our website as well as see an overview of Finance Director Natalie Erb’s presentation to County Commissioners in August about the numerous issues found by IT specialists in the days and weeks after the security breach was detected.
(Press release issued by Mayor Terry Frank) Today marks the fifth month anniversary of Anderson County’s server “breach.” Exactly five months ago on August 4, 2016, County Mayor Terry Frank was notified by the Finance Director that Anderson County government had experienced some type of computer or IT breach of the main courthouse servers. Human Resources and the County Law Director subsequently issued and distributed a memo to all employees that personal information might have been compromised, and County Commission quickly allocated $100,000 to address the breach. At last month’s Budget Committee meeting, the Finance Director distributed a current IT total that has since increased to over $352,000.
“We have not been advised of the nature, cause, or type of breach—nor do we have full assurance that the breach has been corrected. Anderson County Sheriff’s Detective Don Scuglia, assigned to handle the “breach,” has worked very hard in conjunction with IT professional and now county IT Director Brian Young, yet both lack the vital resources as well as time to address what appears to be shaping into something far different than a common “hacking” of data information. I want to be clear that Scuglia and Young are doing all they can do in a very professional and methodical way, but they are only two people and they need help. They are not trained in forensics and are doing what they can with the limited resources available to them. Until they know the full extent of what has happened, there is no guarantee we’ve properly addressed the issue,” said Mayor Frank.
At December 12th’s Finance Committee Meeting, Mayor Frank made a motion to request the drafting of a letter to request Federal Bureau of Investigation (FBI) and/or Tennessee Bureau of Investigation (TBI) involvement and assistance with Anderson County’s IT issues. That motion received a favorable vote by the seven-member Finance Committee, but to date, the letter has stalled. “Fearing such a stall, I personally authored and mailed my own letter on December 21, 2016 requesting full FBI assistance,” said Mayor Frank.
“I take the issue very seriously, and my concern for what may still be occurring grows daily. I seek the assurance that employee and public information is secure. Just as important is that the possibility of criminal activity be investigated with all the tools available to law enforcement since the longer this matter is unresolved gives perpetrators time to cover their tracks,” said Mayor Frank.
The next meeting of the Anderson County Finance Committee is scheduled for Monday, January 9th at 3 pm in Room 312.