520 Lid rendering from 2008

As I was browsing some old newsletters at the Yarrow Point website, I came across these interesting rendering of the 520 Lid:

The lid turned out pretty much just like this, although it looks like the initial idea in terms of the stairs to the bus stop is somewhat different. In the rendering from 2008, the “kiss and ride” half circle was outside of the entrance and stairs to the highway bus stop.

On the Clyde Hill side of the lid it looks like the initial idea was to have some more landscaping and bushes or trees. This would have been better than the very generic and quite useless area of grass that we ended up getting.

I thought I would share these old renderings as I found them interesting.

 

The cost of a false alarm

Yesterday (12/12) I got sworn in and participated in my first council meeting. One thing on the agenda was to vote for renewal of the contract with Bellevue Fire Department. As we were looking at the contract we had an interesting discussion around the cost of a false alarm. I decided to do some math to figure out how much a false alarm cost the Town.

NOTE: I’m certainly not encouraging anybody to avoid calling the fire department. Below is a pure mathematical and hypothetical example.

We will be paying $223,201 to the Bellevue Fire department for its services in 2018. 50% of this fee is based on the 5 year average of calls for service (CFS). In 2016 we had a total of 68 CFS. Out of these 68 service calls, 25% were false alarms. 2017 looks a little bit better with only 16% of the alarms being false (Jan – Oct data). Using the 2016 data for our calculation we can conclude that we will be paying $27,900 (spread out over the next 5 years for these false alarm).

That is about $1,500 per false alarm.

An outreach campaign to make residents aware sounds appropriate. Some towns even impose a fee for false alarms, here is one example from Connecticut . Something to be considered in Yarrow Point?

Results are final.

Today the King County Election office certified the results from the November Election. I got 181 votes vs. 176 for David Young. David called me this evening to congratulate me on the victory, something I felt was very nice and genuine of him.

This is a start of a new chapter in my life and I have to say I look forward to it. This blog will remain, I have changed the title of my blog from “running for Town of Yarrow Point Council Position 1” to “Notes from a councilman in Yarrow Point”

Tight Race update

Currently, I’m 5 votes ahead in the race! http://results.vote.wa.gov/results/20171107/king/

It looks very promising with only 399 votes left to count I don’t really see how the other candidate can win. But let’s wait until the 28th when the election results are official before we call this one.

Tight Race

Wow! what a tight race. Right now I’m up with 1 vote after being down with as much as 8 votes over the last few days. The Yarrow Point race is the closest race in the County. I think we need to wait until the final reconciliation report (Nov 28th) before we can call this one. Every vote counts so I’m so grateful for all of you that voted for me. There are about 0.7% votes remaining or an estimated 3 (2.8) votes left to count. If the other candidate get all 3 remaining votes he will win. If I get 1 and he get 2, there will be a tie and coin toss. If I get 2 or more I will win. Fingers crossed.

So what happens if it is close or a tie? From what I understand, there is no recount on local ballots unless somebody ask and pay for it so I don’t expect that. If there is a tie there will be a coin toss administered by the King County Election office.

Votes update 11/9

Ok, I’m back to a 7 vote lead over David Young in the race for the Town council position 1. See results here. Still too close to call, there are probably some 10-20 more votes that are not counted. I base this on  comparing the number of counted ballots in 2017 vs 2015:

2017 – 321 ballots counted so far

2015 – 333 ballots counted in total

 

Keep your fingers crossed, new update tomorrow!

 

 

Votes

Many thanks to all of you who voted for me. Currently with 291 ballots counted I’m in the lead with one vote (133 vs 132). There are probably a few more votes getting counted over the next few days so fingers crossed.

 

You can follow the count at the king county website

 

 

New IT-Security incident at Yarrow Point

On Friday I was notified about another IT-Security related incident that the Town fell victim for. So far not much information is available, but it appears that the attack resulted in some files and systems being inaccessible. Below is the notification that was sent from the Town. The Town also updated their website with information about the incident.

On Wednesday, October 18, 2017, the Town of Yarrow Point discovered that it was the victim of a cyber incident that made certain files and systems inaccessible. Immediately upon discovering this incident we launched an investigation to determine its impact and to restore the impacted systems. As part of our response, we began working with a leading independent third-party forensic investigator so that we can learn about the nature and scope of this incident. The Town has also contacted the Clyde Hill Police Department. The investigation of, and response to, this incident is ongoing. While electronic access to specific Yarrow Point services and information may be limited as we work to restore the impacted systems, the Town remains operational and can provide all necessary services, including the issuance of permits. We thank you for your understanding and patience as we resolve this issue. We will continue to update you as relevant information becomes available.

What seems odd is the timing of this incident.  There are no new widespread ransomware or other cyber-attacks reported during the week of October 16th when the attack supposedly took place. Another possibility is that this attack is related to the previous wire fraud attack and somebody is trying to cover their tracks. In either case, this is disturbing news. The Town should have implemented proper protection and procedures based on the learning from the previous incident to not fall victim for these types of attacks.

I’m getting really concerned about the Town and how they operate. As I’m running for the town council I will make sure to use my knowledge in the IT field to audit and fix these issues. We need to protect our Town’s infrastructure and the taxpayer’s money. Please consider voting for me on November 7th. You should have already received your ballots in the mail.

I will request public information and further review this incident as soon as it becomes available.

The $50,000 fraud, an update

Together with another resident, I have review the public records pertaining the wire fraud that happened in August and that unfortunately led to a loss of ~ $50k of the taxpayer’s money. Below are some details and a conclusion.

 

Fraud approach

The fraudster was sending emails that used the exact same email address as the Mayor. He or she sent it to the Town’s email system from outside. This is commonly known as email spoofing and is relatively simple to do. Normally, any reply to a spoofed email would go back to the Mayor’s proper address. However, in this case the sender also added another email trick. The fraudster added a separate reply-to address into the email. A separate reply-to address that is different from the senders is a standard feature in email but is not commonly used. The reply to address that showed up once you hit reply was an outlook.com address. This is a free consumer grade email address that anybody can sign up to.

The Fraudster asked the Town to wire money to a different bank. From there, the money probably went through multiple additional wire transfers until they finally reached the fraudster.

  1. Fraudster sends “phising” email impersonating the Mayor and asking for a wire transfer.
  2. Town personnel replies and ask what account to transfer money to.
  3. Fraudster copy/paste email from outlook server and replies again with an email impersonating the Mayor.
  4. Wire is sent out. Fraudster typically is using several layers of wire transfers to receive the money.

 

Timeline

July 12thFailed attempt to fraud. This attempt was flagged by the Clerk/Treasurer and sent to the IT-  administrator. Clerk/Treasurer notes that she is getting a suspicious reply-to email address when she hits reply.

 Aug 16thSuccessful attempt that resulted in ~ $14k being wired out of the Town’s account.

Aug 21st Successful attempt that resulted in ~ $35k being wired out of the Town’s account.

Aug 22ndMayor discovers the fraud. Police and FBI informed.

Sept 1stYet another request for wire transfer received. This was flagged as fraud.

 

Conclusion

  • This was a classic and common type of phishing email.
  • Town’s email system lacked good spam/fraud protection. An email coming from Nigeria with this type of odd header should have been flagged and deleted by the system. As of 10/17/2017 The Town’s website is indicating that they are upgrading their email system.
  • Town’s email system does not use Sender Policy Framework and is therefore susceptible to spoofing. This is still the case as of 10/17/2017.
  • The sender’s IP-addresses from can be traced back to Smile Telecom in Nigeria. This means that a system in Nigeria sent the fraudulent email that initiated the wire transfer.
  • Sender knew names and short names of people working in the Town’s administration. This information was potentially harvested from the Town’s website. However, some of the names used were not mentioned on the town’s website at the time of the fraud. The harvesting must have taken place earlier in the year.

 

The chances that the perpetrator will be found is probably slim at this point. But not all hope is lost. There are avenues open that I know the Mayor is exploring to try to recoup some or all the money. I’m happy to assist in any way I can. If I get elected to the Town council on November 7th, I believe that my background in IT, Networking and Security will be helpful to make sure the town have a modern IT infrastructure.

Surveillance cameras

 

During last council meeting the question regarding Town owned surveillance cameras came up.  One resident made an appearance and told the town that their house was burglarized the other day. He asked the Town council to consider surveillance cameras as you enter the Town. I hope that the Clyde Hill Police department can find the perpetrator who committed this serious crime.

Would surveillance cameras be worth implementing in Yarrow Point?  Here are some of my thoughts on the topic.

 

Functionality

The camera system must be visible to deter criminals from entering the town. Unfortunately, this means that the esthetics of the town must be sacrificed. We have all seen the surveillance cameras as you enter Hunts Point and Medina. They are not hidden by any means. The treelike structure with cameras in all directions located in the roundabout looks almost comical [1]

Video recording and archiving must be available for law enforcement purposes. Night recording capabilities are needed so that the system can operate on a 24×7 basis.

Automated license plate reading could be available. This would help law enforcement to faster find stolen vehicles. However, during last council meeting the Clyde Hill police noted that they believed current system in Medina and Hunts Point had about 1 hour lag before the Police department got notified about stolen vehicles entering the town.

 

Placement

The placement of such cameras would be challenging. The obvious spot would be the roundabout on 92nd Ave. however that does not cover the entire Town. Some 27 properties (marked with a blue dot below) can be reached via Clyde Hill or from the 520 via the 84th street exit without passing the 92nd avenue roundabout. Hunts Point and Medina have a similar issue with areas such as Medina Circle and properties on Points Drive that are accessible via the 520 offramp without passing any camera. These residents must be compensated in some way.

It must be explored what other permits that are needed to place the cameras in the roundabout. The cameras would record any Clyde Hill resident using the 92nd offramp so this would be something that must be discussed with Clyde Hill.

 Residents not covered by a potential camera system in the roundabout

 

Cost

It is challenging to estimate the cost of a camera system like this. I have been trying to find information online from the city of Medina’s budget but it is hard to see the details. We can see that there were over $200k of funds allocated in 2012 and 2013 for “Public Safety Camera System”. This is a good indication but Medina is however a larger Town with more entry points and the cost of this type of devices has steadily gone down over the years.

My estimate would be that if Yarrow point were to implement a something in the roundabout it would probably be in the cost of at least the multiple tens of thousands of dollars, if not hundreds of thousands. On top of that there would be a significant annual fee to operate the system. Keep in mind that we are using Clyde Hill for our Police services and that they currently do not have any camera system like this. New procedures and equipment would be needed on their side as well.

The cost is perhaps high but not unreasonable, especially if compared to solving or deterring a few serious crimes.

Medina budget with line items for camera system

Benefit

It is hard to tell if there is any significant benefit with a camera system. Over the years, there have been some great success stories [2]. However, one interesting thing to note is that both Clyde Hill (who also does not have Cameras) and Yarrow Point have a lower crime rate compared to Media [3].

Another thing to keep in mind is the uptick of overall video capable devices. Today, most residents have some type of alarm system with camera capabilities not to mention all photo and video capable mobile devices. This was not the case when Medina and Hunts Point implemented their systems years back.

Disadvantages

Other than the cost for the city to operate cameras, it is certainly an invasion of privacy to get your vehicle and face photographed every time you enter Yarrow Point. It could be quite a significant number of non-residents who would be captured too, especially with a camera in the roundabout.

The esthetics of the cameras are of a concern. They will certainly look ugly and not blend in very well.

Another concern worth bringing up is the signal a camera system like this send to visitors and other non-residents. Although the main goal is security for our resident, it sends a signal that can be misinterpreted as unwelcome and that the Town wishes to be separated from the rest of our metropolitan area.

Conclusion

Setting up a camera system like this has both benefits and drawbacks. The town should very carefully consider the implications before making any decision.  I would like to hear more from the residents in this matter to understand if this is something that should be pursued.