New IT-Security incident at Yarrow Point

On Friday I was notified about another IT-Security related incident that the Town fell victim for. So far not much information is available, but it appears that the attack resulted in some files and systems being inaccessible. Below is the notification that was sent from the Town. The Town also updated their website with information about the incident.

On Wednesday, October 18, 2017, the Town of Yarrow Point discovered that it was the victim of a cyber incident that made certain files and systems inaccessible. Immediately upon discovering this incident we launched an investigation to determine its impact and to restore the impacted systems. As part of our response, we began working with a leading independent third-party forensic investigator so that we can learn about the nature and scope of this incident. The Town has also contacted the Clyde Hill Police Department. The investigation of, and response to, this incident is ongoing. While electronic access to specific Yarrow Point services and information may be limited as we work to restore the impacted systems, the Town remains operational and can provide all necessary services, including the issuance of permits. We thank you for your understanding and patience as we resolve this issue. We will continue to update you as relevant information becomes available.

What seems odd is the timing of this incident.  There are no new widespread ransomware or other cyber-attacks reported during the week of October 16th when the attack supposedly took place. Another possibility is that this attack is related to the previous wire fraud attack and somebody is trying to cover their tracks. In either case, this is disturbing news. The Town should have implemented proper protection and procedures based on the learning from the previous incident to not fall victim for these types of attacks.

I’m getting really concerned about the Town and how they operate. As I’m running for the town council I will make sure to use my knowledge in the IT field to audit and fix these issues. We need to protect our Town’s infrastructure and the taxpayer’s money. Please consider voting for me on November 7th. You should have already received your ballots in the mail.

I will request public information and further review this incident as soon as it becomes available.

The $50,000 fraud, an update

Together with another resident, I have review the public records pertaining the wire fraud that happened in August and that unfortunately led to a loss of ~ $50k of the taxpayer’s money. Below are some details and a conclusion.

 

Fraud approach

The fraudster was sending emails that used the exact same email address as the Mayor. He or she sent it to the Town’s email system from outside. This is commonly known as email spoofing and is relatively simple to do. Normally, any reply to a spoofed email would go back to the Mayor’s proper address. However, in this case the sender also added another email trick. The fraudster added a separate reply-to address into the email. A separate reply-to address that is different from the senders is a standard feature in email but is not commonly used. The reply to address that showed up once you hit reply was an outlook.com address. This is a free consumer grade email address that anybody can sign up to.

The Fraudster asked the Town to wire money to a different bank. From there, the money probably went through multiple additional wire transfers until they finally reached the fraudster.

  1. Fraudster sends “phising” email impersonating the Mayor and asking for a wire transfer.
  2. Town personnel replies and ask what account to transfer money to.
  3. Fraudster copy/paste email from outlook server and replies again with an email impersonating the Mayor.
  4. Wire is sent out. Fraudster typically is using several layers of wire transfers to receive the money.

 

Timeline

July 12thFailed attempt to fraud. This attempt was flagged by the Clerk/Treasurer and sent to the IT-  administrator. Clerk/Treasurer notes that she is getting a suspicious reply-to email address when she hits reply.

 Aug 16thSuccessful attempt that resulted in ~ $14k being wired out of the Town’s account.

Aug 21st Successful attempt that resulted in ~ $35k being wired out of the Town’s account.

Aug 22ndMayor discovers the fraud. Police and FBI informed.

Sept 1stYet another request for wire transfer received. This was flagged as fraud.

 

Conclusion

  • This was a classic and common type of phishing email.
  • Town’s email system lacked good spam/fraud protection. An email coming from Nigeria with this type of odd header should have been flagged and deleted by the system. As of 10/17/2017 The Town’s website is indicating that they are upgrading their email system.
  • Town’s email system does not use Sender Policy Framework and is therefore susceptible to spoofing. This is still the case as of 10/17/2017.
  • The sender’s IP-addresses from can be traced back to Smile Telecom in Nigeria. This means that a system in Nigeria sent the fraudulent email that initiated the wire transfer.
  • Sender knew names and short names of people working in the Town’s administration. This information was potentially harvested from the Town’s website. However, some of the names used were not mentioned on the town’s website at the time of the fraud. The harvesting must have taken place earlier in the year.

 

The chances that the perpetrator will be found is probably slim at this point. But not all hope is lost. There are avenues open that I know the Mayor is exploring to try to recoup some or all the money. I’m happy to assist in any way I can. If I get elected to the Town council on November 7th, I believe that my background in IT, Networking and Security will be helpful to make sure the town have a modern IT infrastructure.

Surveillance cameras

 

During last council meeting the question regarding Town owned surveillance cameras came up.  One resident made an appearance and told the town that their house was burglarized the other day. He asked the Town council to consider surveillance cameras as you enter the Town. I hope that the Clyde Hill Police department can find the perpetrator who committed this serious crime.

Would surveillance cameras be worth implementing in Yarrow Point?  Here are some of my thoughts on the topic.

 

Functionality

The camera system must be visible to deter criminals from entering the town. Unfortunately, this means that the esthetics of the town must be sacrificed. We have all seen the surveillance cameras as you enter Hunts Point and Medina. They are not hidden by any means. The treelike structure with cameras in all directions located in the roundabout looks almost comical [1]

Video recording and archiving must be available for law enforcement purposes. Night recording capabilities are needed so that the system can operate on a 24×7 basis.

Automated license plate reading could be available. This would help law enforcement to faster find stolen vehicles. However, during last council meeting the Clyde Hill police noted that they believed current system in Medina and Hunts Point had about 1 hour lag before the Police department got notified about stolen vehicles entering the town.

 

Placement

The placement of such cameras would be challenging. The obvious spot would be the roundabout on 92nd Ave. however that does not cover the entire Town. Some 27 properties (marked with a blue dot below) can be reached via Clyde Hill or from the 520 via the 84th street exit without passing the 92nd avenue roundabout. Hunts Point and Medina have a similar issue with areas such as Medina Circle and properties on Points Drive that are accessible via the 520 offramp without passing any camera. These residents must be compensated in some way.

It must be explored what other permits that are needed to place the cameras in the roundabout. The cameras would record any Clyde Hill resident using the 92nd offramp so this would be something that must be discussed with Clyde Hill.

 Residents not covered by a potential camera system in the roundabout

 

Cost

It is challenging to estimate the cost of a camera system like this. I have been trying to find information online from the city of Medina’s budget but it is hard to see the details. We can see that there were over $200k of funds allocated in 2012 and 2013 for “Public Safety Camera System”. This is a good indication but Medina is however a larger Town with more entry points and the cost of this type of devices has steadily gone down over the years.

My estimate would be that if Yarrow point were to implement a something in the roundabout it would probably be in the cost of at least the multiple tens of thousands of dollars, if not hundreds of thousands. On top of that there would be a significant annual fee to operate the system. Keep in mind that we are using Clyde Hill for our Police services and that they currently do not have any camera system like this. New procedures and equipment would be needed on their side as well.

The cost is perhaps high but not unreasonable, especially if compared to solving or deterring a few serious crimes.

Medina budget with line items for camera system

Benefit

It is hard to tell if there is any significant benefit with a camera system. Over the years, there have been some great success stories [2]. However, one interesting thing to note is that both Clyde Hill (who also does not have Cameras) and Yarrow Point have a lower crime rate compared to Media [3].

Another thing to keep in mind is the uptick of overall video capable devices. Today, most residents have some type of alarm system with camera capabilities not to mention all photo and video capable mobile devices. This was not the case when Medina and Hunts Point implemented their systems years back.

Disadvantages

Other than the cost for the city to operate cameras, it is certainly an invasion of privacy to get your vehicle and face photographed every time you enter Yarrow Point. It could be quite a significant number of non-residents who would be captured too, especially with a camera in the roundabout.

The esthetics of the cameras are of a concern. They will certainly look ugly and not blend in very well.

Another concern worth bringing up is the signal a camera system like this send to visitors and other non-residents. Although the main goal is security for our resident, it sends a signal that can be misinterpreted as unwelcome and that the Town wishes to be separated from the rest of our metropolitan area.

Conclusion

Setting up a camera system like this has both benefits and drawbacks. The town should very carefully consider the implications before making any decision.  I would like to hear more from the residents in this matter to understand if this is something that should be pursued.

Unnecessary traffic in Yarrow Point

A lot of traffic in Yarrow Point is unnecessary traffic from vehicles not knowing how to get to 520. This has gotten worse in recent days. The reason is that Clyde Hill made some changes to the traffic flow. They have problems with a lot of thru traffic on their streets during rush hours. This is because of phone apps like Waze that always scans and send traffic on the fastest route. When 520 is clogged, cutting through Clyde Hill is an option that those apps are suggesting to drivers. To tackle this, Clyde Hill recently prohibited left turn on 92nd street towards Points drive between 4 and 7 PM. This means that any car coming down 92nd street will have to go down to the Yarrow Point roundabout or further and then turn around and go back up to Clyde Hill to get to Points Drive and on to 520 westbound.

I live on 33rd street, a street that has been plagued with a lot of turn around traffic to begin with. Drivers seem to think that 33rd street is an on-ramp to 520. I can say that once Clyde Hill implemented their change I have seen more confused drivers that ever before. I see an increase both on 33rd street as well as in the roundabout. I have witnessed several cars making a full circle during those hours.

Although I empathize with Clyde Hills problem, it does not seem like a good solution to send traffic down to Yarrow Point into what is essentially just a large dead-end zone.

  • Town of Yarrow Point should work on improving the street markings in the roundabout to clarify that there is no outlet to 520 anywhere as you come in from 92nd
  • Town of Yarrow Point should work with our neighbors in Clyde Hill to make sure they consider alternatives to preventing traffic from turning left into Points Drive during rush hours.