Sylint: City's IT Security Vulnerable To Attack

Cyber security firm  is turning its focus on the City of Sarasota's vulnerable network to protect it from a large hack attack that the Lake County Sheriff's Office recently suffered.

That incident happened during an anti-security hacking movement called Anti Sec that has ties to hackers Anonymous, Sylint CEO John Jorgensen told the City Commission Monday afternoon. The group that claimed responsibility for the attack is Lulzknights, he said. Sylint is also working that investigation.

"Any city that is deemed to be an enemy of Anonymous and the people in questions have been under attack by Anonymous and has suffered losses as far as information is concerned," Jorgensen said.

Monday's update from Sylint is to the work involved in correcting the city's decimated e-mail and server systems and organizational structure following an investigation into whether employees improperly accessed restricted email and data from other employees.

Almost 60 gigabytes of data was captured from the Lake County Sheriff's Office and its file structures and files have been posted on the Web, Jorgensen said.

Jorgensen points to a Synara report competed for Sarasota's Auditor and Clerk's Office when it took over the Information Technology Department in fall 2011 that stresses the need for security improvements.

About one third of the 54-page report contains redacted information that contains security issues and vulnerabilities on the network, Jorgensen explained.

"We suggest that we extend our efforts in ensuring that the city has proper cyber security in place and to make sure they're not being attacked rather than expanding our efforts right now on finding the lost emails," he said.

Law Enforcement Investigation

Sylint is moving away from the investigative phase to allow the FBI, Florida Department of Law Enforcement and federal Department of Housing and Urban Development investigators to continue their work, Jorgensen said.

"They've asked for other information regarding the investigation, and told they're completing their interviews with the individuals involved with the incident," he said. That should be completed within the next few weeks, he said.

Among the subjects interviewed or awaiting to be interviewed, according to Jorgensen, are Former IT Director Chance Craig and Sandra Coleman, City IT manager and two other former city IT workers. Former city manager Robert Bartolotta has not been interviewed.

No charges have been filed yet, and Jorgensen paused before answering Mayor Suzanne Atwell about if there's been a single profound piece of evidence discovered in this case.

"I think the interviews have to be concluded," Jorgensen said. "I know that they've opened up some different directions."

Software Patches

City staff working in conjunction with Sylint are also meticulously working through software and application upgrades.

The upgrades and patches have to be carefully done and considered as many of them haven't been completed in two to three years, Jorgensen said.

"The departments are in dire need of getting these applications that they are utilizing that are not supported anymore, and could conceivably fail at any time," Jorgensen said.

If updates were blindly installed, it could actually crash or hamper various systems, he said.

Overall, recovering emails has been "fraught with problems," Jorgensen said.

Because the system hasn't been updated in years, log files had to be deleted in the system to keep it operational and Jorgensen is recommending the city to buy additional storage, which is under consideration.

Organizational Patches

Staff are in place and trained who understand the city's Microsoft Exchange System and other processes with email and data, Jorgensen said.

"We're at a point where if we can pull things together, I think that the city can move forward and solve its problems," Jorgensen said.

A key Information Technology director position has to be filled, he said, following the firing of former director Chance Craig.

A panel is also reviewing 124 applicants, said Pamela Nadalini, city auditor and clerk. 

The panel includes the chief information officers of Sarasota Memorial Hospital, city of St. Petersburg, Sarasota County Goverment, Frank Doran of L3 Communications and Jorgensen, Nadalini said.