* Dan Petrella at the Tribune…
A state audit released earlier this year warned that Illinois Attorney General Kwame Raoul’s office had a “weaknesses in cybersecurity” that potentially left sensitive information on the agency’s computer network “susceptible to cyberattacks and unauthorized disclosure.”
Three weeks ago, a hack resulted in data being stolen from the attorney’s office in a ransomware attack, Raoul acknowledged in a statement Thursday.
A ransomware gang known as DoppelPaymer is believed to be behind the attack, in which some data from the attorney general’s office was posted online.
Ransomware is malicious software that infects a computer system. Those behind ransomware then demand money to allow the system to work properly again.
* From the audit…
Office management indicated a comprehensive internal cybersecurity risk assessment was not performed due to competing priorities within the Information Technology (IT) Bureau. In addition, the coronavirus pandemic further delayed IT initiatives since March 2020.
The lack of adequate cybersecurity programs and practices could result in unidentified risk and vulnerabilities which ultimately leads to the Office’s confidential and personal information being susceptible to cyber-attacks and unauthorized disclosure.
- Anon - Monday, May 3, 21 @ 9:46 am:
…the very best of hands.
- Annonin' - Monday, May 3, 21 @ 10:11 am:
Competing Priorities…Gotta love it. Is that like spending $120 million effort to restore the Armory?
- Donnie Elgin - Monday, May 3, 21 @ 10:27 am:
=Office management indicated a comprehensive internal cybersecurity risk assessment was not performed due to competing priorities within the Information Technology (IT) Bureau. In addition, the coronavirus pandemic further delayed IT initiatives since March 2020=
The pandemic was actually a great time to address IT infrastructure issues. Building empty of all visitors and most staff. The Governors/IDPH restrictions were never directly imposed on “Govemrnal Agencies” so each constitutional officer should have had clear control of their agency’s activities. Absolutely no excuse for this clearly identified weakness
- Brian - Monday, May 3, 21 @ 10:43 am:
In defense of the AG office, this sort of thing is really difficult, and commercial companies with far more resources and talent have suffered from similar incidents.
- Dirty Red - Monday, May 3, 21 @ 10:45 am:
The whole SOI network needs capital support. Even still, the effects of this hack are heightened if the CIO/CISOs are not reviewing and updating their cybersecurity response plans. Have we already forgotten ISBE?
- Mr K - Monday, May 3, 21 @ 11:46 am:
Rauner’s DoIT at its finest.
Always a shining example of efficiency and expertise.
- Rich Miller - Monday, May 3, 21 @ 11:59 am:
===Rauner’s DoIT===
Nope. The AG’s office has its own tech division. Stop posting this falsehood or you’ll be banned.
- Larry Saunders - Monday, May 3, 21 @ 12:16 pm:
As a state retiree familiar with how ancient and inadequate most state computer systems and their security are, I can expect, in the not-so-distant-future, to learn that all my personal info is exposed likewise.
- Three Dimensional Checkers - Monday, May 3, 21 @ 12:41 pm:
I’m no expert, but as I understand it, these attacks start as pretty sophisticated phishing emails then spread throughout the system. It’s a good reminder to be careful what you click on. These aren’t Nigerian uncle phishing emails either. They’re often pretty realistic looking.
- Watcher of the Skies - Monday, May 3, 21 @ 12:53 pm:
AG emails are still bouncing. I still don’t see any public acknowledgement. It’s been three weeks!
- H-W - Monday, May 3, 21 @ 1:46 pm:
=due to competing priorities within the Information Technology (IT) Bureau=
I hope the other priority was successful.
- cyberluck - Monday, May 3, 21 @ 2:12 pm:
Very poorly written article by Dan Petrella at Tribune.
“Brian” and “Three Dimensional Checkers” are on point.
You could put all the controls you want, but cannot change the “human” element. Also, if someone is motivated enough they can go through most defenses.
- Mr K - Monday, May 3, 21 @ 5:25 pm:
—
Nope. The AG’s office has its own tech division. Stop posting this falsehood or you’ll be banned.—–
Wow. Okay. So where on the AGs website does it say they have an internal IT division?
https://www.illinoisattorneygeneral.gov/
Is this a common knowledge thing?
Is it in the AGs legislation?
I’m confused. Please point me to the correct resource. Thanks.
- Anon - Monday, May 3, 21 @ 10:30 pm:
Is the AGs office effectively closed? The Trib article says the system is “being rebuilt” and the consumer fraud filing said they cannot access their files. That’s consistent with a ransomware that closes off access to all files. Work product, research, investigative files would all need to be recreated.
- Anon - Monday, May 3, 21 @ 10:33 pm:
Hopefully, the AG upgrades its system and beefs up the IT department. The IT team were generally really good (and great people), but understaffed and using badly outdated systems.
- Watcher of the Skies - Tuesday, May 4, 21 @ 12:12 pm:
If you try calling the main Chicago number, you get what seems to be a hastily recorded voicemail box. Something like “You have reached Attorney General Kwame Raoul’s office… please leave name, etc…”
- Watcher of the Skies - Tuesday, May 4, 21 @ 12:37 pm:
No Open Meetings Act training for newly elected local officials either:
https://illinoisattorneygeneral.gov/downformaintenancepacmessage.html
The entire Public Access page is down.
- Anonymous - Tuesday, May 4, 21 @ 1:02 pm:
FOIA website is down too, since it’s hosted on the Public Access Counselor’s website.