The person whose job is to keep the city of Hillsboro’s computers and data systems operating efficiently was profiled this month in StateTech Magazine for his success in preventing a hacker program from destroying city computer data.
Eric Daniels, who serves as the city’s IT manager, along with serving as a Hillsboro police officer, was featured in the Winter 2016 edition of the magazine in an article detailing lessons learned by information security officers from recent cyber attacks.
StateTech Magazine “explores technology issues that state and local government IT leaders and workers face when they’re evaluating and implementing a solution,” according to its online description.
The Times-Gazette reported last February that several local government agencies were targets of RansomWare and CryptoLocker programs, which encrypted files and demanded payment of a ransom before releasing the data. At least one organization, Community Action, acknowledged paying a $900 ransom to have its data released.
The city of Hillsboro was also attacked by the cyber crooks, but did not pay the ransom because of Daniels’ quick action. When Debbie Sansone, administrative assistant to Mayor Drew Hastings, alerted Daniels of an attack on her computer, he immediately took it offline and thwarted the attack before it did widespread damage.
Daniels, who holds a master of science degree in Computer Information Systems, determined that “based on the volume of data encrypted (130 gigabytes), it had breached the network a few days earlier,” according to the StateTech Magazine article, which quoted Daniels as saying, “It could have done its deed over the weekend without making any impact on the network to the point where we’d notice it.”
But the consequences were potentially high, the magazine noted. “It encrypted the entire brain trust of our city administration – everything,” said Daniels. “I cannot tell you how bad this would have been.”
Thanks to Daniels’ quick action, “the city recovered all the data, and the cost was less than $100 to replace the hard drive on the compromised computer.”
“CryptoLocker crushed two and a half of Hillsboro’s backup tiers, but the remainder saved Daniels,” the magazine reported. “His third tier was offsite backup, which had two copies of the affected files: one encrypted and one unencrypted. Then, Daniels also remembered the ‘fourth tier’ of his backup – Windows Shadow Copy, a service included with Microsoft Windows Server.”
Daniels told StateTech, “I was skeptical, given the large amount of data. That’s a large task for a service to restore without error, but it never erred once.” Daniels said that he always enables Shadow Copy when setting up a new server, and said that if every organization did so, “no ransoms would have to be paid.”
When the incident initially happened, Daniels told The Times-Gazette that without adequate backup, the ransom would have had to be paid.
“There’s no getting around it,” said Daniels at the time. “You either have adquate backup, or you pay the demand.”
Hillsboro Safety and Service Director Todd Wilkin praised Daniels’s efforts last February, telling The Times-Gazette, “Eric Daniels is the dude.”
The Times-Gazette’s original article quoted Forbes magazine as reporting that hackers had started taking over servers, “encrypting the data on them and demanding payment to unlock the files.” The article stated that “though only a handful of attacks have been seen, many expect such extortion to grow rapidly in 2015.”
Daniels said Wednesday that cyber ransom threats are still a problem. He said his methods have been shared with many other agencies, and he assists other local government offices when they need his help.
Hillsboro “was one of the first to circumvent the ransom,” said Daniels. He said the city was hit with the ransom virus later in the year, too, but quickly recovered.
Daniels said his actions came to the attention of StateTech Magazine through conversations he had with the Computer Emergency Response Team, a division of the Software Engineering Institute, while ordering a part and discussing the problem with a vendor. He said Hillsboro’s system was never in danger of being lost, but recovery would have been more time-consuming if not for the Windows Shadow Copy, which is available with most corporate and government systems.
The StateTech article can be found at www.statetechmagazine.com.
Reach Gary Abernathy at 937-393-3456 or on Twitter @abernathygary.