When a top executive at the Water and Power Authority recently told a Senate committee about a $2.3 million dollar theft pulled off with a phony email, it could be seen as a red flag – a sign of cyber crime coming to the Virgin Islands.
According to reports carried in major U.S. publications, cyber attacks against cities and towns are on the rise across the country. In May a cable news story said such attacks have taken place since 2013. About a quarter of those attacks targeted police departments and sheriff’s offices.
So far since the beginning of this year, almost two dozen cities and towns have faced malware attacks, corrupting or encrypting government records and files.
According to ZDNet, a tech news website, in the last week two Florida cities, paid a combined ransom of more than $1 million to hackers to get their data back from hackers.
A spokesman in the communications office at Government House acknowledged the Virgin Islands Police Department recently became a target.
“It was detected and reported to the FBI,” said Government House Communications Director Richard Motta. WAPA Chief Executive Officer Lawrence Kupfer told a Senate committee in early June the unauthorized transfer of funds from WAPA to an unidentified bank account was also reported to federal authorities.
In an official statement utility officials said it fell victim to a Business Email Compromise scheme, where a official-looking piece of electronic correspondence turned out to be fake.
Since then, Kupfer said, WAPA has held training sessions for its staff on how to spot suspicious emails.
The chief administrator for the territory’s court system says they have had a few near misses themselves. For Supreme Court Administrator Regina Petersen, the watchword is vigilance.
“We have our staff report suspicious emails. We have seen some but we have quarantine mechanisms so they can be investigated further,” Petersen said. “Unfortunately, it’s our new reality.”
In a recent Wall Street Journal article, Supervisory Special Agent Joel De Capua, an expert on cyber security at the FBI, said mischief makers using malware have pivoted towards larger targets.
U.S. cities should watch out for sneak attacks involving malicious software.
“Ransomware is a pandemic in the United States,” De Capua said.
A partial listing of recent reported attacks include Agusta, Maine (April 18); Albany, New York (March 2019); Greenville, North Carolina (April 10); Fisher County, Texas (March, 2019); Cleveland, Ohio (April 21); Imperial County, California and Stuart, Florida (April 13). The two Florida cases in the recent ZDNet story, Riviera City and Lake City, just add to the growing total.
The best known, most recent incident was the May 7 discovery of ransomware in Baltimore. According to an article published in the New York Times, city officials took portions of its online system down, though not in time to save systems used to manage water bills, property tax bills, voice mails, emails and a database of parking fines.
Motta said the Bureau of Information Technology is working with the Department of Homeland Security to improve the way the Virgin Islands government monitors its cyber systems.
“BIT is working with Homeland Security to look at threats from their public facing domains,” he said.
But at present there are no additional funds in the Fiscal Year 2020 budget to support efforts being made by the technology bureau, Motta said.