Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Government Software Hardware Technology

New Orleans City Government Shuts Off Computers After Cyberattack (nola.com) 30

Posted by BeauHD from the another-day-another-cyberattack dept.
New submitter tubajock writes: According to NOLA.com, New Orleans City Hall workers were told by a PA system broadcast to immediately unplug all computer systems from the network [following a cyberattack that struck the city government]. The city website is also down and the city has implemented its Emergency Operations Center as well as contacted state and federal authorities for help. Beau Tidwell, a spokesman for Mayor LaToya Cantrell, said the cyberattack started sometime after 11 a.m. In addition to city hall workers, the New Orleans Police Department has also been told to shut down their computers and remove everything from the network.

Thankfully, 9-1-1 and 3-1-1 calls are not impacted by the attack and residents can still access the online 3-1-1 systems through its site, nola311.org.
This discussion has been archived. No new comments can be posted.

New Orleans City Government Shuts Off Computers After Cyberattack More

New Orleans City Government Shuts Off Computers After Cyberattack

Comments Filter:

  • hate to be the admins there (Score:4, Insightful)

    by jmccue ( 834797 ) on Friday December 13, 2019 @07:14PM (#59517554) Homepage

    The @CityOfNOLA has activated its Emergency Operations Center & is working with cybersecurity resources

    Unpluging is probably a good thing. But I can imagine being in that center with all the pols/Managers asking "Is it fixed ? How much Longer ? What was it ?" every 5 seconds. Probably 10 manager types per admin.

    Everyone here should know the standard response "Well if you stop asking, I can tell you quicker"

    • The @CityOfNOLA has activated its Emergency Operations Center & is working with cybersecurity resources

      Unpluging is probably a good thing. But I can imagine being in that center with all the pols/Managers asking "Is it fixed ? How much Longer ? What was it ?" every 5 seconds. Probably 10 manager types per admin.

      Everyone here should know the standard response "Well if you stop asking, I can tell you quicker"

      As soon as we re-image all the machines and and pull the back-ups.

      • Manager - But what about that spreadsheet I was working on?

        Me - oh well?

      • Re: (Score:3)

        by brunes69 ( 86786 )

        Protip: If you were vulnerable when you last took images, then restoring them will lead you still vulnerable.

        They first will need to engage an IR team and do forensics to find the source of the infiltration.

    • Call centers are usually VoIP and run on computers for their switching these days.
    • Comment removed based on user account deletion

      • You respond by throwing the fucker that opened the damn attachment under the bus. "There he is, burn him at the stake!!!"

        That should buy you enough time to restore core/critical services back online.

        As much as I LOVE your idea (Do you have a newsletter by any chance?) in my experience, the loudest manager bugging you about when it will all be fixed, is the one who opened the attachment in the first place.

  • Ok, so we're in full blown tragedy of the commons mode here. Governmental and even law enforcement agencies paying off criminals, and to my great surprise, the frequency and severity of attacks is skyrocketing.

    There any stocks I can buy to take advantage of this?

    • Re: (Score:2)

      by brunes69 ( 86786 )

      Cybersecurity is now, and has been for years, the hottest and fastest growing faction of IT. Cloud gets a lot of press by cybersecurity is growing faster.

      For incidents like this the world leaders in managed security and incident response are FireEye, IBM, CrowdStrike, Symantec, SecureWorks. There are many others. Check Gartner.

      • Check Gartner.

        As in "Gartner Group out of Stamford, CT??" Please tell me those losers aren't still trying to make IT predictions? I remember attempting to explain "hardware 3D accelerators" to a bunch of their analysts at a bar in Norwalk around '95; no, I didn't get anywhere.

      • So, thank you for the ideas, but those stocks look pretty darn stagnant to me. I get the impression that the sop for dealing with this is "pay the gangs". And if I was going to invest in gangs, I'd...have a much shorter life span than even my sedentary taquito binging ways will bring me.

    • Louisiana as a state has a very robust IT infrastructure. They were hit about a month ago and although systems were down for a few days no ransom was paid and everything was restored from backup with zero loss of data. Statewide DMV offices took a couple weeks to get back to normal but only because there are so many of them and every computer was reimaged by hand before network access was turned back on to each office - and that was only done as a precaution.

      I've been called in to restore from a dozen or

      • Huh. Louisiana is I think considered to be one of the most corrupt states, weird that they'd have excellent long term planning involving anything, much less IT.

        • Believe it or not LA has been a technology leader since the early 90's, having recognized the power of the internet as an inexpensive way to provide information - and later services - to the public.

          Years ago they moved every statewide executive department to a central network managed by a single entity - the Office of Technology Services (https://www.doa.la.gov/Pages/ots/Index.aspx). There are only a few major cities/metro areas and they still do their own thing but the rest of the state follows. Each Par

        • Re: (Score:2)

          by Mashiki ( 184564 )

          You've obviously never worked in California or DC. Those places put Louisiana to shame in sheer corruption.

  • Now would be a good time for the sysadmins to bring up the topic of allocating funds for security and don't finish the fix until you get what's needed.

  • Time for all out cyber attacks on china, and e europe, until the shit stops.

    • Re:War (Score:4, Informative)

      by rossz ( 67331 ) <ogre&geekbiker,net> on Friday December 13, 2019 @08:41PM (#59517748) Journal

      Some years ago we were getting hit hard from China based systems (vulnerability probes, etc) so we had a meeting about what to do about it. I said, "Let's just block all of China at the hardware firewall and call it a day."

      I was dragged into HR for a little meeting for being "culturally insensitive". I told them, "I stand by my statement." At the time, we had little business dealings with China, but most of our headaches came from there. It was technically the correct solution. I still stand by that statement even though we have a lot more business dealings with that country.

      • Sonicwalls have a licensed feature called GEO-IP Filtering that has been a godsend for my clients who already use those devices. It allows blocking based on country with a simple GUI interface. That single feature has stopped 90-95% of all attempts for those who've enabled it. It's the single best thing I recommend to small municipalities with limited budgets.

        I worry what's going to happen to them if/when IPv6 is ever adopted widescale since it works on the known locations of assigned IPv4 blocks.

        • Re: (Score:2)

          by zekica ( 1953180 )
          IPv6 is far less fragmented, so geolocation on country level will be a lot easier.

        • Re: (Score:2)

          by Mashiki ( 184564 )

          I worry what's going to happen to them if/when IPv6 is ever adopted widescale since it works on the known locations of assigned IPv4 blocks.

          Asia is mostly on IPv6 now, which makes it very easy to block addresses that are causing you issues. It's North America that is lagging way-way-way behind in adoption. As another poster pointed out, this also makes it far easier to deal with since IPv6 addy's are usually assigned for life to the device at hand. Spoofing still exists, but any good hard firewall has stuff built in to detect external attacks like that, even the shitty cisco ones.

  • Unplugging? (Score:4, Insightful)

    by Kernel Kurtz ( 182424 ) on Friday December 13, 2019 @08:34PM (#59517734)

    They should be shutting things down at the network level, not expecting end users to do it.

    • New Orleans has dozens of semi-independent departments with varied internet connections provided by multiple ISP's. Where they connect to centralized city services those are also all over the place and managed by different groups. The "City Admins" shut down what they could and sent an email out to to everyone else to go ahead and turn off their computers and go home. Those who got the email were obviously on networks not controlled by the central authority. That's why we sent it.

      • Where they connect to centralized city services those are also all over the place and managed by different groups.

        Does not sound very centralized. If no one group controls your organizations routing and/or vlan switching, that is an accident waiting to happen.

    • And refusing to reboot any computer running Windows - ever.

      MS = NSFW

Slashdot Top Deals

Never test for an error condition you don't know how to handle. -- Steinbach

Close