Wednesday, July 26, 2017

Don't Call City Employees Hacks...

...But you might be on the money - quite literally - if you were call some of them "hack enablers."

City officials will hire a computer forensics company by noon today to investigate reports by residents this week that information on credit cards they used online to pay utility bills was hacked, City Manager Dan McKeen said Tuesday.

McKeen said the firm will investigate an “abnormality” that was discovered Monday on a city server that prompted 20 reports Monday and Tuesday from residents who said their credit card information had been hacked and fraudulent purchases made.

Ah, yes. The ease and convenience of paying your outrageous City utility bills online. Alas, it seems that there was some other form of ease and convenience involved that folks aren't going to be too happy with. I guess some enterprising folks working in "economic development" found a way to switch City Hall to City Haul...

Firewall? Jeepers, we thought you said we
needed a fire extinguisher!

20 comments:

  1. "Economic Development"? Here, in Port Angeles? No, seriously.

    It really shows how poorly Port Angeles is regarded that after all the many millions spent on "economic development" over the years (and it has been a LOT of "many millions"!), the town sits as stagnant as it does.

    It is the county capital city, with nothing for miles around to compete with it. Or so it was up until about 10 years ago, when Sequim let the "big box stores" get built there.

    Prior to that, most residents still didn't patronize Port Angeles to any great degree. People from Forks eastward, most of Clallam County, all went to Poulsbo and Silverdale to do significant shopping.

    As that song goes: "Everybody knows..."

    FBI in town? Anybody holding their breath? The State Attorney General has an office in Port Angeles, and look what the City gets away with.

    ReplyDelete
  2. Look what they do with the city budget! City hall clearly cannot be trusted with money. I am amazed that so many people trusted them with their credit card info!

    ReplyDelete
  3. Gee, this comes JUST AFTER a council meeting where the finance department announced they were going to switch to a new 3rd party online payment system, Paymentus, that would charge the city $135,000.00 per year.

    No real decision making was obvious -- in that they were only moving to this system because their OLD system was stopping that service, and the criteria for choosing Paymentus was that the reports were the same, and wouldn't affect the city finance internal workload. Never mind any consideration about fraud, or data breaches, or any of that.

    Never mind that every utility payer in Port Angeles shares in that $135,000 service. (Other utilities charge a "service fee" for the USE of credit/debit cards online, not ding everyone).

    Perhaps the city finance department should look at things from a wider perspective.

    Paymentus might be used elsewhere, but it's fees are high, and the company relies on overseas programmers. The company isn't publicly traded. It has a VC invested heavily. (It's owned by Dushyant Sharma.) The real issue is -- what does our finance company know about 3rd party payment processors, and what criteria have they ever used to make a good choice?

    Clearly, they haven't been too darn careful...check your accounts for bogus charges if you paid the City with a debit card.

    ReplyDelete
    Replies
    1. Paymentus, Dementus...Whatever. Thanks for the further context. I am sure that City Hall, and their new best friends at Paymentus have things under controll...

      Delete
    2. patrol, control, troll.... yep take your pick

      Delete
  4. Hilarious because Dan is a Fireman not a City Manager!

    ReplyDelete
  5. Can you even begin to imagine the full extent of fraud with use of computers that has gone on in PA?

    ReplyDelete
    Replies
    1. Oh, you don't even need fancy pants computers to commit fraud on a really big scale in Port Angeles(Where nobody looks too close, doncha know).

      Send the investigators into the books of the big public works projects.. like the Turd Tank, and others. Dig up those really expensive buried components, and check out their serial numbers. See if they actually are new, or just painted over, and charged as new.

      This city has a well established history and methodology of.. oh.. what is that word I'm looking for?

      Delete
    2. If only there was someone who was able to do just what you suggest...It would be a fascinating examination. Needless to say, let's not hold our breath waiting for the City to do such an audit on their own, eh?

      Delete
    3. Yes, you're right. I'm not expecting anybody to put too much effort into looking into the craziness that is Port Angeles.

      Accountability? Forget about it.

      Delete
  6. How many citizens of PA even understand this thread?

    ReplyDelete
    Replies
    1. What part don't you understand?

      Delete
    2. My apologies, I should have written that clearer. My comment was that most Port Angeles citizens probably have no idea how a data breach can occur, or what it takes to make a system as secure as can be in this day & age (built-in backdoors, etc.)

      Not that it can't happen to highly protected systems, but how does this municipal setup compare to others? How many other cities incur a similar breach? Or did PA just miss the boat on true security?

      Delete
    3. Are we asking "How stupid are the residents of Port Angels"?

      Delete
    4. Well we know that answer. But the question is more about city administration, whether they're doing a heckuva job on data security in all departments. This was just utilities, what about permit payment processing, and other financial transactions? Is PA's data more compromised than other places because the good ole boys get priority for their skim (EDC, CRTC, Port, etc. etc.) over the cost of some now-standard app licenses?

      Delete
  7. Off topic, from the Sheriff's facebook page.

    Clallam County Sheriff's Office
    1 hr ·

    **NEWS RELEASE FROM SHERIFF BENEDICT**
    **PUBLIC RECORDS REQUEST FOR ANIMAL LICENSES**
    Recently the Clallam County Sheriff’s Office received a Public Records Act (PRA- RCW 42.56) request from Port Angeles resident Adam Chamberlin as follows:
    ----Please provide me with a CD containing all of the licensed pets in Clallam County, including license numbers, owner information, and all other pertinent information. Please provide me an invoice for the compilation of these records and I will pay upon pickup.---
    At present, I (Sheriff Benedict) intend to release the records requested absent a court order directing the information be redacted in whole or in part on August 25th. It is my belief that these records should not be released, however, the PRA, as interpreted by me, leaves me no choice.
    There are 2,222 Clallam County residents who have current pet licenses that were purchased through the sheriff’s office or the Olympic Peninsula Humane Society (OPHS). In addition to this press release, I am sending letters to each pet owner explaining that these records will be released after third party disclosures and absent action from Superior Court. Anyone in this group objecting to release of this information has the option of petitioning Clallam County Superior Court and explaining why they object to the release of this information (in accordance with the PRA, specifically RCW 42.56.540). We expect to have all of the letters to the licensed pet owners out by August 4th; the deadline to petition superior court would be ten days later. We recommend seeking legal assistance/counsel to file a petition with the court.
    I regret that the well-intended Public Records Act in Washington State has morphed into its present state. In addition to being a major administrative burden through frivolous requests, Washington citizens are learning that most personal information they provide to state and local governments to enhance public safety, or to comply with regulations, can be released to anyone and for any purpose thereby invading their right to privacy as well as potentially compromising their own safety.
    Until this matter is fully settled, I have suspended our pet licensing program and will consult with both the county commissioners and legal representatives to chart a way forward.

    What is this Chamberlin pissant trying to prove? Is he going to harass cats and dogs now? Did the homelesses turn out to be too scary, when he ain't got no guns no more? Whuuuut?

    ReplyDelete
  8. CK, Adam Chamberlin has filed a public records request asking for all pet registrations and associated information about their owners. 2,222 pets registered in Clallam County. Sheriff's office posted a notification on FB practically begging someone to as the superior to redact personal information on the registration form.

    ReplyDelete
    Replies
    1. And this is what this is about: "personal information". The "Our Town" group is trying to gather personal information on people it wants to harass, and sees this as a "legitimate" venue to get it.

      Remember, these folks have no problems with organizing phone harassment of businesses who have done nothing wrong, other than advertise in the Port o Call. Just exercising their normal, legitimate means of promoting their businesses. But in order to get at Dale Wilson for printing news stories they don't like, they go after people who have nothing to do with the stories they don't like.

      These are sick, warped people.

      Delete
  9. City don't know how to deal with these newfangled typerwriter things. They probably have been losing data for years, now....

    ReplyDelete