City hasn’t talked to hackers, but 1 guy has. What did he learn?

AUGUSTA, Ga. (WRDW/WAGT) - The hackers who broke into the city of Augusta’s computer systems must have had access for “quite an extended period,” based on the amount of data they’ve leaked, a local computer security research engineer says.

In fact, another international expert with multiple degrees in the field wrote in his blog that the intrusion could be “perhaps one of the largest government data thefts in recent years in the U.S.”

That expert, Marco A. De Felice, has had email exchanges with BlackByte, the hacker group that claims responsibility for the cyberattack. BlackByte has posted some of the data it claims to have stolen, along with a ransom demand.

The local expert, who has more than a decade in the field, conceded: “It’s certainly a big chunk.”

“The BlackByte certainly must have had access for quite an extended period of time to be able to move all that data,” the local expert said.

City officials have said they’ve had no communications with the hacker group, and Felice says that’s true, based on what the hacker group told him a few days ago.

We asked the local expert what stood out to him in this situation. He says the city’s lack of preparation for disaster response and recovery and the public response by city officials was abnormal.

“Computer breaches happen. It’s just a thing system s have to prepare for. But what is of the utmost importance is being transparent with the public and communicating clearly when it does happen,” he said.

MORE FROM NEWS 12:

• Road to recovery from cyberattack is a relief in Augusta
• What’s going on behind the scenes amid Augusta
• Augusta hires legal firm to help cope with data breach
• Augusta cyberattack: Security expert tells us what city can’t

He also said the 70 gigabytes of stolen data that was initially posted by BlackByte is just the tip of the iceberg. He said the hackers have much more that they haven’t revealed.

Experts who’ve peeked at the data say it includes private information that identity thieves could exploit to plunder victims.

Felice says on his blog that much of the leaked data consists of files with private information, including s, photos of driver’s licenses, employee pay stubs, tax and health forms. He says there are many emails with this type of private information.

The city says one of the three areas where it’s still trying to restore access is geographic information systems – and Felice says that’s reflected in the data BlackByte posted.

“It is precisely GIS” that has been the most affected by the BlackByte ransomware group, he wrote, with a “large part” of the posted files coming from that department.

“Among these are land maps, building plans, building permits, analysis and conditions of the territorial waters of Richmond County, 2018 aerial maps of Augusta Regional Airport, a 2010 homicide map and much more,” he wrote.

In communications with Felice, the hackers said they didn’t gain access through “social engineering” – essentially tricking a person or gaining their trust. The hackers said in an email that they used their own techniques which they wouldn’t divulge – and they accompanied the comment with a sideways smiley face emoticon.

They also told Felice they had encrypted the data on the city’s servers – a typical technique of ransomware groups that demand money in return for a key that will unlock the data.

On June 8, the group told Felice: “There is no network access left” for the city of Augusta.

Despite that claim, the city had reset credentials by that day.

The next day, it restored internet access for employees.

By Tuesday, the city was claiming most departments were functional except for geographic information systems, the enterprise asset management system that depends upon GIS, and the solid waste operations system. These services are expected to be restored within two weeks.

Copyright 2023 WRDW/WAGT. All rights reserved.