This year, the town of Peterborough found itself among a growing number of towns targeted by cyber criminals. Though the town was able to recoup some of the $2.3 million criminals stole, the experience has taught them that any town can be vulnerable to such attacks at any time.
Peterborough Town Administrator Nicole MacStay shares a cautionary tale of what happened when the town lost over two million dollars in a sophisticated cyber attack and what the town is doing now to prevent it from happening again with The State We’re In host Melanie Plenda.
This content has been edited for length and clarity. Watch the full interview on NH PBS's The State We’re In.
Melanie Plenda: In August, the town of Peterborough lost over $2 million in a sophisticated cyber attack. Can we start at the beginning? How did this happen? What sorts of cybersecurity defenses, if any, did Peterborough have in place prior to this event?
Nicole MacStay: Peterborough has a range of cyber security defenses. However, what happened unfortunately worked because the crime that took place worked around our defenses. What we believe happened was at some point back in April, a staff person's email account was compromised either through a phishing scam or through a zero day exploit of the Microsoft 365 system, which is the email system that we use. They were able to get that staff member’s login credentials and then were able to monitor emails as they were being exchanged back and forth between our staff members and outside agencies, including our local school district and a general contractor who we are currently working with on our main street bridge project. Using that information that they gathered, they were able to imitate the general contractor and staff from the school district, as well as our own staff, and insert themselves into those email exchanges and ultimately were able to provide falsified instructions to change banking information for the school district and that general contractor in our financial system. Once that was done, the transfers that were intended to go to the school district and to the general contractor instead went into the hands of the thieves.
Melanie Plenda: How have Peterborough's cyber security measures changed since the attack?
Nicole MacStay: We're looking at a few different options, all of which come with an associated price tag. One of the things that we're looking at is multi-factor authentication, something that's very similar to what most people have with their banks, but to be quite honest it's not improved cybersecurity that we're looking at. It’s also improved training of our staff because at the end of the day, the staff's your first and your last line of defense on these things, as with any organization. At home, you are your very first and your very last line of defense. There are some very old fashioned paper methods that should have been employed to prevent something like this from happening, getting notarized signatures on documents, verifying with the banks that these accounts are actually held by those entities; those are the kinds of steps that people need to put a focus on as well, because unfortunately these folks are professionals at stealing money from us. It's really important that we are taking the time and the due diligence to verify all the information that we are receiving.
Melanie Plenda: Were there any resources available to you before or after the attack, and who might be qualified to utilize these same resources in NH?
Nicole MacStay: Unfortunately this is really something that we are working on at the state, federal, municipal level to really build up those resources but unfortunately they weren't immediately available to us. We ended up working with our insurance company who helped us to engage Atom Group and work with the US secret service to be able to get the investigation underway as quickly as possible. That's what enabled us to recoup the money that we were able to recoup.
Melanie Plenda: What would you like to see the state do differently to help solve this issue?
Nicole MacStay: I think there needs to be a lot of more engagement between the state and the municipalities on how we can better defend ourselves. Towns in NH of all sizes are the ones who are responsible for collecting the vast majority of the revenues the state, the school districts, and the counties all rely on. We truly are all in this together. We need to be working together to make sure that we are protecting ourselves, to make sure that we are able to work together to be as defensive as possible. It's very, very challenging. The work that we do is in the public view. The staff person who was compromised had their name on our website along with myself and everyone else. It's the same with the school district. It's easy to identify who the people are that should be targeted.
It's very easy to identify the largest contracts and the largest exchanges of money that happen on a regular basis. I'm not trying to say that we need to be less transparent, because of course that's not what we want to do. We want it to be as transparent as possible but at the same time, we really do need to be very careful with that information and be very careful on the back end to make sure that we are working together and that we do know who we're talking to at all times. We need to make sure that we're not making errors that will have such a negative impact on the taxpayers as they did here in Peterborough.
These articles are being shared by partners in The Granite State News Collaborative. For more information, visit collaborativenh.org.
Current Issue - May 2024