Setting up a Wireless Router Just like Home Leads to a Hacked City By Mike Smith, Network Infrastructure Consultant, Sophicity: We put the IT in city
documents while meeting in a conference room. Guests could now access the internet. How wonderful.
A city wanted wireless access for guests and employees. Easy, right? The city manager told a trusted non-technical employee to “make it happen.” Going to the nearest popular retail electronics store, the employee picked up a wireless router that seemed to do the trick. The wireless router box said it covers 12 devices, so the employee picked up two routers to cover the city’s 20 computers.
One day, a representative from the state’s bureau of investigation informed the city of a data breach. An unknown person hacked into the city’s server using a stolen password and collected sensitive information about taxpayers. That information appeared on an online black market for sale. Not only must the city now inform taxpayers that they are at risk for identity theft but the city may also need to pay for identity theft protection services for hundreds of taxpayers.
Back at city hall, the employee tinkered around until they set up both wireless routers—one on the first floor and another on the second floor. Following the instructions to set it up, the employee got it working. People could now hop on a wireless network with their laptops, smartphones, and tablets. For a few weeks, employees enjoyed the perks of wireless. So easy! They didn’t even need their on-call IT vendor to help set it up. City council loved the internet access at meetings. Employees could now access their desktop and
38
This event hit the city administration like a bolt of lightning. They thought through the repercussions. Loss of citizen trust. Bad media exposure. Money lost. What caused the data breach? When they performed an IT audit to figure out what happened, the answer became obvious. The city’s unsecured wireless router—the one their trusted employee set up “so easily.”
SOUTH DAKOTA MUNICIPALITIES
