The former IT commissioner for the Suffolk County Clerk’s department did not alert county officials that the computer network in the clerk’s office was responding to a “radical malware attack” until eight hours after he was alerted, the Press has learned.
The Center for Internet Security (CIS) sent an email at 3 a.m. on Sept. 8, 2022 to the clerk’s then-IT commissioner Peter Schlussler alerting him to the attack, but Schlussler did not share that information with Suffolk IT leaders outside of his office until after 11 a.m., according to a CIS report that the Press exclusively reviewed and has not previously been made public.
“A 30-minute call was held with … [Schlussler] at 7:12 p.m.,” an excerpt of the report the Press reviewed states. “On the call, it was discussed that their Cortex client alerted to malicious activity on one of their domain controllers, quickly followed by alerts on additional systems within the environment. By 11 a.m., the entity had completed a full network isolation.”
The exchange was the first confirmation of the cyberattack that forced all county departments to work offline for nearly six months between September 2022 and February 2023. Schlussler had been put on leave since questions were raised about whether he properly acted on warnings that the clerk’s office was at risk of being hacked. The former IT head argues that he first alerted the county to the attack.
As the Press has reported, an investigation of the cyberattack concluded that cyber criminals entered the county’s online system through the former county clerk’s IT environment in December 2021. About eight months later, the hackers found credentials that gave them access to the larger county IT environment, and the cyberattack occurred about two weeks later. The hackers, known as BlackCat, demanded $2.5 million in ransom to give the county back access to its networks.
Officials had also blamed technical vulnerabilities on Christopher Naples, a former information technology deputy commissioner who was arrested in 2021 for allegedly installing hidden computers in the Riverhead-based clerk’s office in a scheme to mine bitcoin — the process in which cryptocurrency transactions recorded — and Schlussler, who officials said failed to catch his deputy’s alleged scheme or the ensuing cyberattack partly done in the deputy’s name. A computer program security flaw known as a “Log4J vulnerability” also helped get the hackers in the door, according to the report from Palo Alto Networks Inc., one of several companies hired to help in the aftermath of the attack. A second probe by TracePoint also found the hack originated in the clerk’s office, officials say.
Suffolk authorities have said they are working with the FBI in continuing the criminal investigation into the cyber attack, considered one of the largest on a municipality in the nation. The Republican-majority Suffolk County Legislature’s Cyber-Attack Investigation Committee has featured multiple appearances from Schlussler, who has filed paperwork indicating he is seeking to sue term-limited outgoing Democratic Suffolk County Executive Steve Bellone for defamation after Bellone blamed Schlussler for not stopping the attack in time.
“While we await Schlussler’s latest frivolous claim, we continue to eagerly await the day in which he finally appears for a deposition because his alternative set of facts will not hold up while under oath,” Marykate Guilfoyle, a spokeswoman for the administration, said in a statement shared with the Press.
In addition to the lag in alerting other county officials to the attack, the CIS report also states that Schlussler acknowledges he told CIS he believes the hackers gained access through the clerk’s public-facing Horizon environment, which other forensic reviews have also concluded.
“The biggest takeaway is that Tracepoint believes there were multiple actors involved at various times, as unauthorized activity is observed all the way back to December 2021,” the CIS report states. “Unfortunately, it’s unknown exactly when the BlackCat team specifically first accessed this network.”
Schlussler could not be reached for comment. The $164,636-per-year IT director for the county clerk’s office was put on paid leave amid the ongoing response to the attack, which has cost Suffolk $5.4 million so far — $3.4 million on restoration and $2 million on investigation.
Related Story: The Chinese Computer Connection To The 2022 Suffolk Cyber Hack
Related Story: After Cyber Attack, Suffolk is Extra Careful With Big Vote