back to article Hackers seize Detroit's database, demand $800k. Motor City shrugs: OK, take it

Hackers seized a database from the City of Detroit earlier this year before unsuccessfully demanding $800,000 in Bitcoin. The failed extortion attempt back in April was disclosed by Detroit mayor Mike Duggan at the North American International Cyber Summit conference on Monday. The stolen database wasn’t needed by the cash- …

  1. mythicalduck
    FAIL

    Ransoming a city with no money...

    ... sounds like a bad plan.

  2. Ian Emery Silver badge

    “I found the Microsoft Office system we had was about 10 years old

    He should consider himself lucky, my boss still insists on running the copy of Office that came with her first PC - back in 1998!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: “I found the Microsoft Office system we had was about 10 years old

      Feel free to be smug but Office 97 is :-

      1... Free of DRM and can be copied ad-infinitum....

      2... Runs fast, and still probably does 90% of what most users actually need...

      3... No Ribbon...

      4... Free or has minimal M$ UX montioring & NSA backdoors...

      1. Smartini

        Re: “I found the Microsoft Office system we had was about 10 years old

        Clippy, don't forget clippy!

  3. hplasm Silver badge
    Facepalm

    FTA...

    "...the state's Cyber Civilian Corp (IT experts trained in security incident response) would be expanded to a dozen teams..."

    From no teams, at present.

  4. SolidSquid

    It's a little worrying that the example of something he found was disturbing was that they were running older versions of Office

    1. Not That Andrew

      I imagine that the techies tried explain to him that XP and win2003 servers were unsupported, unsecure and unstable and he was all "don't care, fix it!". Then one on them noticed his iPhone, streched the truth slightly and said that if they upgrade, they will be able to use a version of Office that can sync to the iPhone, and he was all "Do it now!"

    2. Pascal Monett Silver badge

      Disturbing indeed. He had hackers running rampant in his network and his preoccupation was syncing his calendar.

      Well, that explains clearly why Sharepoint is not yet in the dustbin where it belongs.

  5. Anonymous Coward
    Anonymous Coward

    Anyone seen "Burn After Reading" ?

    a couple of numbnuts think they've got a CD with "secret shit" on it ....

    1. hplasm Silver badge
      Joke

      Re: Anyone seen "Burn After Reading" ?

      Burn after Reading - label on festival tents.

      1. Soruk
        Joke

        Re: Anyone seen "Burn After Reading" ?

        Burn after Reading - how to navigate the M4.

    2. Anonymous Blowhard

      Re: Anyone seen "Burn After Reading" ?

      I burned mine before watching, so no.

  6. Alan Denman

    re disturbing

    “It was pretty disturbing what I found”

    As disturbing as the semi IT literates now in charge?

    As ever, out of the frying pan into the fire.

    1. Tom 13

      Re:out of the frying pan into the fire.

      There wasn't even a frying pan. Detroit can't afford one.

  7. chivo243 Silver badge
    Facepalm

    so, stealing a database from a bankrupt city...

    ...won't have anything interesting unless you're interested in all the people that owe the city money and have none themselves.

  8. Unicornpiss Silver badge
    Meh

    It won't sync with his phone??

    Hurry up and upgrade to Office 365/2013 Detroit so you can enjoy the wonders of OneDrive and SharePoint not syncing reliably with anything...

  9. Cipher
    Angel

    Headline:

    Luddittes Hacked!

    City Responds:

    Its OK, the data is all on Rolodexes anyway..

    1. Montreal Sean

      @Cipher

      The Rolodex was too pricey to maintain, the databases have now been comitted to memory by the old dude who sits on the curb outside the post office.

      1. Anonymous Coward
        Anonymous Coward

        Re: @Cipher

        Now *how* did you *know* that!!?!!?? Jeez, I thought my new 'system' was gonna be unhackable, and some noob guesses it first try! I'll have to go back to writing them on post-its and sticking them on the back of the toilet.

  10. Unep Eurobats
    WTF?

    How do you seize a database?

    OK, they broke in somehow, but then what? Did they just change the passwords, locking out legitimate users and demanding the ransome to let them back in? Delete the database, having downloaded a copy? Threaten to leak any sensitive data the database might contain?

    If the database is unwanted, the first two of these is no threat, but the last could still be a problem.

    1. Charles 9 Silver badge

      Re: How do you seize a database?

      Unless it had nothing of value.

    2. Tom 13

      Re: How do you seize a database?

      From the way this is written, I assume it was a cryptolocker type scheme.

      But given how Detroit is run, the third option could still be in play. The hackers might not be able to get any money out of them, but they might just plaster the data to jack up Detroit.

      1. Anonymous Coward
        Anonymous Coward

        Re: How do you seize a database?

        You do realize that jacking up Detroit would be a good thing, at this point.

      2. JEDIDIAH
        Linux

        Re: How do you seize a database?

        If it was a database, the obvious question is "was it backed up". If they had a backup of some kind, the hijacking may not have mattered one way or the other.

        "Hello? Iron Mountain? How soon can you ship me some tapes?"

  11. Neal Palmquist

    Why didn't the hackers just buy Detroit Municipal Bonds?

    Would have gotten the same result

  12. Adrian Harvey
    Joke

    OCP

    I thought Detroit was way ahead with cyber security - I saw a documentary about it once.... Robo...something... I think it was called.

  13. Anonymous Coward
    Anonymous Coward

    "The stolen database wasn’t needed by the cash-strapped city so the ransom was never paid, according to local reports."

    It doesn't matter if the database is needed or not, but what is in it. If you are talking about personal information contained in it, then if that was ever leaked, the city could face lawsuits and could easily cost them more than 800,000.

  14. Visual Echo

    Detroit is so controlled by the automobile companies, Engineers are gods and Computermen are peons. It's no wonder they think this type of thing is difficult to solve.

    Right now, this isn't even on the radar. Takata is the buzz.

  15. MachDiamond Silver badge

    Bitcoins?

    I thought the US government declared Bitcoin an un-currency (or immoral or fattening or something). It must have been a grand joke to ask for payment in Bitcoin where there would have been no legal way for Detroit to comply if they had the bucks.

    I agree that it sounds more like a crypto-locker job than somebody removing the files from the server completely. The NSA has a few big computers, maybe they could be put into useful service by decrypting the files. Or, will the USA cease to exist if they aren't fully occupied hoovering up everybody's cell conversations and texts?

    1. Charles 9 Silver badge

      Re: Bitcoins?

      "I thought the US government declared Bitcoin an un-currency (or immoral or fattening or something)."

      I think the only thing they've declared is that they're keeping an eye on Bitcoin-related activities for potential money laundering and consider money exchange between Bitcoin and dollars a taxable capital event (IOW, changing large amounts of Dollars to/from Bitcoins means you owe Uncle Sam).

  16. Henry Wertz 1 Gold badge

    10 years ago, Detroit looked post-apocalyptic

    I just have to laugh about someone trying to extort a bankrupt city. I guess it doesn't cost them anything to do it, but... .they (finally!) formally declared bankruptcy a year or two ago, they would be unable to pay this ransom no matter how important the database is.

    ===========

    My trip to Detroit

    Seriously, it's possible Detroit is in better shape now (and I have heard some of the TARP bailout money that was not wasted paying off incompetent banks did go to road repair specifically in the Detroit area)... but when I was there about 10 years ago, the highway (this was 100% overpass, i.e. elevated roadway, bridge) was so rough I hit my head on the rough of the car; I was a bit alarmed to look out and realize some of the potholes had NO CONCRETE LEFT AT ALL and the tires were running on metal rebar, I could see THROUGH the bridge*. When I got to my friend's house and we went to get on the highway, we found nearest onramp to my friends house had a "road closed" sign with a pile of rubble, the onramp had collapsed. The next one, my friend and I debated if we should go fast and get up the ramp before it (potentially) collapsed, or go slow to minimize the chance of collapsing it (he went for slow.) Off the highway, I drove through blocks of cracked road with what looked like 5 or 6 foot grass on each side, the buildings had collapsed and grass grown back over the foundations. One street was flooded due to a broke water main -- when I left a few days later, the water had not even been shut off let alone any repairs being done. The buildings that were left, about 1 or 2 per block were in good shape, the rest had broken out windows and so on. To me, it seriously looked like I was driving through a post-apocalyptic city that had been leveled by an atomic bomb 30 or 40 years previously and never rebuilt. It didn't look as bad as the random rubble in the Terminator movies, but worse than the "post-disaster" cities I've seen in most any other movie; amusingly the supposedly run down due to bankruptcy Detroit in Robocop looks WAAAAY nicer than the reality.

    *Two other people I know who went there around 10 years ago... one did major damage to his front end, he hit a piece of concrete that had broken out and was sitting on the road... probably he should have seen it, but what can I say, he is the kind of driver that would not notice. The other person bent up all 4 rims on his Acura on the way into Detroit, got them replaced, and the replacements got all bent up on the way *out* of Detroit and he had to replace them a 2nd time when he got home.

    end trip to Detroit

    ===================

    "Feel free to be smug but Office 97 is".. actually I wouldn't object to that, although they probably should be using LibreOffice or the like.

    But, they shouldn't be running that old of *server* software (the server software was branded "Office" or "BackOffice" back then), and should probably not be running Microsoft server software to begin with if cash strapped; since, after all, running an e-mail server and calendar sync is simply not rocket science, and you can (legally) get up to date, secure software to do it if you stay away from Microsoft products.

    "How do you seize a database? " Probably either encrypted it, or deleted it and said they'd give back a copy. The concern about confidential data being leaked is of course legitimate.

  17. This post has been deleted by its author

  18. Spanners Silver badge
    Coat

    About 10 Years old?

    That sounds like Office 2003. This was the last one before MS completely messed it up with the "ribbon".

    They might actually have stuck with that one for a reason. If you want to synch that with your phone, get an MDM. Better still get a BES and a set of DingleBerries!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019