The entire computer network of a Cook County department was shut down for nearly two weeks last month after a virus infected the system, NBC5 Investigates and The Better Government Association have learned.
The Cook County Department of Highway and Transportation is responsible for maintaining hundreds of miles of local highways. But it was the Information Superhighway which proved to be the department’s recent undoing: NBC5 and the BGA have learned that someone – possibly a county employee surfing the Internet or using a flash drive from home – allowed a virus to enter the department’s servers at its downtown offices in Chicago at 69 West Washington St. The virus quickly spread to all of the department’s computers – both downtown and at remote sites -- renaming files and hiding legitimate work content.
“It would be like … a normal file, and when [someone] would click on it, it was infected,” said Ricardo Lafosse, Cook County’s Chief Information Security Officer.
Lafosse said the virus caused work files to be renamed with inappropriate and racy – even vulgar -- names.
Lafosse said the department was forced to immediately shut down its entire computer network so that the server could be cleaned up. Employees resorted to calculators and fax machines – even old-fashioned pen and paper -- until another department lent them extra computers as temporary replacements.
According to Lafosse, the virus attacked about 200 computers in all, and it took five technicians working full-time for 216 hours to scrub everything clean.
“The whole duration was approximately nine days,” he said. The fix was completed in June.
Some see this as a sign of bigger problems down the road.
“This is the Cook County Highway Department, so the damage is apparently minimal,” said Andy Shaw, President of the Better Government Association. “But what if it was a secure computer?”
Shaw points to an overall problem of lack of monitoring and anti-virus protections within the county’s technology network.
“The work environment needs to be set up to protect against invasions and improper use by employees, and this is something Cook County apparently hasn’t gotten to yet,” he says.
Lafosse says it would be prohibitively expensive to track down where this particular virus started, or who might be to blame. However, this episode has prompted county officials to discuss whether they should block outside portable drives, like USB and thumb drives, and improve monitoring and filters to prevent future problems, according to Kristen Mack, a spokeswoman for Cook County Board President Toni Preckwinkle, whose domain includes about 12,000 computers countywide – including those at the highway department.
But that may not be enough, according to technology security expert Carl Volkman. The Cook County virus was likely something called a “drive-by” virus – malware that anyone can get even when visiting a well-established website that seems totally safe, like a news site or a travel webpage.
“’Drive-by’ is basically where the infection … can come down without you actively clicking on something potentially harmful,” Volkman says. “You can get infected without doing anything proactive.”
“It’s very weird to see how dependent we are on technology on a day-to-day basis,” Lafosse said about the county virus. “And to have that ripped from you is a shock to the department.”
Additional information on this story can be found by visiting The Better Government association’s website.