SALT LAKE CITY — Hacker attacks in January on websites belonging to Salt Lake police and the Utah Chiefs of Police Association resulted in losses of nearly $180,000, according to federal court filings.
Loss statements claim the chiefs’ website sustained losses totaling $147,000 and the police website saw an additional $32,797 in costs after the attacks.
Suspected hacker John Anthony Borell — who is awaiting a January trial for computer intrusion charges — claims in the court documents the discovery the government has provided “is so deficient that the defense had to hire an expert witness to advise on whether or not the claimed loss amounts are reasonable.”
A breakdown of costs from the Utah Chiefs of Police Association included in one filing includes a subcategory for “reputation control.” Defense attorneys from the Federal Public Defender’s Office also want further details about what constitutes “security audit,” “online support” and “telephone support.”
The public defenders also asked for additional information from the Salt Lake City Police Department over the tabulation of its loss statement, including what “system intrusion detection” was in place, whether the operating system and applications were patched, how data was stored and encrypted, and whether they used “public tools” to test security.
Industry expert and XMission President Pete Ashdown, who is not connected to the case, said those are important questions in trying to determine what the actual damages and costs were.
“The prosecution is shooting high for the most damages they can get and the defense is coming back and saying, 'Well, did you take proactive steps on your web server to make sure that it was secure?'” Ashdown said. “For example, if you leave the door unlocked you can’t really sue the person that manufactures the lock because of your own negligence.”
Ashdown said the matter of “reputation control” is a reasonable loss to claim.
“It kind of does affect the reputation of police as far as keeping us secure,” Ashdown said. “If they can’t keep their own website secure, can they really keep a city secure? So I would argue on the side of police that they have had some damage to their reputation. It’s somewhat laughable that they got intruded into and this happened, but it can happen to anyone.”
The case appears to highlight the broader issue of the countermeasures and costs that follow hacker attacks.
Ashdown said his company has come under attack before as well.
“There are costs associated with keeping a website secure and those should be ongoing costs, those should be operational costs to keep your website secure,” he said. “Whether your Internet service provider does it or your web designer does it or you have people in-house doing it, it’s an ongoing cost. If you don’t do it, you’re going to realize those costs after you get hacked.”
Restoring the website, bringing it back from backup are common tasks following an attack, and Ashdown said recreating the website can be extremely costly — depending on the nature of the site and the size of the operation.
Data breaches — including the one in Utah that involved a Medicaid server and left the personal information of 780,000 people at risk — carry their own costs.
Officials estimate that breach has cost $2.4 million so far. Utah Department of Health spokesman Tom Hudachko said $1.4 million has gone to the law firm for an audit of the state Information Technologies system and a forensic investigation of how the breach occurred. Approximately another $1 million was spent on credit monitoring for those whose personal information may have been compromised.
- Better than a raise: The smallest thing you...
- Many Mormon missionaries who return home...
- Utah husband wins 'Most Memorable Moment'...
- Supervolcano hidden in plain sight in Utah...
- Nurse threatened to kill patient after...
- Doug Robinson: We are in the midst of an era...
- Skier rescued from Alta avalanche by...
- Charges: Naked man bites dog
- Many Mormon missionaries who return... 123
- Legal analysis supports Utah's law on... 36
- As winter takes hold, needs increase... 29
- Expelling Santa from school? Holiday... 17
- Martin MacNeill cuts self with razor in... 15
- Do Utah high school students need four... 15
- Rare snowstorm traps I-15 motorists... 13
- John Swallow lost computer hard drive... 12