Follow Us:
Friday, July 23, 2021

This agency’s computers hold secrets; hackers got in with one password

The hack was enabled by the New York City’s Law Department’s failure to implement a basic safeguard, known as multifactor authentication, more than two years after the city began requiring it.

By: New York Times | New York |
June 19, 2021 9:15:14 am
Hackers used one worker's log-in information to penetrate the city Law Department's network after officials failed to implement a simple security measure the city has required for two years. (Photo: New York Times)

New York City’s Law Department holds some of the city’s most closely guarded secrets: evidence of police misconduct, the identities of young children charged with serious crimes, plaintiffs’ medical records and personal data for thousands of city employees.

But all it took for a hacker to infiltrate the 1,000-lawyer agency’s network early this month was one worker’s pilfered email password, according to a city official briefed on the matter.

Officials have not said how the intruder obtained the worker’s credentials, nor have they determined the scope of the attack. But the hack was enabled by the Law Department’s failure to implement a basic safeguard, known as multifactor authentication, more than two years after the city began requiring it, according to four people with knowledge of the legal agency’s system and the incident.

The intrusion interrupted city lawyers, disrupted court proceedings and thrust some of the department’s legal affairs into disarray. And on Tuesday morning, in a conference call, Mayor Bill de Blasio admonished the heads of city agencies to shore up their cyberdefenses or face consequences in the event their agencies were hacked, according to three people who were on the call.

The mayor’s warning to the agency heads comes 10 days after the city’s Cyber Command, created by de Blasio in 2017 to defend the city’s computer networks, detected unusual activity on the Law Department’s computer system.

The next afternoon, June 6, city officials have said, they removed the department’s computers from the city’s larger network. Many remain disconnected.

De Blasio, in public appearances last week, said that the hack was under investigation by the New York Police Department’s intelligence bureau and the FBI’s cyber task force. He said officials were not aware of a ransom demand being made or of any information being compromised.

Officials also said there was no evidence that the attack had damaged the city’s computer systems, although the investigation was still in an early stage. Investigators are still trying to determine the identity of the perpetrator and the motive.

Multifactor authentication, a measure familiar to many who work on computers at home and at the office, requires users logging into sensitive accounts to take at least one additional step to verify their identities, such as entering a temporary numerical code sent to a user’s cellphone.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest World News, download Indian Express App.

  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
0 Comment(s) *
* The moderation of comments is automated and not cleared manually by