The Tulsa Forum by TulsaNow

City of Tulsa authorities have learned information on one of the city’s computer servers was targeted by an unknown source.

Technology officers with the City have taken the websites temporarily offline while they work to identify the extent and nature of the incident.

http://www.fox23.com/news/local/story/City-of-Tulsa-websites-down-after-server-attack/73fGp6PGBkilHVWT1b0hYw.cspx

In other news, City of Tulsa Technology Officers blissfully unaware of attacks during other 364 days of the year.

P.S. Quit using IIS

Apache fanboi

 ;D

In other news, City of Tulsa Technology Officers blissfully unaware of attacks during other 364 days of the year.

P.S. Quit using IIS

TULSA - A week after the City of Tulsa's website was hacked, city officials are notifying residents of the potential threat to their personal information.

There was an attempt to access one of the city's computer servers, which hosts the city's website.

Officials say the investigation thus far indicates attempts to access data were "most likely unsuccessful," though the city took the site offline as a precaution while the investigation was launched.

Letters were mailed Tuesday to all individuals whose information was potentially accessed.  These people including online job applicants and citizens who reported crimes to the police department through the website.

The letters contain Web links and information to credit monitoring agencies and consumer protection information.

City officials have established a resource center to take calls and respond to email to those who received the letters.

"Like numerous cities across the country, the City of Tulsa experiences and successfully repels attempts to access IT infrastructure every day," read the statement.  "The City of Tulsa IT officials regret the inconvenience this may cause and they are implementing a comprehensive assessment of the City servers and IT infrastructure to prevent unauthorized access and to restore the full website."

A criminal investigation is under way and during the extent of the investigation officials say no other details will be made available.


Read more: http://www.kjrh.com/dpp/news/local_news/city-of-tulsa-residents-notified-by-letter-of-website-hacking-threat-to-personal-information#ixzz26vxeLa3R

Most likely? Did they not have centralized logging or something?

I received a letter.  Because I submitted a resume about 6 years ago.

I received a letter.  Because I submitted a resume about 6 years ago.

Sounds like they need a new server admin. You might get an offer in the next ten years if you aren't qualified or are a friend of the mayor.

The city website is still down.  What the heck?

City website not hacked, no personal information taken, say city officials Monday. $20K spent on mailings to warn residents.

TULSA, Oklahoma - The City of Tulsa has confirmed that no personal information was compromised in a recent website hack. In fact, what they thought was a security breach was actually a test by a third-party firm hired by the City's Internet technology department.
"We had to treat this like a cyber-attack because every indication initially pointed to an attack," said City Manager Jim Twombly.

The third-party consultant had been hired to perform an assessment of the city's network for vulnerabilities. The firm used an unfamiliar testing procedure that was not immediately discovered, according to a City of Tulsa news release.

Through the testing procedure, the IT department was able to further secure and protect the system, servers and web users, the release states, with no compromise of customers' personal information.


"The good news is that we can now confirm that no personal information was accessed by an unauthorized source," said Tulsa Mayor Dewey Bartlett.

"In addition, we have used this opportunity to enhance our network security and strengthen processes that we would use to identify potential breaches."

The incident did cost the City about $20,000 for a mass mailing warning about 90,000 customers.

The city of Tulsa's Web site wasn't hacked after all, officials revealed Monday.

A third-party firm that periodically tests the city's networks used an "unfamiliar testing procedure" last month that city Information Technology personnel initially misinterpreted as an unknown breach, according to a city statement.

The city's Web site was offline for more than two weeks as an investigation was conducted and additional security measures were taken. Some functions, such as the public meeting agenda postings, are still not working.

City officials didn't realize it was the firm, Utah-based Security Metrics, until after 90,000 letters were sent to people who had applied for city jobs or made crime reports online warning them that their personal identification may have been accessed.

The mailing cost $20,000, officials said.

"We are dedicated to the security and protection of our employees and citizens first," City Manager Jim Twombly said.

"We had to treat this like a cyber-attack because every indication initially pointed to an attack."

Based on the best information available at the time, officials said, the city proceeded with the mailing to comply with state notification laws.

The firm has since confirmed that no personal identification was accessed in its testing procedure.

The city's KPMG efficiency study has recommended a complete review of the IT organization, including processes, practices an infrastructure.

Mayor Dewey Bartlett said that, as a result of this situation, he will expedite a request for proposals to get that review done.

"We have used this opportunity to enhance our network security and strengthen processes that we would use to identify potential breaches," he said.


Read more from this Tulsa World article at http://www.tulsaworld.com/news/article.aspx?subjectid=11&articleid=20121001_11_0_Thecit522369

Mayor Dewey Bartlett said today that Chief Information Officer Tom Golliver has been placed on administrative leave with pay. The circumstances surrounding this action are related to a personnel issue and no further comment will be available.
 
Bartlett has named Tulsa Police Department Captain Jonathan Brooks as interim director of the Information Technology Department.
 
“Captain Brooks is a proven, experienced and successful manager with the Tulsa Police Department. He is a well-respected leader who can assist with the organizational demands of I.T. until this personnel issue is resolved,” Bartlett said. “He has vast knowledge and training in safety and security practices that will benefit I.T. as its staff maneuvers the complexities of the technical systems, networks and connections with the public.”

City IT Director Placed on Leave

http://kwgs.com/post/city-it-director-placed-leave (http://kwgs.com/post/city-it-director-placed-leave)

O o

I am speechless, a director of IT needs to be more then just a good manager... Who is running this trainwreck...

What I heard is that the guy made close to $200k for a government job, hired off of Williams I think. Veteran of the Williams<->Worldcom dotcom overpay cycle before the bust and IT people started being paid based on talent.

TW says about $140k a year for his current position..and his last job was with Level 3.

I was told he has a bonus above his salary paid for with grant money.

Sorry, can't believe putting a police captain in that position even for an interim deal shows any more smarts than this entire fiasco

smile happens....this was just more public...I don't think the guy should lose his job..but it is a wake up call to step it up...but again, who knows what else went on..

Just my $.10 (inflation adjusted) the city gov't I worked for, in ten years the total down time of the web servers, or any servers for that fact, may have added up to a total of 48 hours, and the longest down time we had was about 4.5 hours between 1am and 5am and that was because we were replacing the UPS system in the server room. We also "stress tested" our system, including the PD system on a quarterly basis, and had outside contractors do actual hack attempts as a varification of security, and never suffered any thing like this. We did have an issue with an IVR server for Parks & Rec that took a couple of weeks to resolve, but that was during a trial "turn up" period and it turned out to be the dialogic card for the phone lines had out of box issues.

smile happens....this was just more public...I don't think the guy should lose his job..but it is a wake up call to step it up...but again, who knows what else went on..

P.S. Dialogic cards are a necessary evil.

No, Dialogic cards are an evil thing that companies who want to lock you in to their stupid proprietary software use. They haven't been necessary since the late 90s. These days you can run a busy IVR on a freakin' router if you want to. And I don't mean that all jokey-jokey. You can. You shouldn't, but you can.

Grizzle, I believe you have gotten the IT geek smack down.

(http://www.sofreshandsogreen.com/wp-content/uploads/2010/12/cliff-clavin-mailman.jpg)

The City of Tulsa is also looking to hire another outside consulting firm to help restructure the IT department to make sure it runs more efficiently and that this kind of thing doesn't happen again.

I'll do it for free, and I'm not meaning that maliciously.

I'll do it for free, and I'm not meaning that maliciously.

I'll do it for free, and I'm not meaning that maliciously.

The city does not do free.  
If you were to say, "I will do it for $8,000," you'd have a better chance.
Just sayin.

The city does not do free.  

If you were to say, "I will do it for $8,000," you'd have a better chance.


Just sayin.

Fine. I'll charge $1

Send them this with your $1 offer.

(http://www.iconlet.com/icons/defaulticon/256x256/check-box.png)

That way they may get the idea.

(inside joke btw)

City leaders are launching an intensive review of the Information Technology Department in the wake of an apparent website hacking that turned out not to be a security breach.

The city does not do free.

Actually I think there is a lot of truth in that.
There have been many times when a committee or group has been taken aback when consulting with me on municipal lighting because I do not charge or represent a vendor of some sort.

When you don't charge a fee, they question your motives and the value of your advice (because you have established that it has no value).  If you cause them to make a mistake that reflects badly on them, it looks even worse especially when public believes they took your advice over better advice simply because it was free.

Excuse my Randian nature, but offering something for nothing diminishes the general market value and the perceived quality of the product or service that you offer.  Over time both the product and the supplier become marginalized.

That's why you can leave a clothes dryer on the curb with a "free" sign on it and it will be there for days.

Put a price tag of $50 on it and you can count on someone stealing it as soon as the sun goes down or your car leaves the driveway.

There's no perceived value when the cost is nothing.  Attach a price to it and suddenly it has value.

I charge by the pound.

_______________________________________________________________________________

The dollar tree is at the airport where millions of dollars of services and equipment are leased for a dollar a year.
Try B.A. and clean off your drive so the dump truck can dump a load of those green-backs.

And it took how long to figure this CF out?

My translator is broken.  Anyone got a bead on this?

Naw, there was no hacking done to the city computers.  It all reflects on the high priced surveys of city departments that always come back with “to much top heavy management”. Even ex-councilors seem to grasp the over burden being carried by working poor citizens.  They missed the appraisal of  the former city hall by 90%.  Now the bond rating on ability to pay is less the AAA.   -AAA means there could be troubled waters ahead.