Bellone IT Staff No Shows at Cyberattack Hearing

Employees with County Executive Steve Bellone’s IT department subpoenaed to testify before a special committee looking to get to the bottom of the cyberattack that paralyzed Suffolk government for months were no-shows at Monday’s hearing.

Special Counsel Richard Donoghue, the former U.S. attorney retained by the legislature to assist in the investigation, said he will seek a state Supreme Court order to compel the testimony of Jack Bloom and Vincent Cordiale, two staffers in the county’s Department of Information Technology (DoIT).

Hackers locked up Suffolk’s system in September and sent Bellone a ransom demand, which he refused to pay, and instead shut down all county computers. The county executive immediately identified the county clerk’s office, the scene of an illegal Bitcoin mining operation, as the entry point for the cyber thieves. Peter Schlussler, IT director in the clerk’s office, was the first speaker to testify voluntarily before the investigative committee in June. He denied that the hackers came in through his department and placed the blame on lax security managed by the DoIT staff.

Appearing at the committee’s latest hearing was Judith Pascale, the county clerk when the shutdown occurred. She praised Schlussler’s handling of the situation and detailed efforts to strengthen her office’s firewall. “Weighing the accomplishments achieved over his 22 years as a Suffolk County IT employee, characterizing Mr. Schlussler as the prime instrument in causing the devastating cyberattack on Suffolk County defies logic,” Pascale told the committee. “This irony is compounded by the fact that it was Mr. Schlussler who repeatedly sounded the alarm that Suffolk was vulnerable to such an attack.”

Former County Clerk Judith Pascale reviews her testimony prior to appearing before a special legislative committee investigating the cyberattack that targeted Suffolk’s computer network. Robert Chartuk

Testifying voluntarily on Monday was clerk’s office IT staffer Jason Bruno, who said county DoIT personnel had full access to his office’s system and had said warnings coming in through its Cortex security setup didn’t seem to concern them. Under questioning from committee member Kevin McCaffrey, the legislature’s presiding officer, he said the Cortex alerts increased to approximately three to five per day in the weeks leading up to the attack, and he was told “don’t worry about them, we’re fine” by the county IT staff. “It was not the heightened level of response we thought we would get.” According to Bruno, the hackers already had full administrative access to the county’s system months prior to the September shutdown.

Bruno went on to say that in the days following the Bitcoin discovery, there was much activity in the county data center located with the clerk’s office in Riverhead. Clerk employee Chris Naples was arrested for setting up Bitcoin mining computers and is currently out on paid leave as his case is adjudicated. With regard to the DoIT staffers strengthening IT security in the wake of the Bitcoin bust, Bruno charged that the department “did not have the staffing and the skills to do their job.”

Peter Schlussler, the county clerk’s IT director out on paid leave since the September cyberattack, takes notes at Monday’s hearing by a special committee investigating the hack as his wife, Kathleen, looks on. Robert Chartuk

Legislator Sarah Anker focused questions on an “Iron Key” thumb drive which Bruno possessed that contained all of the log-in information needed to access the clerk’s system. Palo Alto, the county’s cybersecurity consultant that created the Cortex monitoring software, had said the passwords were hacked from the Iron Key, but Bruno disputed that saying, “I don’t know how they were able to hack” the encrypted device. He assured Anker that the log-in data on the key have since been updated, and multiple levels of authentication protocols are in place to access the clerk’s computers.

With employees from the clerk’s office giving their version of events, anticipation was building to hear Suffolk’s side of the story. County Executive Bellone’s office has not responded to requests for information outside of initial press appearances and statements accusing Schlussler of lying. Special Investigator Donoghue said he expects DoIT personnel to testify at the next hearing on August 23, either by subpoena or court order. The subpoena powers granted to the special committee are only the second time such authority has been provided in the legislature’s history.

County legislators on the committee investigating the September cyberattack on Suffolk’s computer system discuss the events of Monday’s hearing with their legal counsel. From left, James Mazzarella, attorney Richard Donoghue, Jason Richberg, and Kevin McCaffrey, the legislature’s presiding officer. Robert Chartuk