Esther Surden, Founder and Editor in Chief, NJTechWeekly
Like many cities in the U.S., Trenton is frequently under assault from phishing schemes and other cyberattacks. Most are routinely prevented through good practices by employees and effective security software.
However, during 2020 and 2021, two serious attacks tested the resilience of the city government’s IT department.
The attacks also led Mayor W. Reed Gusciora to launch an updated cybersecurity employee training course to ensure that “those attacks continue to be unsuccessful in the future.”
The First Attack
In the first case, a cyberattack in the spring of 2020, a criminal diverted about $982,000 from the City of Trenton, CTO Joseph Rivera told us. This occurred during the resolution of a civil suit, with an impostor posing as a representative of both the Trenton municipal government and Brit Global Insurance. Brit Insurance, a division of Lloyd’s of London, and Trenton’s IT department worked together to conduct an extensive forensic audit that proved that the city was not at fault for the breach. The money had been diverted to a third-party account, which ended up closing.
Rivera, who has been Trenton’s CTO since March 2020, recalled that he went through all of the emails that had been sent and received pertaining to the incident, and was able to show the attorneys that Trenton wasn’t the source of the problem. As a result, Brit Insurance refunded the stolen funds to the city. In the final analysis, the impact on the city was zero, Rivera stated.
The Second Incident
In a second incident, cyber criminals, posing as Trenton Business Administrator Adam Cruz, sent out phony requests for quotes (RFQs) for millions of dollars in goods. This incident, according to Rivera, “could have cost the city tons of money in lawsuits for nonpayment, which we would have had no control over.” The criminals went to a lot of trouble to create this scam. They got a domain from Namecheap.com and created a website called “tren0nNJ.org.” They also had an email account for Cruz, firstname.lastname@example.org. The “O” in the real domain name — TrentonNJ.org — was just changed to a zero.
The criminals also acquired an internet number, and when someone called that number, they got a person on the other end impersonating the real Trenton business administrator.
“When I realized what was going on, I went upstairs to the business administrator’s office and called the number in front of him,” Rivera said. “When the number was called, the scammer answered the phone saying, ‘Hello, this is Adam Cruz with the City of Trenton.’”
Using an outside account, Rivera contacted the criminals to make a purchase, and he received a complete purchase order that had the City of Trenton’s seal on it and a letterhead featuring the president of the City Council and other dignitaries. It even had a watermark.
Rivera noted that during his work in Trenton and elsewhere, he had built a rapport with his vendors, and was able to make sure they were on the alert. This time was no exception: he notified the vendors each and every time this scam was attempted, he said.
The city government also contacted Michael Geraghty, the State of New Jersey’s chief information security officer and director of the New Jersey Cybersecurity and Communications Integration Cell, who had only one suggestion: change the name of the Trenton domain to a .gov appendage.
Rivera reached out to the Trenton office of the U.S. Secret Service, which worked with the city’s IT and law departments to convince Namecheap.com that fraud had happened. After a cease-and-desist letter was sent from the city, NameCheap.com shut down the website and affiliated emails. No losses were incurred by the city. The whole incident, from discovery to the termination of the domain name, occurred within about a month’s time.
Rivera noted that through both events, the IT department enjoyed the unwavering support of Mayor Gusciora, who is very technology savvy and supportive of the projects Rivera is undertaking. The city government’s IT department is a small one, with Rivera as the only full-time employee. Technical support for the city’s cyber initiatives comes from Trenton-based Maestro Technologies, Rivera stated.
According to Rivera, the city has undertaken a number of other initiatives during his tenure as CTO, which started in the midst of the pandemic.
For example, the city offered its first online auction for vacant city-owned properties during COVID-19. “It was also the best one, as the city received the most income of any auction of these properties it had held,” he said.
“We also made a portal for vaccines. The state was doing a faith-based vaccination clinic and we were able to get 3,000 people in the span of a week and a half to sign up and be vaccinated.” Rivera has also developed a portal for the homebound, to help them receive vaccinations.
“We have an all-star health director, Dr. Adela Ames-Lopez, who is a fan of technology. She comes to me and she comes to the public information officer, and we get things done,” Rivera concluded.
This post first appeared in NJTechWeekly, Esther Surden, Founder and Editor in Chief. It is reposted here with her permission.