It was around 3 a.m. on a Saturday in late June when the hackers first tried downloading a simple text file from the computer. Stu Steiner, assistant professor of computer science at Eastern Washington University, said whoever did it accessed the computer belonging to the city of Kittitas to create a file containing one word: "Hello."
"They downloaded a simple text file to make sure they could have access to the system," Steiner said. "That would've led to other things. That was just a simple file to say, 'Hey, we can get into this system. Now let's start dumping malware on it.'"
A team of Eastern Washington students, assigned to monitor the city's web networks this past summer, caught the infiltration before further harm was caused, Steiner said.
The students were participants in a certificate program put on by the Public Infrastructure Security Cyber Education System (PISCES), a Washington-based nonprofit that offers cybersecurity students real-life experience monitoring government web traffic for potential attacks and anomalies.
Coincidentally, EWU students in the PISCES program also stopped another overseas attempt that occurred within days of the "Hello" incident — this one coming from Russia probing the city of Liberty Lake's network.
"It was more, I think, coincidental that they happened around the same time. You can see when they're constantly looking at the data. Constantly, these entities are probing the networks to try to get into them," Steiner said.
Liberty Lake first started working with the PISCES program around two years ago after hearing about it from the city of Spokane Valley, said Todd Henderson, Liberty Lake's information technology technician.
Henderson estimated the city is notified weekly, at least, by PISCES students of suspicious activity.
"The outside actors are malicious, so they'll try anything, from doing a scan on your network or try to see if you have any vulnerabilities or any ports open," Henderson said. "I'm really enjoying the program. They're great. It's having another set of eyes monitoring our network, which is great for security and compliance."
Steiner said four teams of EWU students this summer monitored the networks for eight different municipalities. Steiner said they logged their hours during the graveyard shift and on weekends to cover times the networks weren't regularly monitored by the municipalities' IT staff.
One of the biggest clues for the students is evidence of strange Internet protocol (IP) addresses, a unique signature for an Internet user that can demonstrate someone from outside the community is trying to infiltrate a system.
"When you get an IP address that's really out of normal range for what we would expect for an IP address, it really throws up a lot of red flags," Steiner said, "and it's really a kind of almost a daily constant struggle to try and block all of these IP addresses coming from Russia and China probing the networks to find a way in."
The state Attorney General's Office recorded 150 ransomware incidents in 2021, which was more than the previous five years combined. Over that same time period, businesses and agencies affected by data breaches sent 6.3 million notices to state residents, "by far" the largest amount since the Attorney General's Office started tracking that data, according to the state.
Whitworth University was just recently subjected to a reported ransomware attack that crippled the college's networks for a few weeks.
That said, Steiner has a warning to local and state governments and municipal agencies: Shore up your cyber defenses however you can, whether it's through PISCES or other means.
"It's a fee, obviously," he said, "but it's absolutely better than nothing."
©2022 The Spokesman-Review (Spokane, Wash.). Distributed by Tribune Content Agency, LLC.