CLAYTON — St. Louis County government’s information technology staff took down the county website on Sept. 1 after discovering attacks on its server designed to take control of the site, the IT director said Monday.
They were able to respond to the threat before the hackers could succeed, acting IT director Charles Henderson said in an email on Monday. He said no data was lost, compromised, stolen or corrupted in the attack.
And, possibly because hackers did not gain control, he said, no ransom was demanded. A New York Times story in August 2019 showed how sophisticated hackers attacked some governments by seizing control of their data and demanding payment.
Henderson said the attacks were exploiting a vulnerability in the site’s management system that mimicked legitimate traffic and bypassed all but one of the county’s defenses. The hackers tried to install Trojans, a type of malicious software that is disguised as legitimate software that cyber-thieves use to gain access to users’ systems.
“We took the web server down for maintenance with the intent of closing the security vulnerability and bringing the site back up,” Henderson said. “After examining their attack method and the options available to us, we determined that we could not, with confidence, defend the server against further attacks and with only a single layer of defense available we recommended that we not bring the system back online.”
With just one line of defense left, he said, “all that it would have taken is for a single Trojan to get past … and the server would have been compromised.”
Henderson said his staff rapidly installed the county’s new site that was in development and was supposed to be months away.
The county did not acknowledge the abrupt shutdown of the site was the result of a hacker attack until a Post-Dispatch story nearly two weeks after the attack.
Henderson, recently appointed by County Executive Sam Page as IT director, is facing a confirmation hearing before the County Council on Tuesday.