Hawkins residents, officials hope for unity, answers after alleged hacking of city computers | For Subscribers Only | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

HAWKINS — April Fool’s Day started with a phone call. Around 9:20 a.m., Debbie Rushing, the only candidate who filed to run for Hawkins mayor this year, called Mayor Pro Tem Charles “Chuck” Richoz to tell him that she wanted to be sworn into office that afternoon.

Richoz had served as the town’s interim mayor since the January resignation of former Mayor Susan Hubbard. The City Council voted during a special meeting March 28 to allow Rushing to take office early — after voting March 4 not to allow her to do so.

When Rushing asked to be sworn in that day, Richoz “kind of squirmed a little bit about it,” Rushing said.

Shortly thereafter April 1, Richoz and Shahaub Tafreshinejad, the son of Place 4 Alderwoman Eleta Taylor, walked into the mayor’s office. That’s where Tafreshinejad — a purported cybersecurity professional whom the Hawkins council recently considered paying to do work for the city — spent hours installing programs on a computer that would allow him to have access to the city’s computer system from a remote location, Rushing said.

A computer in the office of Hawkins Mayor Debbie Rushing is pictured Tuesday. Rushing said the city may have experienced a data breach after the son of a city council member installed programs on the computer on April 1 without authorization. (Jordan Green/Longview News-Journal Photo)

City officials shut down the computer system because of concerns that a data breach might have occurred. City Hall computers have remained off for more than a week, leaving the city unable to respond to emails, complete grant applications or take credit card payments for utility bills.

The Texas Rangers are investigating the matter, and cybersecurity experts are trying to determine if city records — ranging from financial and legal documents to employee files and residents’ information — were comprised, Rushing said. Rushing said there’s a “good possibility” that a breach occurred.

Rushing is calling for Richoz, Tafreshinejad and possibly Taylor to face criminal charges related to the “hacking” of the city’s computer system, she said. She also said she’s displeased that a city police officer didn’t force Tafreshinejad to leave City Hall that day.

The potential data breach is at the top of the new mayor’s list of problems to tackle. Once the issue is remedied, Rushing and other residents of this small Wood County town say they hope new leaders will help Hawkins return to normal.

“In the past, a lot of mayors have swept things under the rug because they’re embarrassed about it. And we’re not going to do that,” Rushing said Tuesday. “I want everyone in Hawkins to feel safe and to know that they’re taken care of. And the only thing we can do is shine light on things that are illegal and let people know that we are going to follow through.”

The hacking of Hawkins

The April 1 hacking incident was a surprise to Rushing and other city officials, but rumors about another alleged computer hacking at City Hall had been circulating for months beforehand.

Less than a month before Tafreshinejad gained unauthorized access to the city’s computer system, the council considered hiring him to do cybersecurity work — in response to an incident in which Tafreshinejad claimed someone else did the same thing he is accused of.

Tafreshinejad graduated in February from online Perdue University Global with a bachelor of science degree in cybersecurity, according to the university’s Feb. 17 commencement program and his LinkedIn social media profile.

On Feb. 23, a new business — Spica Secure Solutions, Inc. — was registered in the state, according to Texas Comptroller’s Office records. The company’s website states it aims to protect the data of businesses and government agencies from “malicious actors and adversarial threats.” It also states the company has more than 15 years of experience in cybersecurity and has completed more than 100 projects. Tafreshinejad’s name would become tied to the company.

Two weeks after his graduation, on March 4, Tafreshinejad spoke to the Hawkins City Council, claiming the city’s security footage had recently been hacked. That footage, which he said showed a member of the City Council, was posted to Facebook.

Tafreshinejad also said the city didn’t have enough cybersecurity protection in place and wasn’t in compliance with a new state law that requires cities to report data breaches.

Rushing, however, said the Texas Municipal League — which provides insurance to cities through its Intergovernmental Risk Pool — confirmed that the city has adequate cybersecurity protection.

And the footage Tafreshinejad spoke of wasn’t retrieved by hacking, said the man who posted it: Todd Eddington, who manages the Facebook page “The Crooked Wood County ‘Justice’ System Part III.” On that page, he frequently makes statements alleging wrongdoing on the part of local government officials.

Eddington posted a photo showing Hubbard, Richoz and Place 2 Alderwoman Clara Kay leaving the mayor’s office on Jan. 5. Eddington claims that photo proves the trio conducted an illegal meeting mere days before Hubbard resigned as mayor.

Mike Maberry, Hawkins utilities director, sent Eddington the picture, which he took with his cell phone while watching the footage — the glare of a ceiling light is visible in the photo. Surveillance camera footage is public record anyway, Rushing and Eddington said.

After Eddington posted the picture, the rumor surfaced that he had hacked into the security camera system.

“I knew when I posted that picture that they were going to go nuts,” Eddington said. “I didn’t know they would think I hacked it.”

On March 18, the council again discussed cybersecurity issues and considered paying $36,000 to Tafreshinejad to perform cybersecurity work for the city, according to Rushing and others who were at the meeting.

Tafreshinejad went into an executive session with council members to discuss the matter with them — which is illegal, Rushing said.

“I showed where it says you cannot do that under Texas law, and they did it anyways,” Rushing said.

Rushing also said during the meeting that Tafreshinejad was Taylor’s son and that the city didn’t solicit bids from other contractors to perform cybersecurity work. Taylor replied: “My relationship with the person that is the expert has no bearing because I have nothing to do with his business. So keep my child out of it.”

By the end of her statement, Taylor was yelling at Rushing, according to an audio recording.

Texas law prohibits city officials from hiring their relatives to do paid work for the municipalities they serve, a practice referred to as nepotism.

Eddington took a video showing council members and Tafreshinejad walking out of the executive session at the March 18 meeting, though the council returned to open session without approving a contract with Tafreshinejad.

On March 26, however, Richoz signed a contract between the city and Spica Secure Solutions, with Tafreshinejad listed as Spica’s “authorized representative.” According to the contract, which Rushing provided to the News-Journal, Spica would provide cybersecurity work valued at $20,000 to the city at no cost and at no risk.

The contract called Spica Secure Solutions, then only a month old in Texas, “a reputable entity specializing in managed security services.” Rushing said the council never approved the contract the two men signed.

Hawkins hacking 6

Shahaub Tafreshinejad, the son of Hawkins Place 4 Alderwoman Eleta Taylor, is shown in front of a computer in the Hawkins mayor’s office in this screenshot from an April 1 video taken by the city’s utilities director, Mike Maberry. Mayor Debbie Rushing said Tafreshinejad installed remote-access and network-mapping programs on a computer in the mayor’s office hours before she became mayor, raising concerns that a data breach may have occurred. (Courtesy Photo)

“That is a whole ‘nother situation of pride and ego,” she said. “It’s flourishing in those two people.”

Less than a week later, Tafreshinejad and Richoz walked into the mayor’s office, where Tafreshinejad installed programs on the mayor’s computer that gave him the ability to access it remotely and see other devices on the city’s computer network, Rushing said.

She and Place 3 Alderman Eric Maloy said Tafreshinejad had no legal right to access the city’s computers.

Rushing said she believes there’s a reason why some people passed along the rumor that Eddington hacked the computer: “I really feel like they were creating a problem because Eleta had her son over here (and) that could be the answer to the problem,” she said.

Richoz did not return calls requesting comment, and Taylor declined to comment on the matter Tuesday because it is under investigation. She said Tafreshinejad also wouldn’t comment on it.

An official with the Texas Municipal League also declined to comment on the matter, as did an attorney representing the city.

Mayor criticizes police ‘inaction’

Maberry arrived at City Hall shortly after 2 p.m. on April 1 and found Tafreshinejad seated in the mayor’s office chair, working at a table with three computer monitors on it: one that belongs in the mayor’s office and two that Tafreshinejad brought there. Tafreshinejad had been in the building since at least 10:50 a.m. that day. Maberry began filming on his phone.

“The council did not vote for anything to be done on the computers,” Maberry told Tafreshinejad in one video. Tafreshinejad said he was working on his own computer. In the background of the video, another city employee can be heard saying, “He needs to leave.”

In another video, Maberry followed Richoz — who at some point left Tafreshinejad alone in the mayor’s office — as he walked back into the office. Richoz twice slammed a door in Maberry’s face.

“Don’t touch me, Chuck!” Maberry said in the video.

“Well, then, leave me the hell alone,” Richoz replied as he walked away. He added: “You’re not welcome in my office.”

It wouldn’t be his office for much longer. Rushing, a substitute teacher at Hawkins ISD, was teaching April 1 and got to City Hall as quickly as she could to be sworn in, she said. By the time she arrived around 3:40 p.m., Tafreshinejad was gone.

After City Secretary Mandy Thomas swore Rushing in, the new mayor’s first order of business was to walk Richoz out of the building. Her second was to find out what had been done to the computer.

The next day, April 2, Rushing brought in the city’s former information technology expert, Gary Cude, to analyze the computer. On April 3, Cude reported finding that remote-access and network-mapping programs had been installed on the computer, which had remained off since April 1, Rushing said.

On April 4, city officials unplugged the rest of the computers, WiFi and internet devices at City Hall to prevent Tafreshinejad from having access to the system. Rushing contacted the Texas Municipal League, and soon, a flurry of cybersecurity experts and attorneys were looking into the matter.

Since then, Rushing has been in several meetings regarding the incident, and officials are waiting for the Texas Rangers to conduct their investigation before the computer system can be turned on again. The Rangers could seize the computers this week, Rushing said. The Texas Department of Public Safety had not returned a call to the News-Journal as of Wednesday.

Meanwhile, Rushing said she’s unhappy with what she called the “inaction” of the city’s police department related to the incident.

Police were called to City Hall while Tafreshinejad was still on the computer. Officer Adam Newell responded and talked with Tafreshinejad but didn’t tell him to leave, Rushing said.

Reached by phone Wednesday, Newell declined to comment, citing the investigation.

Interim Police Chief Eric Tuma spoke with Tafreshinejad on April 5, Rushing said. Tafreshinejad offered to hand over evidence related to the investigation, but as of Tuesday, Tuma hadn’t collected it.

Rushing said she doesn’t know why police haven’t done more.

“I’m disappointed with our city law enforcement,” she said.

Overall, the situation has been frustrating, Rushing said.

“It’s been something about this breach every day,” she said. “I’m fighting to make sure everyone is safe.”

Hawkins hacking 3

Hawkins City Utilities Clerk Cindy Douthitt talks on the phone Tuesday at Hawkins City Hall. The city’s computer system has been shut down in response to a potential data breach, leaving Douthitt to accept utility payments by check or cash. (Jordan Green/Longview News-Journal Photo)

‘Big problem all the way around’

On Tuesday morning, City Utilities Clerk Cindy Douthitt talked on the phone and accepted checks from residents who came to City Hall to pay their utility bills. A sign on the glass window at the front desk said the office couldn’t accept credit or debit cards.

Hawkins employees aren’t able to process electronic payments for utility bills at City Hall as a result of the computer system shutdown, which has left the city operating like it would have in the pre-computer era. City operations have been affected in other ways, too.

“It’s created a big problem all the way around for us,” Douthitt said.

Douthitt is comparing residents’ utility payments with a more than 50-page statement of bills she printed off in March. She prints the document each month so that she can ensure bills are accurate before they’re sent to residents. If Douthitt hadn’t printed it, she’d have no record of what residents owe, she said.

Rushing will sign paychecks for city employees by hand. She has enough prior experience in human resources and payroll to calculate their taxes and retirement contributions, she said.

Thomas, the city secretary, isn’t able to use the Hawkins’ main email address. The city also isn’t able to move forward with an application to get Community Development Block Grant funding to improve its sewer system — or a loan application with the Texas Water Development Board for funding to replace lead water lines, Maberry said.

The city will have to open new bank accounts, too, Rushing said.

Douthitt and Thomas have kept positive attitudes in spite of the hardship, Rushing said. City residents, similarly, have been understanding and patient with city employees.

On Tuesday, retired Hawkins ISD coach Alan Phillips walked into City Hall and bantered with Douthitt after handing her a check to pay his water bill. He didn’t mind that he couldn’t pay with a credit card; he said he never does.

Hawkins hacking 4

A sign indicates no credit or debit cards are accepted as Hawkins City Utilities Clerk Cindy Douthitt accepts a utility payment from Hawkins resident Alan Phillips on Tuesday at City Hall. The city’s computer system has been shut down in response to a potential data breach, leaving Douthitt to accept utility payments by check or cash. (Jordan Green/Longview News-Journal Photo)

Residents hope for change

Hawkins is a good place to live, Phillips said. But sometimes, he wants to laugh at what happens there.

“I hate to see things that get so screwed up,” he said. “I don’t want people to think that that’s how Hawkins is, because it’s not. It’s a really nice town with good people.”

News of the hacking has spread throughout Hawkins, and community members are angry, Rushing said. It’s the latest controversy to arise in the small town, and residents say they’re hoping the community will become more unified soon.

Hubbard resigned as mayor in January citing health issues, but her resignation also came after she filed complaints against the city secretary, Thomas.

One complaint was that Thomas didn’t sign a check compensating Newell, the police officer, for pay he was supposed to have been given while serving in the National Guard, the News-Journal previously reported. Thomas said she didn’t sign the check because she wasn’t given the proper documentation to do so. Hubbard and Kay, the Place 2 alderwoman, signed the check anyway.

Rushing is the sixth mayor the town has had since 2017. The city’s municipal court judge, police chief and two police officers resigned in March, and Rushing said it’s no coincidence that the chief and officers quit before she took office.

“There’s a lot of stuff that’s happening around here that I am going to figure it out,” Rushing said. “It may take me a minute to really figure it out, but I’m going to figure it out.”

At City Hall on Tuesday, longtime Hawkins resident Glyndia Lane said she’s never seen anything quite like the cybersecurity incident happen in Hawkins. She said she’s hopeful that new city leaders will work with Rushing to restore order to the city’s operations following the months of political upheaval.

A municipal election will take place May 4. Richoz is not running for reelection. He’ll be replaced by resident Meredith Hancock, who was unopposed for the alderman’s seat.

In the Place 3 alderman’s race, incumbent Eric Maloy is challenged by former Alderwoman Norma Oglesby.

Oglesby said Tuesday that the cybersecurity incident is a “serious, dire situation” and will be “the biggest hurdle” city leaders must overcome for now.

“It’s affecting all of us,” she said. “I want to get on the council, and I want to help Deb straighten this out. And it’s going to take a team effort.”

The council will meet at 6 p.m. Monday and is expected to discuss the cybersecurity issue, Rushing said. That will be Richoz’s last meeting, as his term on the council ends in May.

Rushing is calling for Richoz and Taylor to step down.

“That’s what would be best for the city because they could possibly have charges pending in just a couple of weeks,” she said.

As she sat in her office Tuesday morning wearing a blue sweater — blue is the official color of the local school district — Rushing spoke fondly of the people who make up the community. They’re the kind of folks who help each other out. When storms knock down tree limbs, neighbors work together to clean them up. The town’s annual Christmas toy drive often has more support than similar efforts in larger towns.

That kind of unity is what people want back, she said.

“It’s just Hawkins. That’s just what we do,” Rushing said. “It’s a town that is like back in the ’60s, ’70s, whatever. And honestly, that’s the way people like it around here.”

City Hall seems to fit in the same era, too — at least while the computers are shut off.


Click Here For The Original Story From This Source.


National Cyber Security