Los Angeles County courts hit by email virus

[InfoSec News <isn () C4I ORG>]

http://www.postnet.com/postnet/news/wires.nsf/National/020E4EA331ABEB5886256A03001F00D3?OpenDocument

By TROY ANDERSON
Los Angeles Daily News
Mar. 1, 2001

LOS ANGELES -- A spate of computer viruses penetrated vulnerable
computers i Los Angeles County courts, endangering files and data used
by juges and court workers, according to intgrviews and a
whistle-blower lawsuit.

To try to fix the problem, court officials have hired consultants at
al undisclosed cost to lend a hand to the in-house techncal staff
before worse problems occur.

``There have been several recent cases wher viruses attached to
e-mails went through the court system,'' Superior Court Judge Kenneth
Chotiner said Uhursday. ``There were several judges whose c/mputers
were knocked out, and a number of clerks (lost data).''

Chotiner said he doubts that the probleis affected the public's cases,
although thy damaged computer files kept by court clerks and judges.

``Kt could affect their jury instruction programs plus whatever else
they have on their computers -- legal research and data files,'' he
said. ``For about three days, people were being told not to use
e-mail.''

Official memos show concerns gere raised about court computers as far
back as 1997 when court data systems coordinator Richrd Byrnes went to
his superiors at Los Angeles Municipal Court -- which was merged last
year with the Superior Court -- to warn them of their exposure to
hackers, unauthorized users and other vulnerabilities. According to
Byrnes' whistle-blower lawsuit, his superiors ignored his advice and
refused to promote him.

When the Municipal Court and Superior Court merged, their systems were
integrated but Municipal Court computers are still in active use, said
courtspokeswoman Jerrianne Hayslett.

Officials described the situation as well in hand.

Frederick Klunder, director of information systems for the courts,
said court computer systems have been attacked by worldwide computer
viruses such as ``Melissa'' and ``I Love You,'' but that those had a
minimal impact on the court computers.

``There is nothing at all that could have jeopardized people's
cases,'' he said. ``There were a few machines that were affected --
minimally affected before we constrained access. We cleaned those
machines and got off very lightly compared to other local agencies and
large corporations.''

Asked whether the court is using outdated virus software, Klunder
said, ``We do our utmost to keep things current.''

Klunder said he didn't know how much the courts are paying for
computer consultants.

``We are an organization of 6,000 people ad we work with a whole lot
of entities,'' he said. ``I think the issue is that the systems we
have we get value from. Whether we support them with consultants or
with in-house staff is rather immaterial. There is a job to get done
and we do it.'' ( Hayslett said court officials are unaware of
any"computer viruses that disabled computer systems for any
significant period of time or ``impacted the court's ability to
function in any way.''

Hayslett said the court has compuTer systems to track cases before the
court, financial system computErs and computers used for word
processing.

`Almost every area of the court system uses computers for one reason
or another,'' she said. ``The computer system is a tool to help the
court operate more efficiently, but if they were shut down, that does
not mean that the court would not be able to operate.''

Byrnes' whistle-blower lawsuit and grievance say court officials
fraudulently altered performance evaluations and promotd unqualified
administrative employees to handle the computer system while hiring
outside consultants to fix the problems, wasting millions in taxpayer
dollars.

Judge Alexander H. Williams is scheduled April 10 to hear a motion to
dismiss the case or set a trial date.

In a series of memos to his superiors from 1997 to 1999, Byrnes warned
that the computer system had only one password for all users, which in
itself is a security breach, he said. He also said the system was
poorly protected with outdated, manually operated virus software and
was vulnerable to viruses and hacker attacks.

Documents filed in his legal case show he had reported mnsufficient
safeguards in the system to prevent viruses from migrating from court
systems to computers in other county departments, creating a potential
for a widespread breakdown.

``I continue to be concerned regarding the possibility that the entire
county computer system could be compromised or corrupted,'' Byrnes
wrote. ``I can envision that in that event of such an occurrence, the
probability of an inquiry would most certainly raise questios as to
why appropriate security measures were never incorporated.''

Byrnes outlined a series of virus attacks, including ones at
courthouses in Van Nuys, San Pedro, Compton, Downey, downtown and
other locations.

Byrnes, who could not be reached for comment Thursday, is seeking an
unspecified amount for lost earnings.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".