Westfield city data at risk?

Clerk-Treasurer alleges computers have spyware installed at city’s expense

By JEFF JELLISON

Reporter Publisher

Editor’s note: See Mayor Andy Cook’s response at the bottom of this post.

Westfield-based attorney William Webster, representing City Clerk-Treasurer Cindy Gossard, has sent a letter to the Westfield City Council and Mayor Andy Cook notifying them the Clerk-Treasurer’s Office has discovered that alleged spyware purchased by the City of Westfield has been placed on the clerk’s office computers.

The letter states the alleged spyware, identified as BeyondTrust Jump Technology, has the potential to compromise Westfield’s banking and payroll systems as well as city employees’ confidential information.

Gossard

Webster

Gossard and Webster have also provided the mayor and council members with paid invoices confirming that the city’s IT department purchased the alleged spyware.

The letter continues as follows:

“Throughout the beginning of this year, while we were focused on the litigations brought by the Mayor, the Clerk-Treasurer’s staff began to notice occasional oddities and/or glitches with their computers. At first the Clerk-Treasurer’s staff assumed this may have been related to the fact their computers are older models and that these glitches were innocuous. However, the problems not only persisted, but also began to grow increasingly suspicious. Staff members have reported seeing the mouse icon on their screens occasionally moving without their input, in a manner similar to when a remote user remotely access a computer and takes over input control. However, this was puzzling because in the past whenever city IT personnel have needed to troubleshoot issues with remote access, an authorization pop-up requests precedes the remote access session, and the employee allows the access. Another example of oddities that have been noticed include being unable to find previous emails in staff member email inboxes that staff members are certain were sent or received.” 

Staff members at the Clerk-Treasurer’s office also discovered a saved web browser login ID of “svieth@bkd.com.” According to Webster and Gossard, Sandon Vieth works for Bryan Callahan, one of Mayor Cook’s appointed examiners.

“Though we are not IT experts ourselves, it seems that someone had to type this email address into the staff member’s computer and that it was saved to her computer,” stated Webster in his letter.

According to Gossard, a review of invoices submitted by the city’s IT director has disclosed three such invoices submitted for reimbursement to SHI International Corp. for the purchase of six software licenses from BeyondTrust. Webster’s letter pointed out the Clerk’s office has exactly six computers, which matches the number of licenses purchased on the invoices.

According to Webster, BeyondTrust allows for very sophisticated and advanced remote access into a computer system. The company’s website states Jump Technology far surpasses traditional remote access, in that it allows for remote access into a computer without authorization from the computer’s end user.

“Whomever installed this software and further whomever has been using this software to access the Clerk-Treasurer’s information is unknown,” Webster said in the letter. “However; the installation and use of this software without the Clerk-Treasurer’s knowledge, is disturbing and unacceptable. This software gives whomever that is using it the ability to covertly spy on the Clerk-Treasurer’s office.”

Two other items that concern Gossard and Webster are: Whomever is using the software can make changes to city data, and it appears the changes were made by a staff member; and the software user may have viewed email correspondence between Webster and Gossard, circumventing attorney-client privilege.

Gossard has asked for the city’s IT department to remove the software and is exploring purchasing new computers and segregating their systems from Westfield IT networks.


Cook refutes spyware claim, says software is “standard in almost all industries”

Editor’s note: The following is a response sent Wednesday evening from Mayor Andy Cook’s office to The Reporter.

Cook

Mr. Webster’s letter is troubling and the Administration has taken action to confirm that no breach of the city’s computer network, which is backed up daily, has occurred.

In addition, the Administration is confident that, based on the security platform of our systems, we will be able to specifically determine if what is contained in Mr. Webster’s letter is factual.

Prior to the financial investigation commissioned by Mayor Cook, the Clerk’s office never raised any concerns about the security of the city’s computer network. The BeyondTrust software (or predecessor) is a program that the Clerk is well aware of and has used dozens of times. It allows the IT department, upon request and with permission, to remotely access a computer while it’s in operation to assist with issues raised by individuals throughout the city. It’s on every city computer and has been used for 10 years. This technology is standard in almost all industries.

It is strange that this is coming at a time when the Clerk has, after months and months, provided BKD with most – but not all – of the financial documents that have been requested.

The letter also implies wrongdoing from BKD, a well-respected and accomplished accounting firm that is part of the financial examination.

1 Comment on "Westfield city data at risk?"

  1. Andy Davies | June 11, 2021 at 10:44 am |

    As a 30+ year career IT professional with years of experience in digital forensics and data security, I point out that the allegations made by Mr. Webster are not only sound but highly likely to have occurred. The spyware package in question is not marketed as a service desk tool for remote access, but rather a surveillance tool used most typically in industries where a high degree of end-user monitoring is necessary.

    In his very weak denial of the allegations, Mayor Cook shows his lack of sophistication and lack of understanding of the true design of the software in question. Which begs the larger question of why he is personally going to such lengths to make sure auditors have unfettered access to city financial records.

    What exactly is Andy Cook so afraid that the clerk-treasurer and city councilors will find that he is going to such efforts to end-run them for his own audited version of things? Could it be that a normal independent forensic audit might expose wrongdoing?

Comments are closed.