This one is a little different.
A hacker group has leaked internal data from the City of Fort Worth’s online systems, city officials announced Saturday.
The city was notified around 4 p.m. Friday a group called SiegedSec had downloaded data and posted it online, said Kevin Gunn, Fort Worth’s IT solutions director, in an online press conference. The group first published the information on Telegram, then on Twitter.
This included pictures, spreadsheets, invoices, emails and other internal information from View Works, he said. It’s a system that facilitates maintenance work orders for Fort Worth’s transportation, public works, parks, recreation and property management departments.
But Gunn confirmed no sensitive information from Fort Worth residents, business or employees was leaked.
“The information contained in the amount of information we’ve been able to go through has not been sensitive in nature and is, by and large, information that we would release through a Public Information Act request,” he said.
Fort Worth officials are working with federal and local law enforcement to investigate the incident, Gunn said.
Officials in Fort Worth, Texas, confirmed that a website with government information was breached and accessed by a group of hackers but downplayed the severity of the incident.
On Friday, a hacking group named SiegedSec took to Telegram to claim that it stole about 500,000 files from the government of the city, which has more than 935,000 residents.
The group claimed it stole administrator credentials and made copies of work orders, employee lists, invoices, police reports, emails between employees/contractors, internal documents, camera footage and more — about 180GB of data in total.
The group did so, it said, because of Texas state politics.
“Texas happens to be one of the largest states banning gender affirming care, and for that, we have made Texas our target,” the group said.
“Now you may think, ‘SiegedSec! What if the F.B.I comes after you???’ And to that we say, “GOOD LUCK, WE’RE BEHIND 7 PROXIES!” Enjoy.”
A spokesperson for the city government directed Recorded Future News to a press conference held on Saturday, where the city’s Chief Technology Officer Kevin Gunn confirmed the attack.
Gunn said the city was initially informed of SiegedSec’s posting on Friday afternoon by the Texas Department of Information Resources’ Computer Incident Response Team.
“The city of Fort Worth has confirmed that the posted information did originate from our computer systems. However, that data came from a website that our workers use to manage their maintenance activities and not from the city’s public facing intranet website,” Gunn said.
“It appears the hackers downloaded file attachments to work orders within the system and those attachments include things like photographs, spreadsheets, invoices for work performed, emails between staff, PDF documents and other related materials for work orders.”
A sample of the documents shared by SiegedSec and viewed by Recorded Future News corroborates that assessment.
But despite what was leaked, Gunn claimed that their investigation has not found any “indication that there has been sensitive information related to either residents or businesses or employees that has been released as part of this incident.”
As an example, Gunn said the average document leaked concerned things like potholes or sidewalks that needed repair.
None of the information was “sensitive in nature,” Gunn said, adding that overall most of it is data that “would be released through a Public Information Act request.”
Gunn said the investigation uncovered that the group stole login information but it is unclear how they managed to accomplish that. No other systems were accessed and no sensitive data was accessed or released, Gunn reiterated.
SiegedSec claimed it hacked the government of Arkansas and Kentucky last year after the state banned abortion following the Supreme Court decision to overturn Roe v. Wade.
But state officials later confirmed that the group simply downloaded publicly available record data.
It sounds like this was probably a credential stuffing attack, thought it could have been more focused than that. There are two main differences between what happened here and what happened in Dallas and other recent attack victims. One is that the attack was not on Fort Worth’s network but on a third party provider for Fort Worth. This is a common tactic – the massive Target breach from a few years ago originated as a compromise of one of Target’s suppliers, which was then leveraged into an attack against Target. As such, the threat that SiegedSec could use this to pivot into something bigger should be taken seriously, which it sounds like Forth Worth has done. I note this mostly to say that this is another thing that government entities need to be aware of, since they do a ton of business with third parties who will have some level of access into their systems. You may have strong security systems, but if your vendors don’t that presents a real risk to you.
The other difference is that in this case the leaked data was not sensitive in nature. That may be happenstance, or it may be that SiegedSec was more interested in making the news than in doing real damage. That’s a little hard to say because it’s a little hard to understand their motives here. I get the reason for their protest, I just think they picked a goofy target for it. It’s not the city of Fort Worth that banned gender affirming care, and the Legislature doesn’t care what happens to Fort Worth. As such, I’m not sure how much of an ongoing threat they are, especially given their recent record. (There may be more to them than this, I haven’t looked any more deeply into it.) It’s still a reminder that local governments are a frequent target and often an easy one, and that they have to think about security beyond their own borders as well. I hope this is all there is to it for Fort Worth, but I also hope they’re thinking a little bigger than just what happened here. And I very much hope that Houston and other cities, as well as other local government entities, are paying attention to all this stuff, too.