State computer systems experience up to 300 million hacking attempts daily
(KUTV) Computer systems for the state of Utah are being bombarded with attacks at a rapid fire rate -- sometimes hundreds of millions a day -- a dramatic increase from just a few years ago.
"In 2010, my IT director was letting me know that the number of attacks we were averaging a day were between 25,000 to 80,000," said Keith Squires, Utah Commissioner of Public Safety. "We had peaks in the past year or so that were over 300,000,000 a day."
Most of the time, the hackers are not sitting in front of a keyboard and screen, but programs set in motion by them are sweeping state systems, searching for signs of weakness. Think of it as a constant stream of searchlights, crisscrossing your neighborhood, looking for an open garage door.
"Although other states were seeing increases, most were not seeing anything like we were," Squires said. "We didn't realize it at first, but my opinion is in that same time, Utah was getting a lot of notoriety for the NSA facility that was being built here."
The massive, highly-secretive NSA Data Center is now a reality in Bluffdale. It might have drawn attention under any circumstances, but NSA whistleblower Edward Snowden likely fueled interest, and prompted questions about what exactly the NSA does at the sprawling facility.
It may not be Utah's only big target for hackers.
"The dynamics of Utah have changed," said the State of Utah's Information Security Director, who cooperated with our story, but did not want to appear on camera, and asked us not to use his name, for fear of drawing hackers' interest. He suspected advanced weapons systems at Hill Air Force Base, and more tech companies in Utah, could also be contributing to more hacking tries on the state systems.
2News asked a man who called himself a former punk hacker, now cyber security expert, if it makes sense for hackers to break into get into the state system to get to NSA, Hill, and tech firms.
"Sure, because they know they're doing business with the state all the time," said Neil Wyler, who helps large businesses and organizations defend against hackers.
To illustrate, he used a hypothetical example of a business that hackers could not penetrate, but they knew employees of the company liked to eat at a pizza place down the street. So the hackers infiltrated the pizza business website, spread pizza coupons at the firm that was their real target -- encouraging workers to download a corrupted pizza "menu" -- only to allow the hackers to troll the real target's computers.
Squires called the state and federal systems "totally separate," but that may not stop hackers from trying.
"Everything is here, all information, governance, everything," said Sen. Karen Mayne, D-West Valley City. "If they hacked us, they'd really hack the whole state."
She spoke from experience.
Several years ago, Mayne sponsored anti-graffiti bill at the legislature. A group took offense and hacked the website of the Salt Lake City Police Department, which was down for months.
"I think the hackers made their point, a wake-up call for all of us," said Mayne, adding that after the hackers struck, the legislation died. "If they can do this one little bill in Utah, what's the magnitude?"
"We did even experience nation states targeting us, the Utah Department of Public Safety," said Squires, who declined to name the country, but explained its aim was "trying to get into other secure databases that tie into the federal system." It was his opinion the ultimate effort was "national security related."
Indeed, the Utah Information Security Office -- staffed 24/7 -- said it blocks traffic from wide ranges of IP addresses in China, Russia and Indonesia.
"There's no way for you to deal with 100 million (attacks), a number like that, without saying, 'Okay, how do we distill this down to something that actually matters," said Wyler. "Is that a nation state that's trying to do that? Is that some kid in his parent's basement in Nebraska?"
For Wyler, the ardent defender, what scares him is complacency.
"It's so sensationalized and so constant that people stop caring," he said. "That's when we're in trouble."
Added the state's top information security officer, if the state is experiencing an onslaught of hacking attempts, chances are -- in some measure -- so is your computer at home.
Follow Brian Mullahy on Twitter @BMullahy2News for breaking news, updates and more.