Comments

You must log in or register to comment.

d-cent t1_j41ejqo wrote

Not a single sentence on the cyber attack. Was it a ransomware? Was it just a burn attack? Was it sophisticated?

35

EpictetussutetcipE t1_j423t30 wrote

I always assume ransomware when they refuse to provide details and it's an extended "outage". Likely attempting to use FBI sources keys to decrypt the data and exhaust all other options before they finally state the scope of the problem.

Not how anyone should handle the incident... but that's how they chose to I guess?

7

OneHelluvaUsername t1_j46lv3i wrote

Paralegal for a real estate law firm here.

Per my local Town Clerk, it was a Christmas Day hack. No ransomware detected, per the host sites (Cott Systems/Record Hub) Forensic audits are being run, according to title insurance companies.

If the hackers were looking for SSNs, they won't find them there. But it's not a bad place to start for stealing someone's identity.

There's been a lot of spoofing of attorney emails to facilitate wire fraud (successfully in one instance where I work). Why the client (who works in e-commerce) didn't think it odd to wire $47k to a florist in Indiana is beyond me ¯_(ツ)_/¯. But our company had to do a full forensic audit (and that took time). The FBI was involved.

I'm assuming the FBI will be involved in this much bigger hack, too.

Other towns affected:

  • Pownal
  • Arlington
  • Shaftsbury
  • Manchester
  • Dorset
  • Pawlet
2

cpujockey t1_j4g3oar wrote

People do not take cybersecurity seriously. Social engineering is a real thing. People really need to educate themselves or prepare for unemployment or worse - a stolen identity.

2

OneHelluvaUsername t1_j4gxasl wrote

Couldn't agree more.

My very first job was working as a sales associate at the Gymboree flagship store in NYC.

Corporate (in CA) left alllllll employees' information unencrypted on computers that were stolen one night.

I made minimum wage; had to pay out of pocket for identity monitoring services for corporate's idiocy.

1

cpujockey t1_j4gxek7 wrote

Wtf.

2

OneHelluvaUsername t1_j4gze78 wrote

Yup.

Between that and having to show up at 7am for a "loss prevention course" (see: if you take of the plastic shopping bags for your spare set of shoes, that counted as "theft"), I was not sad to see the company go under.

1

cpujockey t1_j4gzgnj wrote

Fuck that noise!

2

OneHelluvaUsername t1_j4h1t4p wrote

Yup. Store manager (who was actually a great person) decided to leave shortly after that and the rest of us jumped ship with her.

1

sickter6 OP t1_j4kx4ic wrote

When and how do you think the clerks will be able to prove nothing is missing from the records? If you do a ‘full search’ in one of these towns now, how can you be sure it is a ‘full search’ since now you know someone has been in there playing around with the records!? How do we know the hackers didn’t delete any and all irs liens for example. This is my concern…

1

OneHelluvaUsername t1_j4l9n7s wrote

Well, it's been my experience that town clerks have a sixth sense about these things (docs missing from their records), but I'd say the actual burden of proof on that falls to the forensic auditors.

VT digitizing records is relatively new compared to some other states. I believe they got funding from the CARES Act to do so.

Go to the card catolog indexes. They're sorted alphabetically by grantor/grantee name. Depending on the town, they'll be current (except for any docs received/submitted for recording 12/25/22 or later).

1

Express-Day1376 t1_j5304sl wrote

400 different government systems nationwide got taken out. The entire civil court system in Northumberland County Pennsylvania,. Deed recorders in North Carolina, Louisiana and apparently many other places.

1

OneHelluvaUsername t1_j53l4b1 wrote

Well, shit..I had no idea. And will be sharing that at work tomorrow.

The Vermont land records remain offline. Nearing in on a month now.

It's beginning to look a lot like Christmas ransomware.

1

trashtrucktoot t1_j413vov wrote

What's the backup policy? Daily, monthly, annual. Backups are kept offline and tested twice a year right?

"Luke, look to the backups."

There's probably a Disaster Revovery policy for these digital assets. May take a while to recovery but hopefully this can be fixed.

... please excuse me now, going to check my nightly backups.

25

cjrecordvt t1_j426yid wrote

What's that old adage, "If you haven't crash-tested your backups, you have no backups"?

9

museum-mama t1_j41tm3c wrote

Standard disaster procedure is two or three backups with one being kept off site.

6

cpujockey t1_j4g3s5w wrote

Yeah most businesses are too fucking cheap to maintain their disk backup let alone an off-site one.

1

headgasketidiot t1_j41u5op wrote

It's been down since December 26th. They clearly don't have backups, or a disaster recovery plan, or anything. I bet they don't even have an in house software engineering team.

5

OneHelluvaUsername t1_j46o88s wrote

Town clerks print an index of grantees/grantors with the book and page where the deed/mortgage/etc. can be found.

I know the Town Clerk in Manchester used the one day the website came back up to get those indexes printed. But a lot of Town Clerks are part time and grossly understaffed so not all clerks could pull off what Anita did for Manchester.

1

trashtrucktoot t1_j46rl8i wrote

Trust me, I know some Town Clerk people who are doing AMAZING work holding things together with limited resources. The gravity (liability) of hosting important property records as a service is something the provider should understand. I don't expect my Town Clerk to rotate backups. I hope the FBI and other Law Enforcement are helping to investigate. :/

2

NapalmCheese t1_j42mxom wrote

"Town clerk error in your favor. Collect 10 acres."

22

sickter6 OP t1_j432tyl wrote

This is the way

8

cpujockey t1_j4g4ni5 wrote

Man I wish it was.

I'm sick of seeing my peers get the shaft, it be nice to see a common feller get a leg up.

1

headgasketidiot t1_j41txgr wrote

It's been down since December 26th (edit: apparently not true; see /u/mcmdreamer's comment below). I do software consulting for a living and I don't think I've ever even heard of an outage lasting that long.

All these small enterprise shops that provide "records management solutions" to government entities are always a grift. They hire some Eastern European developers to throw together a janky front end on a DB, and then the company itself is mostly just a sales team.

edit: just went through their linkedin. I was right that it's mostly sales, but they also have an in house software team. I guess they're just incompetent.

20

mcmdreamer t1_j428nip wrote

It hasn’t been down since December 26. It was back up last week but went down again so they could add more storage but their shipments were delayed.

3

headgasketidiot t1_j429h98 wrote

All I know about this is from the article, but it says:

>The system went down on Dec. 26, came up briefly in the middle of last week, then crashed again, she said.

Even if what you say is more accurate, that's still functionally down since the 26th. It doesn't do the users any good if you're back up intermittently and go right back down again.

4

mcmdreamer t1_j42bes4 wrote

I am a user of these sites. I was able to use them for land records searches while it was up, and when it’s back up tomorrow or Monday I’ll work on those next in my queue. If I need something urgently, I can’t just call the Town Clerk or travel to the town office.

The Town Clerks are all receiving updates from the CEO every couple days to let them know the current status.

7

headgasketidiot t1_j42cwil wrote

Wow, thanks for your clarification. I'll update my top level comments so they're more accurate. If you're willing, you should drop VTDigger a line and ask them to clarify because that article really gives a very strong impression that it's been entirely down with only the briefest window of being back up.

But also, if I may, that's still really bad service. Most of my contracts specify uptime of at least 99.9%. Usually, the highest level of service is called "5 9's," and it's 99.999%. If any of my clients' things went down for more than a few hours, I'd rightfully be chewed out.

2

mcmdreamer t1_j42ejla wrote

I agree that it’s been inconvenient for sure. But as I stated in another comment on this post, only about half of towns even have any ounce of land records online anyway. So having the online land records of ~60 towns using Cotts down for a couple weeks is still better than the ~120 towns that don’t have any land records online at all.

Edit: typo

3

headgasketidiot t1_j42isjq wrote

Yeah I hear ya. I'd like to think that there's an option other than this and no digitization in the year of our lord 2023.

In my line of work, I run across these kinds of niche government and/or NGO SasSes all the time. The total market for their software isn't that big and their clients are very change averse, so what ends up happening is a few companies carve up the space and never have any competition enter. This makes for small but extremely profitable companies that just sorta stick around forever, even as their service deteriorates. It's a really unfortunate pattern, and I wish governments invested more in co-owned open source solutions instead of letting these grifts continue.

1

[deleted] t1_j42va8v wrote

Don't trust anybody willing to offer IT services to a government.

3

EpictetussutetcipE t1_j4245y8 wrote

It's easy to develop. It's hard to securely develop. It's harder to securely develop on top of securely architected and framework systems and networks appropriately.

I'm going to go with least common denominator and say it was likely something that didn't have MFA...

2

headgasketidiot t1_j424z0a wrote

There's no one single thing that leads to a 3 week outage. That's so beyond the pale and only happens if you have a persistent culture of negligence and mismanagement.

3

Pinakolonopin t1_j43mad5 wrote

This is the way all state agencies are run. There is zero money invested in IT, everything is ancient and the staff is buried under the massive workload.

2

cpujockey t1_j4g4bie wrote

Shit happens. Vendors suck. Not all IT pros are created equally. Still not a good excuse for a proper disaster recovery plan / yearly testing.

1

cjrecordvt t1_j427ajf wrote

> It's been down since December 26th. I do software consulting for a living and I don't think I've ever even heard of an outage lasting that long.

How long was UVMMC down last year?

2

headgasketidiot t1_j429tji wrote

I should've specified that I meant for SaaS, not necessarily for an org's own IT, which is a whole 'nother can of worms. That UVM outage was really something, though.

2

cpujockey t1_j4g4y3o wrote

The fact that no punitive damages were awarded is fucking incredible.

UVM med should burn for this. It took only one entitled employee on vacation with a corporate laptop, a VPN connection and reading personal email to cripple the health care system.

Well done UVM med. You're not too big to fail - you're failing all on your own.

2

BudsKind802 t1_j42dfa6 wrote

I believe it was November-April to get everything totally restored according to a nurse I know, but their main systems were back up by January.

2

pooticlesparkle t1_j43l53a wrote

It was down 25 days. Back entry and recovery took the lab almost 8 months. Back logs and covid and more acutely ill patients after restoration- who knows if that is still happening or some other factor. The hospital is always full.

2

Express-Day1376 t1_j52z1kk wrote

It has been out nationwide since christmas. Here in PA we can't get any civil court orders or dockets and haven't been able to since then. It's crippling the court system. Now I see why this is the only county in the entire state that uses this system.

1

Definitelynotcal1gul t1_j42rx2w wrote

If it's been 3 weeks, the data is gone. That's sad. I liked that website. I used it when we were looking to purchase land.

0

EpictetussutetcipE t1_j42300h wrote

Recent court cases have held companies responsible for not adhering to baseline information security protection requirements. It's caused a ridiculous boom in the industry.

I feel bad for these smaller towns with limited budgets. I would suspect many of them are aged and don't understand the nuances and risks related to information systems, and now are bearing the brunt of that ignorance. I work in the field and can barely keep up, so I empathize with their plight.

Vermont as a state should've mandated requirements from these towns to adhere to certain control frameworks and provided them with expert services/financial support to that end. This is a failure at the state level, and as a country we should've been getting the federal infosec guidelines for smaller towns with limited budgets who could apply for grants to better prepare and protect themselves.

Overall, this just makes me sad.

8

EvilSubnetMask t1_j42jsss wrote

Sadly I've had the following conversation with a customer:

"I can't retrieve your data because it appears one of the tapes is too worn out to be read by the drive."

"What do you mean?! Our DLT-8000 tape backups are the best option, our previous IT vendor told us it's the best system in the business! It cost like $15,000 to put in place!"

"OK...sooooo...do you have any more backup tape sets I can try?"

"They're in the other room across the building."

*We proceed to walk by an area with one of the largest magnets I've ever seen in person.

"Do you put all your backups in this room?"

"Of course, it is secured..."

Long story short, I was unable to restore any of their data from those tapes even verifying with a brand new DLT drive.

6

RobertJoseph802 t1_j43od1t wrote

Most towns in VT have resisted putting their records online for decades. Covid pushed some along but not all.

They are still always available in person at the town office

3

cpujockey t1_j41n2fc wrote

lol.

can't wait to see how this plays out.

1

thisoneisnotasbad t1_j432jb4 wrote

43 towns is not a lot. There are 251 in the state.

The state has its own parcel map project that costs nothing.

*this is a private company capitalizing on a service the state provides for free.

−2

MultiGeometry t1_j43bt2f wrote

Good luck surveying a 200 year old property with some .kml polygons downloaded from the state…

2

thisoneisnotasbad t1_j43qk5s wrote

They also allow deed pulls for free, online, which is what this company does and charges money for.

The parcel mapping program directly mirrors the parcels maps in the town clerk offices.

If you are somehow implying this private company has better records than the town clerk you are sorely mistaken. Not only mistaken but the map at the town clerk is the source of truth so any discrepancies would need to go through a legal proceeding and be recorded by the town (which then would offer them for free) before they became actual property lines.

1

MultiGeometry t1_j44r2ay wrote

Depends on where you live and whether there’s a modern survey. My deed is described as ‘approximately 2 acres where Mr and Mrs Smith have their primary residence along River Rd.’ The polygons on file with the town, and thus, the state, are approximations. My deed implies 130’ of road frontage, but the town records imply 230’. Somewhere between that difference lies half of my barn. With my neighbors, we have gentlemen’s agreements on where property lines probably are. And because everyone is nice, no one has a problem.

I’ve researched the deed back to the 1930s. If I hired a surveyor they would likely need to research the deed to its inception (early 1800s or whatever records still exist), along with all the surrounding plots and various subdivisions before establishing boundaries. Even then, it might require legal agreements with the neighbors to address any ambiguities.

So yes, if the town records suddenly become inaccessible there’s no way for me to legally hire someone to establish my boundaries. If I were to try to sell my home and the buyer gets spooked by the lack of a survey, I’ll be out of luck. If I get a ride litigious neighbor, that’s not something that could be easily resolved.

Vermont is an old state with unique challenges. Losing access to land records is a pretty big deal in some parts where 20th century modernization was overlooked.

1

thisoneisnotasbad t1_j45ryrb wrote

I domt understand your point. This company being offline did not impact access to any land record. The only thing it did was resell public records. Your survey example didn’t make sense to me either. If without a modern survey, the only way to resolve it is to do deed research, this is free from the town.

It seems many people don’t understand this either. This company got access to 1/6 of the towns in VT and is charging people for access to the record they can get for free direct from the town.

  • 1/5.5 to be closer, not 1/6
−1

MultiGeometry t1_j47mpn6 wrote

Except my town directs people to this website instead of bogging down the town clerk with records requests. Just because the website is down doesn’t mean the clerks office magically has new staff. Also, the article mentions that because this company is supposed to be handling records requests, they haven’t indexed the physical records as well as they have had to in the past.

0

thisoneisnotasbad t1_j48akq3 wrote

Nobody except entitled people expect the town clerk to do their record search for them. Who TF thinks it is the town clerks job?

0

MultiGeometry t1_j49n5xt wrote

Im giving up. You seem to have a view of how the world works that lines up with how you wish it worked. I simply can’t convince you that people experience hardships that you were unaware of.

You win. This service outage affects no one. Including me. Just five minutes ago I called up the state office and they’re sending a personal consultant with everything I need to complete an ALTA survey by Monday. I’m so relieved. /s

0

thisoneisnotasbad t1_j4b3hj7 wrote

Are you intentionally misstating what I am saying? I will chose to think you are not and simply don’t understand the point of either article or what the majority of the posts in this thread are about.

If you read you will see most are not about being inconvenienced they are about town records being gone, inaccessible or held hostage. I was pointing out none of those are the case and all the records this company has, the 18% of the state property record, are available for free at your town clerks office. (Or potentially $4/hr max for you to access the books)

While the company adds value, the response to a private data reseller being offline is, for lack of a better term, ignorant.

If you and your business are experiencing hardships because a private company goes offline, that really sucks for you but is not the same as state records being lost or unavailable.

If you can’t see the difference then I’m not sure what to tell you.

0

MultiGeometry t1_j49pgw9 wrote

This is like saying only entitled people expect librarians to help them find a book. It’s literally the town clerks job to maintain the land records, and anyone who needs help or has questions, has a reasonable expectation that the town clerk wouldn’t call them an entitled prick and to go F off.

0

thisoneisnotasbad t1_j4b3pyg wrote

It’s is their job to maintain the records and provide you access, not do your research for you. Nobody is saying you will be called a prick, but expecting the town clerk to pull records for you is peak entitlement.

0

frisbeegopher t1_j45rpec wrote

The records that COTTS provides online ARE the clerks records. Towns contract with them to provide this service. Typically cotts will send a team in to scan the records and create a database which they then put on their portal. Clerks can then add in new records as they are submitted. It costs too much for smaller towns (15,000-20,000 for startup and an operating fee of around 1,000 a month last I knew). Many towns use NEMRC to provide this service instead because it’s more affordable, but NEMRC doesn’t offer scanning service so that leads to older records not being available in digital form because the clerks don’t have time to deal with it.

0

thisoneisnotasbad t1_j45sgeb wrote

That’s exactly my point. There is nothing the company offers that is not free at the town clerks office.

The state did offer some grant funds to scan in NEMRC a while ago I think but it is still not complete.

−1

frisbeegopher t1_j462c80 wrote

The company offers scanning services, database development and web hosting that allow the records to be accessed via and online portal. Town clerks are not able to offer that on their own. There is absolutely value in being able to access records online versus having to drive to whatever town and spend time in the vault doing research. Town clerks charge an hourly rate for vault access in addition to charging copy fees. Particularly during the pandemic when many clerk offices were closed, online services became even more valuable. In my opinion, the state should work towards a statewide database / online record portal. It would overall be less expensive for residents than towns trying to individually make it happen through contracting with a variety of companies.

2

thisoneisnotasbad t1_j48aswq wrote

They do not charge an access fee. That is incorrect. They charge or decline if you ask them to do your research, as they should.

  • the state is working toward a free portal.

*I was mistaken, town clerks have the ability to charge. I apologize for providing incorrect information. My experience was empirical having never been charged in. The town where I have conducted business for in person access to records.

1

frisbeegopher t1_j48yy8f wrote

A town clerk may charge up to $4.00 per hour for any person to examine the records. The fee is higher if the clerk agrees to examine the record for you. So yes, some clerks may offer you time to examine the record free of charge, but they can (and many do) charge for access. https://legislature.vermont.gov/statutes/section/32/017/01671

1

thisoneisnotasbad t1_j4b2nk6 wrote

I was not aware of that statute and updated my post, thank you.

0

MultiGeometry t1_j4bamwp wrote

Yet in your other comment threads you’re still arguing I’m entitled.

0

thisoneisnotasbad t1_j4bdgge wrote

If you think it is the town clerks job to pull land records for you, you are entitled. That should clear up any issues you have with what is being said.

1

MultiGeometry t1_j49nne4 wrote

I’m going to believe the other responder because they provided proof via state law that town clerks can charge fees…

0

bond___vagabond t1_j41qzrn wrote

Look who is unaffected by it, and who is harmed: longtime vermonter, planning to stay at the same place for a long time, no effect. Big money buying up Vermont real estate to flip or make into short term rentals, then roll the profits from that into more real estate buying, yer gonna have a bad time. But I'm sure it will make an increase in pissy phone calls the town clerks have to deal with, so probably not them. So there you have it, the culprit is a long time Vermont resident, who is not a town clerk. (Did I do the reddit detective thing right? Lol)

−8

zonitronic t1_j41utyl wrote

Everyone is affected. If you cannot verify land records, it effectively shuts down most business- public and private- not just real estate sales... No licensing/permitting, no construction, no probate, no repairing roads or utilities... Go ahead and try to get business loan without being able to prove your location or collateral...

This attack only emphasizes the importance of the town's having their own backup systems or hard-copies of the data.

11

mcmdreamer t1_j42ab85 wrote

This is not true. Only half of Vermont towns even have any amount of land records online (meaning some of those only have an index, only have images 2021-present, etc.), and of those, only ~60 use the two Cotthosting websites. On top of that, ALL land records are available in the Town Clerk’s offices as physical copies.

−4

zonitronic t1_j42hr30 wrote

Yes, less than half of the towns even; Yes, the hardcopies of all the land records are still maintained in the vaults... The problem is accessing them: Some of the towns in the Cotts systems did not maintain backups/ hardcopies of the INDEXES needed to find the correct hardcopies of the land records in the vaults, beyond the "daybook" records if the clerk's themselves. If you cannot find the documents you need in a timely manner, they don't do you much good. It affects us all in that having 20+ towns in Vermont effectively shut down for business damages the entirety of the State economy. My apologies if I was unclear.

3

deadowl t1_j43k51n wrote

Make some contracts for people to manually index the records, and feel free to add some buffer room and reallocate excess to indexing records at the state archives.

1

mcmdreamer t1_j42kjb6 wrote

More than half, actually. My current list has 138/256 towns online - maybe more as there are towns I don’t search often so I don’t keep up with. My firm has not needed to postpone any closings or delay any matters because of this. Searches for the Cotts towns are now back to how they used to be - searching the cards, general indexes, book indexes, daybook, etc. - before online land records. Yes it’s inconvenient and more time-consuming but isn’t “effectively shutting down most business” as you stated.

0

zonitronic t1_j431spk wrote

Not sure why you're getting downvoted; seems like a healthy discussion here...

The problem I am running into is that the particular Cotts towns I have been working in did not continue to make physical copies of the index cards (or other physical copies of the indexes) after they went to the Cotts system, so I have not been able to perform searches "back to how they used to be", because there is no index available at all for me to reference from. It is good to hear that it is not the case with the Cotts towns your firm has been working in, but please do not assume all the Cotts towns have physical backups of their indexes- I sure wish they had all been smart enough to do so, but that is not the case.

1

mcmdreamer t1_j436x5q wrote

No clue why I’m getting downvoted haha

Why did your towns not print their index when it was back up last week?? What towns have you had trouble with? Manchester immediately printed the index when Cotts was back up so searchers wouldn’t have to take as much time searching while everything is down.

Like I said, it’s a complete pain but I’ve found searching in-person in these towns is doable and haven’t needed to delay anything because of it.

(Also I’m so happy to see another VT title searcher here!)

2

MarkVII88 t1_j419lza wrote

Does this mean I don't have to pay my property taxes next month? If so...Yay! If not, who gives a shit?

−27

zonitronic t1_j41jgzt wrote

This is quite serious: No real estate confirmations or transactions can be resolved... Shuts down realtors, attorneys, probate, construction, permitting / licensing... Basically, not much new business can be performed at all, public or private.

If you are actually a property owner, and you cannot see the value of having your land records protected, it does not speak well of your intelligence.

20

thisoneisnotasbad t1_j4393bo wrote

Is it 43out of 251 towns. A private company. The state system is up, I pulled a deed yesterday.

0

MarkVII88 t1_j41sdq2 wrote

I don't actually live in one of the towns the article says are impacted by this downtime so........................................................................................................

−18

EpictetussutetcipE t1_j4220fx wrote

So you're a republican then?

"If it didn't happen to me, it doesn't matter" rhetoric signals a lack of empathy and intelligence; which happen to be one of the most common shared traits within latest iteration of the republican party.

You can't see the interconnections, the implications, the possibilities and potential outcomes? Can you only see your selfish view of the world? How unfortunate.

9

TheTowerBard t1_j427zrg wrote

And here we have the source of most of society's issues. If these ignorant schmucks would get out of their own way we could have nice things. Meanwhile everyone and everything else is the bad guy because the guy on TV said so.

10

MarkVII88 t1_j423r5n wrote

I'm not specifically a republican, though I did vote for Phil Scott twice. I think he's done OK.

−9

TheTowerBard t1_j42olpl wrote

Cute “88” in your handle. Golly, whatever could that mean? Surely your not a white supremacist, right? What a joke.

−2

MarkVII88 t1_j42psuj wrote

It means that my first car was a 1988 Lincoln MarkVII. No idea what you're talking about.

2

TheTowerBard t1_j42rjpd wrote

Whelp, you might want to get an idea because there's lots of folks assuming you're a white supremacist with those numbers in your handle.

2

kerosene_pickle t1_j422poj wrote

Your towns tax department isn’t hosted on cott. Tax bills aren’t land records

4