Computer break-in story in California

["Richard M. Smith" <rms () computerbytesman com>]

http://www.mantecabulletin.com/articles/2005/09/30/news/news1.txt

SSJID files accessed by chance


*       Firm contends it was all legal 

*       Consultant may sue PG&E 

*       Contractor browsed 31 files 

*       SSSJID computer stolen 

*       SSJID worries about 715 files 


Meridian Pacific -- the consulting firm PG&E claimed sent them files
obtained illegally from the South San Joaquin Irrigation District --
contends it was by chance they accessed files at SSJID's Manteca
headquarters.

The Sacramento firm has been conducting its own investigation of what
transpired on Sept. 13 in the board room where SSJID files were
electronically transferred using wireless technology. The computer forensic
investigation was conducted by AmeriTechnology Group of Sacramento.

Meridian Pacific in a memorandum distributed Thursday contends the SSJID
"had a wireless network connection that was publicly accessible by any
member of the public attending a meeting or public hearing at the SSJID
offices."

Meridian Pacific was hired by PG&E to coordinate its media campaign to
counter efforts by the SSJID to use state law to force a fair market sale of
the local power distribution system as part of its plans to reduce
electrical rates to Manteca, Ripon, and Escalon customers 15 percent below
what PG&E charges.

Public access

Meridian Pacific said its contractor -- a recent college graduate they had
hired to attend and take notes at SSJID meetings -- had simply turned on his
computer on Sept. 13 and it automatically connected to accessible wireless
connections.

The company provided a copy of its investigator's computer forensics report
that showed the contractor's computer had a screen that automatically
connected it to any available open wireless network. There is also a page
that showed directions on how to scroll down to access various folders.

The memo from Meridian Pacific states the "publicly accessible" wireless
network did not require a username or password.

"In fact when a computer with standard wireless setting is turned on it
automatically (is) connected to the wi-fi network," the memo stated. "This
wi-fi network then automatically transmitted a shared network folder that
was labeled with numbers to the (Meridian Pacific) contractor's computer.
Much the same way a radio station transits over frequencies to your radio."

Browsed 31 files

The memo further states "Meridian's contractor spent a brief time browsing
31 documents in this publicly accessible shared folder and forwarded seven
to Meridian Pacific Inc. Imagine a public meeting with handouts on a table
when you walk in the door."

The forensic report provided by Meridian Pacific shows that "brief time" of
browsing was between 8:58 a.m. and 11:47 a.m. The names of the 31 files --
many of which were in a folder used by SSJID General Manager Steve Stroud --
were blacked out in the report Meridian Pacific distributed.

The report indicated the contractor e-mailed Elizabeth Hansell at Meridian
Pacific a summary of that day's SSJID meeting at 11:54 a.m.

Earlier, at 10:29 a.m., the contractor had sent to Hansell at Meridian
Pacific a brief e-mail that read "Liz, I am at the meeting and I was able to
pull some documents off the public network regarding the takeover. Most of
the stuff, you probably are aware of, but it might be worthy to look through
all the documents. Are you interested in them? They were simply on someone's
unprotected, public portion of their shared documents. So I took them and
saved them."

Other e-mails sent by the contractor to Hansell while he sat in the back of
the board room during the Sept. 13 meeting detailed how long the board had
discussed various agenda items and a statement "the utility report was
pretty good. There was no discussion here. Only a report."

At one point the contractor noted, "Just let me know when you guys are going
to mail the check so I can keep an eye out for it. My roommate doesn't
always give me the mail. If you want me to do this again in the future, let
me know."

A Meridian Pacific employee and Tom Ross -- a partner in the firm -- viewed
seven documents the contractor e-mailed "only briefly." They concluded they
were public documents. They then forwarded the material to PG&E.

"Based on these facts, Meridian Pacific believes that it and the contractor
did nothing illegal or unethical," the report noted. Meridian Pacific also
emphasized from the time PG&E on Sept. 16 notified SSJID it had fired the
firm and contacted the FBI, that Meridian Pacific had been cooperating fully
with SSJID's investigation.

PG&E has a different take on the gravity of Meridian-Pacific's actions.

"Let me reiterate, PG&E didn't access SSJID's computers and believe
Meridian's actions were unethical and unacceptable," PG&E spokesman Jon
Tremayne stated in an e-mail Sept. 21. "PG&E will not tolerate conduct of
this nature from employees or consultants. A member of Meridian Pacific
forwarded to one PG&E employee, via e-mail, approximately seven files
Meridian obtained from the SSJID computer network system. A copy of that
e-mail and all attachments was provided to both the Federal Bureau of
Investigations and SSJID."

May sue PG&E

Meridian Pacific told the Capitol Weekly News that PG&E may be subject to
legal action from their firm for possible defamation. Meridian Pacific said
the flap has already cost them one client. There is also a concern the issue
may be a factor in the coming weeks when Max Rexroad, a partner in the firm,
conducts his campaign for Yolo County supervisor.

PG&E on Sept. 22 delivered disks containing copies of the SSJID files to the
public agency a week after they came into the possession of the San
Francsico-based utility.

The files were originally transmitted to PG&E's Stockton office by Meridian
Pacific, according to PG&E accounts. A PG&E employee opened the e-mail on
Sept. 15, glanced at the attachments, and quickly closed them after
realizing they were SSJID files. He then alerted the PG&E legal department.
On Sept. 16, PG&E fired Meridian Pacific, called the FBI and contacted SSJID
about what had happened.

715 files being checked

Stroud indicated this past week its forensic expert said as many as 715
SSJID files may have been accessed by unknown persons. Until a more
extensive investigation takes place, they will not know who may have
accessed the files using wireless technology.

The SSJID has since tightened its computer security.

Preliminary examination indicates that wireless technology could have been
used for someone to access, scan, and possibly even steal up to 715 SSJID
computer documents relating to the public agency's bid to reduce Manteca,
Ripon, and Escalon retail power rates by at least 15 percent. The SSJID is
in the middle of a multi-million dollar battle with PG&E to assume control
of the retail power system serving the three communities and surrounding
countryside.

SSJID General Manager Steve Stroud could not offer specifics Tuesday except
to confirm initial investigation showed that up to 715 files relating to the
SSJID takeover bid of the local retail power system had been accessed.
Stroud noted computer forensics is a long, laborious process especially
since 25 computers are involved.

He said steps have been take to tighten security involving the SSJID
computer system.

There is the possibility that many of the 715 computer files may have been
accessed without authorization could point back to the May 13 theft of a
laptop computer and audio visual equipment from Stroud's office at SSJID's
Manteca headquarters. That theft occurred after the May 11 meeting SSJID
gave about its plans to takeover the PG&E system to Farm Bureau members at a
gathering at the Ripon fire station on Murphy Road. PG&E representatives
were in attendance at that meeting.

A man asking to use the SSJID office's restrooms is suspected of ransacking
Stroud's office and stealing a SSJID laptop computer with information
pertaining to district efforts to takeover the PG&E distribution system.

The Friday, May 13, incident prompted SSJID management to upgrade internal
security -- including installing a coded entry keypad to gain access through
a swinging door separating the public areas from the staff areas.

No one gave the incident much thought until earlier this month when PG&E
dropped the bombshell that they possessed confidential files that had been
stolen from the SSJID system by Meridian Pacific.

The laptop contained software providing access to SSJID's computer system
using wireless technology.

The SSJID has contacted the San Joaquin County's District Attorney's office
and the U.S. Marshall's office in San Francisco in response to the computer
hacking,

Water district officials have warned the theft of SSJID files has the
possibility of compromising or rendering "useless" eight years of work an
more than $4 million the public agency has spent on exploring the best way
to enter retail power sales.

To reach Dennis Wyatt, e-mail dwyatt () mantecabulletin com

By DENNIS WYATT

Managing editor of the

Manteca (Calif.) Bulletin

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.