I was watching the KELOland news report last night on the SOS office, and allegedly missing documents, and I have to say that was one of the most confusing stories I’ve ever watched.
It seems there’s a bit of folderol and a lot of confusion about a few things. A “hack,” “a server,” and some documents that were taken off-line. I guess I’m confused about the hype, because at least for the parts I’m aware of, it seems there’s a lot of misinformation out there.
Speaking about the alleged “hack” that happened, if it’s the one I’m thinking of in April of 2012, if I recall, it was one of those annoying, but occasional things that happen from time to time.
Someone outside of state government was trying to grab copies of the business filings that resided on the state of SD’s Mainframe Server. BIT – The Bureau of Information Technology – would have notified us that someone was eating up all our shared resources. And when I say they were eating up resources, they would have been trying to figure out how to download all the public documents placed on-line at once.
And that’s an important point. These were all public documents, just like campaign finance reports, lists of notaries, etc. There’s no secret information stored there. Same stuff any joe off the street could go in and ask for today. However, the system was designed to allow people to look up documents one at a time, as they are today. But try to take them all, which was not ever intended, and it creates a log jam.
So they (BIT) shut down that portion of our website until tech support could block them. That required us to put a notice on our web site that business filings were unavailable on-line, and people seeking it could call in for the information. (And you still couldn’t get it all at once, either.)
As soon as the offending party was identified and blocked, or the solution found, click, they flip the switch back on.
And that leads me to the other point. The “server.” At that point in 2012, any and all business filings would have still been in an old format, and residing on the state’s mainframe server, inside the state’s firewall.
In fact, I’m not sure contracts had been signed yet on a project that was in it’s infancy – to move state election night reporting onto the Microsoft Azure cloud and off of state servers because BIT was screaming about the resources needed to serve up the results.
(And for those asking, that Microsoft Azure cloud server, as far as security went, it was backed by a global incident response and monitoring team 24/7.)
For the rest of it, it happened after I left, so I can’t speak to it with any authority. That, and business filings weren’t my area. I managed the staff who handled notaries, pistol permits, the office computer guy, and I wrote the blue book.
When you’ve got a story that talks about “hacks” and “servers,” most people’s eyes glaze over, and if someone wants to make something of it, it’s pretty easy to gin people up because most people don’t understand. And a “hacked system with thousands of documents being taken off-line” is much more exciting than blocking someone trying to download too much at once.