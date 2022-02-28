People recently looking to find out about upcoming youth sports programs may have got an inadvertent eyeful.
As of last week, the top of a “Rutland Recreation and Parks Department” Facebook page was occupied by photos of a scantily clad woman, purportedly a Rutland resident named “Chantria Anney,” who tagged the department in her photos to express “joy all over.” The page’s banner photo was a suggestively cropped version of a woman.
However, the “Rutland Recreation and Parks Department” page is not the page of the Rutland Recreation and Parks Department. The official page, titled “Rutland Recreation,” instead featured photos of staff breaking up ice at Giorgetti Arena to replace it with turf.
The apparent hacking was enough to affirm recent concerns raised about cybersecurity.
Recreation Superintendent Kim Peters said she learned of the existence of the second page when called by a reporter, and that she went from believing it was an old page the department no longer used to one that was generated as a “park” page.
She said she was attempting to have it taken down.
“Obviously, it’s concerning to some degree,” said Mayor David Allaire. “I’m not sure what kind of damage, what kind of hacking can be done, but it does raise a red flag.”
The page’s “page transparency” section lists it as having been created on Feb. 10, 2019, and it includes the department’s office hours, an outdated mailing address and a link to the department’s website. The page also includes a handful of non-spam posts, such as Triple S Vending announcing in November it had the contract to service the Rutland Recreation Community Center and posts about a 3-on-3 basketball tournament and the Gift of Life Marathon.
A similar duplicate page appears to exist for the Department of Public Works — created in 2015 — but the posts there were almost entirely political cartoons and memes placed there by a city resident.
The duplicate pages and the apparent shenanigans on the recreation page came to light as some city officials are lobbying for City Hall to start paying more attention to its information technology infrastructure in general, and security in particular.
“We’ve never delved deeply into it,” Allaire said. “With the way things are in the world today, it’s probably time.”
Allaire said the city gets IT services on an on-call basis.
“I don’t believe we have a contractual relationship,” he said, adding that he did not know who the city used or how often it had been used. “They were hired some years ago to do the work for us and they’ve done the work right along.”
Allaire said thus far, the city’s systems had been secure, and the only difficulty he was aware of was his city email address being used in an attempt at an online scam.
“Someone sent out an email with my dummy address, or a copycat email with my address on it, asking for something outrageous,” he said. “It was obvious it wasn’t me. Nothing’s been compromised that we’re aware of.”
Zoning Administrator Andrew Strniste, who used one of the recent hearings on spending the city’s American Rescue Plan Act funds to lobby for IT upgrades, said he did not see any specific vulnerabilities or shortcomings in what the city had, but that incidents like the 2020 ransomware attack on the University of Vermont Medical Center were reason enough for municipalities to be wary.
“It’s more wanting to get ahead of a problem,” he said. “Since I’ve been here I haven’t noticed anything. It’s just trying to be more proactive. ... It’s a matter of when rather than if.”
Strniste said some of the staff had met with Dominion Tech in Williston about what sort of services are available and that they hope the Board of Aldermen will approve a request for proposals for a managed service provider.
While the city, with scores of employees and a budget in the tens of millions, might seem large enough an organization to merit an in-house IT manager, Strniste said larger communities such as Burlington and South Burlington outsource IT services.
“I think it’s situational,” he said. “When I was in North Dakota, I believe Fargo had their own tech people, but they’re in a radically different financial situation.”
