InterLock Group Breaches St. Paul, Exposes 43GB of City Records
Yesterday, the double-extortion gang Interlock revealed on their Tor leak site that they had compromised computer systems belonging to the City of Saint Paul, Minnesota, leaking exfiltrated personal identifying information (PII). This attack was significant enough that it made the local news, covered by KARE 11, which is an NBC-affiliated television station.
According to Interlock’s Tor site, they stole 43 GB comprising 66,460 files, which contain 66,460 files and 7,898 folders, which are largely centric to the parks and recreation department sectors. They released 6 images as a sample of what the leak contains, depicting passport photos, contract agreements, municipal budget documents showing the city’s budget status, confidential contact lists, and other internal records.
Saint Paul’s Mayor Melvin Carter claimed that the cyberattack does not impact residents’ personal or financial information. However, a careful inspection and subsequent analysis of the leaked data suggest that this claim may be misinformed.
According to reports, city officials confirmed that Interlock left a ransom note in the wake of the attack. While the city is managing the security incident, the only publicly known detail is that it has refused to pay the ransom. The demanded amount has not been disclosed.
Furthermore, the City’s website is clearly aware of the security incident, posting a banner at the top of their official website with the following message: “The City of Saint Paul is responding to a digital security incident. Emergency services remain fully operational.”
The files Interlock leaked for public viewing contain a wealth of information, detailing the broad and complex nature of city management.
- City letters certifying individuals banned from entering properties after incidents
- Trespass notices
- Incidents involving sexual harassment
- Vehicle accidents
- New employee payroll input forms and other employment records containing PII
- Employee time sheets and staffing information
- Parks and aquatics program participation statistics
- Various invoices and rentals
- Purchase requisitions
- Land titles
- W2 tax forms containing PII and more
- Desktop or workstation credentials and Apple ID login
- Network configurations, and more
Ostensibly, the trove of data covers every aspect of the city’s recreational facilities management, from departmental staffing to the official forms used for handling nearly every element of daily operations. This contains more than enough personal information for wholesale identity theft.
Interlock had this to say on their leak site:
“The government of the city of Saint Paul, Minnesota, including its representatives and employees, is extremely careless and irresponsible about the security of their city, because of this, a large part of the infrastructure was damaged, brought a lot of losses and damage! Including in the worst position were residents whose data was compromised in the internet! Saint Paul, Minnesota, population is about 310,992 people. The city is part of the Minneapolis - Saint Paul metropolitan area.“
As a final note, perhaps the city’s Technology Department should consider ensuring the city’s digital infrastructure is reasonably secure from any future threats of this magnitude. As a personal note, I imagine that the fallout from cyberattacks like these is often accompanied by legal ramifications, as well.