A Suffolk County legislative committee investigating the 2022 ransomware attack also will probe county employees’ knowledge of illegal bitcoin mining in a county data center in the years before it was reported to the Suffolk district attorney in 2021, the committee chairman said.
Newsday on Sunday reported that several county employees who worked for the Department of Information Technology suspected or knew of the illegal crypto mining operation by the Suffolk clerk’s assistant IT director, Christopher Naples, from six months to four years before one employee alerted the district attorney’s office. One employee in a sworn statement said the county’s top cybersecurity coordinator told him bitcoin mining by Naples had been operating since 2017.
“I’m disappointed no county employees came forward if they knew about this,” said committee chairman Legis. Anthony Piccirillo (R-Holtsville). “I can understand their trepidation and why they would be afraid” given what he said was a legacy in county government of retribution and intimidation.
Piccirillo said the committee “absolutely will be asking questions about it.”
WHAT TO KNOW
A Suffolk legislative committee will probe what county employees knew about illegal bitcoin mining in a county data center in the years before it was reported.
Newsday has reported that several county employees suspected or knew of the crypto mining operation from six months to four years before the district attorney was alerted.
The committee also is investigating the Sept. 8, 2022, ransomware attack on Suffolk government.
Meanwhile, Naples is moving on to new pursuits.
On March 21, Naples was reelected first executive vice president of the Riverhead County Center unit of the municipal workers’ union, the Association of Municipal Employees, according to a flyer posted at the clerk’s office.
AME spokesman Michael Skelly said, “As of now, we do not have notice of formal charges from within the union, so his rights as a union member were preserved. If he is removed from employment as a dues-paying member, he will step down from this position, as he will not be able to perform his official duties. Suffolk AME President Daniel Levler and the Riverhead unit leadership have requested that Naples step down prior to his term starting July 1, 2023, so he can focus on his legal matters.”
Authorities charged Naples with third-degree grand larceny, public corruption and computer trespass. His case is pending in Southampton Town Justice Court, where his lawyer, William Keahon, earlier this month said he expected the case to be resolved soon. Naples has another court date in May.
Naples was suspended with pay after his Sept. 8, 2021, arrest in connection with the bitcoin mining. He earned $149,721 last year, according to payroll records.
Just how much Naples earned in bitcoin has not been revealed. Business records show that a company he operates, IT Fusion, reported $835,000 in sales last year.
Bitcoin is a form of cryptocurrency. It is based on what is known as the blockchain, which is a series of data points linked together. Adding a block to the chain requires that somebody make sure that the encryption was done right. That’s called “proof of work,” which is the same as bitcoin mining. That’s done through a complex mathematical process. When someone successfully completes a proof of work, the reward is a bitcoin.
Earlier this year, Piccirillo told Newsday the committee also would investigate why a dozen county IT employees and officials had signed unprecedented nondisclosure agreements in the aftermath of the ransomware attack.
Newsday has since received copies of those nondisclosure agreements in response to a Freedom of Information request, and among those who signed them were Scott Mastellon, commissioner of the IT Department, and deputy commissioner Ari McKenzie, who is also chief technology officer. The NDAs indicate that the 12 people who signed them were given access to the county’s “sensitive Cloud and On-Premise Applications,” including “information or data regarding county employees and personnel.”
Suffolk Comptroller John Kennedy in a Newsday story last month corroborated information from a county source that the IT employees had signed NDAs to review private county employee emails starting last fall. The source also met with an investigator from Suffolk District Attorney Ray Tierney’s office about the nondisclosures. Some county employees are seeking whistleblower status to speak to the committee and the district attorney, said a source who is seeking that status.
Tierney at the time declined to comment on whether his office was investigating, but Piccirillo said, “I look forward to investigating the legalities of those nondisclosure agreements.”
Suffolk County explained its use of NDAs this way: “Because of the county’s decentralized [information technology] infrastructure and because county IT follows a policy of least privilege to minimize access, the county needed all hands on deck to assist with restoration of county services, therefore the Incident Response Team needed enhanced access to information they previously did not have access to.”
Piccirillo said his committee, and committee counsel Richard Donaghue, continue to press the administration of County Executive Steve Bellone for information about the county’s response to and preparedness for the attack. He said the committee recently received copies of a 40-page report about the event by a division of Palo Alto Networks, the company that provided the firewall and other cybersecurity systems in advance of the attack. Piccirillo and others have raised questions about the appropriateness of Palo Alto’s Unit 42 division conducting the probe, given the company’s role as cybersecurity products supplier.
Piccirillo also said the committee is reviewing a batch of emails provided by the Bellone administration following a request for some 8,000 emails dating back to June. He said depending on the completeness of the material, the committee would determine whether or not it needed to subpoena the administration for more information.
The committee will meet later this month to determine when to hold public meetings and who the first witnesses will be.
The information provided in our posts or blogs are for educational and informative purposes only. We do not guarantee the accuracy, completeness or suitability of the information. We do not provide financial or investment advice. Readers should always seek professional advice before making any financial or investment decisions based on the information provided in our content. We will not be held responsible for any losses, damages or consequences that may arise from relying on the information provided in our content.