ATLANTA — The City of Atlanta is refusing to say whether it used a software that’s at the center of a massive computer attack, whose victims include U.S. government agencies and major American companies.
One security and privacy expert tells Channel 2 Investigative Reporter Richard Belcher the city’s position is “laughable” because huge organizations as diverse as the U.S. Treasury Department and Microsoft have already publicly admitted being victims of an attack that is widely believed to have originated with Russia. But Atlanta refuses to answer even basic questions about the SolarWinds debacle.
“I don’t fault them for being compromised. Where I do fault Atlanta is in their complete lack of transparency,” Dr. Andy Green of Kennesaw State University told Belcher. “You asked a basic question: Did you use the software? They declined to answer.”
Green helped Belcher prepare a list of questions about the city’s relationship – if any – with SolarWinds, whose compromise caused a massive and long-running attack on computer networks all over the world.
[DOWNLOAD: Free WSB-TV News app for alerts as news breaks]
A city spokesperson emailed that answering our questions “could compromise the security of the City against various potential harmful acts and actors, especially ... where the software in question is known to have been compromised by criminal actors.”
“It’s laughable that the City of Atlanta thinks that they have any more at risk, that they’ve got any more of a threat that they’re facing, than the Department of the Treasury,” Green responded.
Richard T. Griffiths, a retired CNN executive who is now with the Georgia First Amendment Foundation, was equally unimpressed with Atlanta’s refusal to answer questions about SolarWinds.
“If the city is in any way compromised, the public has the right to know what happened and how,” Griffiths told Channel 2.
The GFAF disputes Atlanta’s contention that the information about SolarWinds requested by Channel 2 is exempt under the Georgia Open Records Act.
“This attack has already happened, so they can’t claim that by trying to prevent a security attack, they can withhold information. This has already happened. The horse is out of the barn,” Griffiths said.
Green says it’s impossible to know the long-term effects on any of the organizations that had their systems compromised by the attack on SolarWinds software. He told Belcher that once inside an organization’s system, the malware quickly went about creating other “back doors” into the system. Finding all of them will take time.
“This is going to be a situation that is going to be unfolding for months, if not years. And we may never truly understand the full depth of damage that was done by this espionage,” Dr. Green said.
[SIGN UP: WSB-TV Daily Headlines Newsletter]
He praised MARTA, which responded to the same questions Channel 2 put to the city with a simple statement: “MARTA has never utilized the software version that has been impacted.”
Atlanta updated its initial statement Tuesday, emailing Channel 2 that it has received several media inquiries about SolarWinds but “…at this time, the City will not provide any information with respect to such requests in order to safeguard the security and the integrity of the City’s networks and systems.”
Green told Belcher providing too little information is too often the case with Atlanta.