• How secure is City of Atlanta's network months after cyberattack?

    By: Aaron Diamant


    ATLANTA - A Channel 2 Action News investigation found potential vulnerabilities in the City of Atlanta’s computer network.

    We wanted to know how secure that network really is as a result of the city spending millions of tax dollars after the March cyberattack to prevent another one.  

    We had a former FBI analyst run a series of scans on the city’s network just like a hacker would, looking for a way into the system. Our expert stopped well short of breaking any laws.

    [READ MORE: City of Atlanta confirms 'ransomware cyberattack' on network servers]

    We sent the list of potential vulnerabilities he found to the city. A city spokesperson told us they are not saying much because the federal government told them not to.

    “Back then, I would say they deserve a D- or an F,” said former FBI analyst Willis McDonald of Atlanta’s cybersecurity strength when a massive ransomware attack in March hit the city’s network.

    “This really is an attack on our government, which means this is an attack on all of us,” said Mayor Keisha Lance Bottoms in March.

    The attack crippled many key city departments, shut down Watershed Management’s online payment portal, wiped out the Atlanta Police Department’s dashcam video archive and the city’s Municipal Court system descended into chaos.

    “That is pretty scary, and I do expect them to put some things in place that this doesn’t happen again,” said taxpayer Annette Barber in March.

    Over the last six months, the Bottoms administration has still said almost nothing about the full scope of the attack, or the specific steps it has taken to prevent another one.

    Earlier this year, we exposed a confidential internal city report given to us by a source that confirmed the city spent about $5 million on emergency contracts and could be on the hook for an additional $11 million in future contracts.

    The only time the city’s point person for the recovery effort, Chief Operating Officer Richard Cox, agreed to an interview, he told us in May, “I think we are prepared much better than we have been before.”  Again, Cox shared no details.  

    “Right now, you’re putting your trust in the City of Atlanta,” McDonald said.

    We asked McDonald to run a series of new, common vulnerability scans on the city’s network. In late October, McDonald gave us a list of the potential vulnerabilities he found that could be ways for hackers to get into the system.


    We’re not putting them out there because we don’t want to give the bad guys a roadmap. But we did share them with nationally known cybersecurity strategist Morgan Wright.

    “They still have some vulnerabilities that go back to 2010 that have not been patched, so I think they’ve got to do some work to really refine it to give the citizens and the taxpayers confidence that, hey, we’ve really got this under control,” Wright said.

    He told us the key to building that trust is transparency. “This is the perfect time to follow throughout that and show people you are transparent, you’re accountable and for you to sit down and explain what’s going on,” Wright said.

    Willis told us his scans and clues from all those emergency contracts tell him the city has made significant improvements such as changing service providers, reducing the number of systems connected directly to the internet, and moving more services to a secured cloud. 

    We asked Willis what grade he would give the city now and he told us, “Maybe a B-.”

    We sent the list of potential vulnerabilities we found to the City of Atlanta.  

    A City spokesperson sent us this statement:

    “The City of Atlanta is committed to ensuring the ongoing safety and security of the City’s cyber-infrastructure. The cyber threat landscape is ever-evolving. As part of its comprehensive security protocols, the City continuously monitors its networks for malicious activity and threats and remediates such threats when discovered. While the City places a high priority on transparency, the City is following the recommendations of its federal partners and security experts in limiting the amount of information disclosed regarding the City’s security protocols as such information can be used by criminals and bad actors’ intent on doing harm.

    Ensuring maximum security is a shared and paramount priority for all Atlanta stakeholders and the City is grateful for all its partners, including the media, in ensuring the ongoing safety and security of the city and its citizens.”

    Next Up: