It's been just over a year since the I.T. (Information Technology or computer) Department at City Hall was racked with a scandal involving nearly $12,000 in contracts awarded to a city employee-owned company. That was in May of 2001.

Venice citizen Roy Stout then raised a ruckus about the bidding process for the purchase of 140 AOpen computers. This involved a city contract that had been awarded to local computer vendor Gulf America. Stout complained in an open City Council meeting about, among other things, what he felt were excessive add-on costs. City Manager George Hunt responded that one of the reasons for the additional costs added on to each individual computer was virus protection. Hunt was quoted in the Sarasota Herald-Tribune as asking if Stout and other detractors wanted the City's computers exposed to virus attacks. That was in June of 2001.

Jump forward one more month to July of 2001. SirCam, a particularly nasty little bug, had hit the wild. A local infected computer, unbeknownst to its owner, auto e-mailed out copies of SirCam. One copy of the virus came to me containing the header "I send you this file in order to have your advice." A few more of them went to the City. Between my ZoneAlarm firewall and my Norton Anti-Virus, the little bugger never had a chance of gaining a foothold on my system. The City was not nearly as fortunate. And this is where things begin to get very odd.

Suspecting the City had been hit as well, I called up the I.T. Department. Sho 'nuff, they had a couple of computers whose hard drives were already in furious read/write frenzies as SirCam was trying to figure out what to do in an NT environment without Outlook or Outlook Express. Tech Michel Van Dreunen and Senior Tech Lance Heiss had not yet heard of SirCam. I pointed them both to the Wired.com article on SirCam while I dug around on Norton's site until I found a utility for eliminating SirCam that could be downloaded for free.

This was beginning to turn into an all-day affair. Phone calls were being exchanged back and forth as we all collectively took a crash course in SirCam eradication. It also turned into a crisis management situation for the I.T. Department, as we all quickly learned that City computers off-site from City Hall had also been infected with SirCam.

Meanwhile Heiss did some cursory reading of the links I had provided and had an epiphany: since the City didn't use Outlook or Outlook Express, SirCam posed no threat to the City's computers. Over the phone, I tried to explain to Heiss the difference between SirCam's replication and destruction abilities to no avail. Van Dreunen was arguing the same case in the background. Heiss was adamant: he knew how to read, he knew what he had read, and he wasn't going back to read it again. You can lead a horse to water and all that.

The discussion was getting ugly and I don't think I could have convinced him that grass is ordinarily green.

But one thing I was curious about. A month before, Hunt had proclaimed that the City had virus protection. It was part of what they paid for. What happened?

Already a little insulted by Heiss' attitude, I none-too-politely asked, "How is it that lonesome ole me with just a few consumer products was able to be immune from this bug and you guys with this big budget system let it waltz right in? Do you have virus protection on your computers?"

"No, we don't."

"Wait a minute. A month ago, George was quoted in the papers as stating you did, that that is why you paid extra for the computers. What's the story?"

A long pause, and then, "Well... he doesn't know what we do up here."

Apparently not. And apparently the I.T. Department likes it that way: what Hunt doesn't know can't hurt them.

As long as I had Heiss on the rails, I looked to confirm a rumor that had been floating around. The rumor went like this: a former I.T. employee had supposedly sent an e-mail to the City warning them that their internal network servers were vulnerable to a certain type of attack from outside hackers due to factors like unpatched software. Within two weeks of receiving the e-mail, other hackers had also discovered the exploit and had climbed right in and changed some files on at least two occasions that are known. Not only had the I.T. Department not fixed the hole, they never reported the hack to law enforcement or anyone else.

Or at least that was the rumor.

So was the rumor true? Heiss at first denied then confirmed the rumor, all of it. The e-mail, the two instances of changed files, and the fact that the I.T. Department was made aware of the vulnerabilities and never bothered to follow up. He wasn't too happy about it either: I was told the hackers hadn't gotten into anything sensitive, so it was no big deal, and I was just being nasty. I asked how he knew that nothing sensitive had been accessed. "I just do," he snapped.

SIRCAM MADE SIMPLE:
SirCam has two different payloads: replication by auto e-mailing itself off to folks in the e-mail address book AND destruction of data in infected computers.

If you read the particulars about SirCam on Norton's Anti-Virus site, you'll note that it can be particularly destructive in any computer or network using various versions of Windows, however its replication abilities may be hindered depending on which version of Windows any given computer is running.

In the case of the City's I.T. computers, it would have been unable to auto e-mail itself off to outside users as the City does not use Outlook or Outlook Express and as the City was using a Windows NT operating system.

That said, within the City's network, the destructive part of its payload on infected computers was a potential disaster.

Are we clear on this? Within the City's computers that were infected with SirCam:
No to replication using e-mail;
Yes to destruction of data on infected computers.

Now, having said all of that, SirCam's destructive powers were a tad overblown by early news reports. The bug was and is destructive and it still can be very destructive, but later news reports indicated that it is not always destructive. There are several triggers for some of the payloads, and some of those triggers are obscure at best. It's sort of akin to a bomb that doesn't always go off.

Little of that was known in July, though. Initial news reports indicated that this was one mean mother, and SirCam's payloads, when launched, are a nightmare:

"The general agreement among security and antiviral firms now is that SirCam is both a virus and a worm. It replicates itself as a worm does, and it also performs malicious actions on a computer like a virus does." -- Wired, July 20, 2001, two days after SirCam was discovered.

Van Dreunen and Heiss continued their disagreement about the whole issue, and I backed out and hung up after wishing good luck to Van Dreunen.

Incredible.

I ran into Van Dreunen a few days later and asked him if everything had gotten straightened out. Nope. What about Hunt? He was to be left in the dark, and Van Dreunen wasn't happy about it. To add to the pile, the I.T. Department had only disinfected computers that were initially known to be infected. No attempt was being made to see if any other computers had received the virus, and no attempt was made to protect the individual computers by installing virus protection at the end user level. The official unstated stance was that since SirCam could only be replicated using Microsoft e-mail software, the City was safe. As to any other viral attacks that may come, oh well.

Hunt (and everyone else outside of the I.T. Department) was oblivious. Van Dreunen was now a marked man. Still on Probationary Status as a new hire for another month and a half, he decided to keep his mouth shut and toe the company line. Besides, his family was friends with Hunt's family, so he figured if there was trouble, he could state his case then.

Wrong.

In late August, Hunt took his vacation. When he returned, he discovered that Van Dreunen's termination had already taken place. No reason needs to be given in a Probationary Status termination. Van Dreunen was told that, while his job performance was satisfactory, he was considered surly, distant and arrogant.

I don't know about arrogant, but I can see where a guy could get surly and distant when ordered to be deceptive about business practices, especially when a friend of the family is involved.

QUESTIONS UNANSWERED:
The obvious questions involve why Hunt was deliberately left in the dark. Bear in mind, this is some time after the head of the I.T. Department had been suspended for a week without pay over some shady-looking shenanigans.

Other questions involve the current security of the City's computer infrastructure. How secure is it now? Is anyone likely to get a straight answer?

Regarding the mentioned hacks, why does the City not have in place a policy dealing with hack attacks? It would seem to be common sense that any known hacks should automatically be referred to law enforcement for subsequent follow-up.

POSTSCRIPT:
Michel Van Dreunen's life has been an absolute hellhole since leaving the City's employ. As a young immigrant from Holland married to an American, he's a bit of a fish out of water anyway.

Unable to qualify for unemployment, he has secured a few temp jobs here and there. He's currently out of work and nearly dead broke. In April, his wife had to have an emergency appendectomy. No health insurance. Another $20,000 in the hole, this on top of other debts.

He's a good man. He's honest, he's a smart techie, and he got soooooooooooooo screwed over, so if anyone reading this has an opening, contact me and I'll get the two of you together.