By George Gramlich | Sangre de Cristo Sentinel
Editor’s Note: The following story was shared with the Rocky Mountain Voice by the Sangre de Cristo Sentinel. This article is being reprinted with their permission.
In an unbelievable turn of events. It has been alleged by multiple sources, that a county employee, allegedly repeatedly hacked into a multitude of county computers, installed sophisticated “mirroring” software on them, and accessed via the spyware and possibly other methods (including flash drives) unknown amounts of confidential and extremely sensitive Custer County data (including emails). It is alleged that this has been going on for years! It is also reported that this employee allegedly accessed our supposedly protected Dominion voting machine!
The employee has been reported to have been put on paid administrative leave and perhaps fired.
This report is based on multiple, reliable sources.
In an email letter to Custer County elected officials sent by Custer County Sheriff Rich Smith on August 30th, he reviewed the situation is some depth. Here are some notable quotes from the email:
“Last week, a county employee reported an apparent violation of a Colorado law on cyber security by a different employee to a department director and a deputy. We gathered information and consulted with the DA, CBI, and the FBI about the next course of action over the next two days.”
“We determined that the information technology infrastructure at the county was not secure. Vernon Roth worked all weekend to determine what network components from inside the county connected to the outside world. These components are things like modems, routers, hubs and even software packages. We wanted to keep these activities secret to prevent the suspect from being able to log in remotely and cause further damage until the security plan could be implemented.”
“On Monday morning at the beginning of the day we executed search warrants and seized privately owned computers and phones that we learned had the ability to interact and/or control the county government IT infrastructure. “
“While we have a suspect identified, we have not filed charges or made an arrest. This person has had access to every computer in Custer County Government. Going through this electronic media is time consuming and will be on the timetable of the CBI.” (Editor/GG: “CBI” is the Colorado Bureau of Investigation.)
“This breach could have begun as long as four years ago. It was certainly active during early 2022 and ramped up in the past few months.”
It was mentioned to the Sentinel months ago that there were suspicions in the Sheriff’s Office that someone was hacking their email account, but nothing was discovered. However, just recently, more evidence surfaced, and a county employee came forward with damaging information which caused Sheriff Smith to request assistance from the Colorado Bureau of Investigation (CBI) and outside cyber security experts to find out what was going on.
A search warrant for an “orange Subaru”, a county office and a local home was executed on Monday, August 26th. Measures were taken by our Information Director, Vernon Roth, during several days to secure our county system from outside interference.
Of huge importance, it was reported that the alleged perpetrator was given access to our County’s Dominion voting machine for some reason. It was reported that he indeed allegedly accessed the machine. If this is true, our Dominion machine could possibly be corrupted. Whether this can be fixed in time before the November election is unknown. Due to the sensitivity of the Dominion machine, simply replacing the software doesn’t seem to be a safe solution. A new, untarnished machine is probably the correct solution. If that can’t be done in time for the November election, perhaps, the counting of paper ballots, proposed by many Custer County citizens, might be the simplest and cost-effective answer.
It is unknown at this point whether there were any accomplices to the alleged cyber hacking or who might have received any stolen data from the alleged hacking. (If these allegations are true, you have to ask, why? What was the motive/motivation? My guess is it was done to aid others. Who? People with cases, criminal or civil, against the county? Or it could even be politically motivated – a search for some dirt on an elected official. Recall issues? So, we might have a whole cast of characters involved here. This could get interesting…)
It was reported IT Director Vernon Roth, has not been implicated in the alleged crimes.
The Colorado Bureau of Investigation is handling the case as the Sheriff’s Office is a victim of the alleged crimes, necessitating the need of an outside law enforcement agency to do the job. As the CBI has extensive expertise and experience in cybercrimes, Sheriff Smith asked them to do the investigation. It was reported that CBI has given the job to its Major Crimes office in Pueblo. (Which is a BIG deal.)
Note that, at this point, only a search warrant has been issued and executed. No charges have yet been filed. As the CBI is in the midst of multiple cybercrime investigations, it might be some months before any charges are made.
The Commissioners had a two-hour Executive Session at their August 29 BOCC meeting. The subject was a “personnel matter” and a “security” issue. At the meeting was Sheriff Smith, IT Director Vernon Roth, County Clerk Kelley Camper and Human Resources Director Robert Smith. No decisions were announced after the Executive Session was over.
Note that all the reports/statements etc. noted above are allegations only. No arrest warrant has been issued.
The Sentinel will give you a complete update on all the developments as they come out. Any especially important news will be immediately posted on our website, sangredecristosentinel.com or on our Facebook page.
CBI TO CUSTER COUNTYDATA BREACH
READ THIS AND OTHER COVERAGE AT THE SANGRE DE CRISTO SENTINEL.