A recent notice from the Cook County Sheriff’s Office announced the temporary disruption to the Code Red system.
Code Red is part of IPAWS, the Integrated Public Alert Warning System, which allows government agencies to communicate emergency messages to the public.
County Management Information Systems Director Rowan Watkins explained that recently, Rode Red experienced a data breach. In that breach, the names and contact information of people who have signed up for the service were stolen. The passwords they used to sign up were also part of the breach.
“It sets people up to really send tricky phishing emails where they could impersonate a local government and try to trick somebody into clicking on something,” Watkins said. He added that the stolen passwords could also pose another security problem. “If you have a common password that you do use for your banking or other things like that, then you know they have that information, and they could try that on other accounts.”
Watkins said that at this point the security issue has been fixed, and Code Red has launched an updated program. For those who were previously signed up, their account information will be manually moved by the sheriff’s department to the new system. He said that members of the public don’t need to do anything, but he does suggest increased vigilance when it comes to their cyber security and managing the threats of scammers.
“We’ve had a really huge increase in pretty sophisticated phishing attacks across the county, across the country, but in particular in the county, we’ve had quite a few,” Watkins said. To anyone who receives suspicious contact, Watkins encouraged them to reach out with questions.
In addition to the updated Code Red program, Watkins said there is additional work happening at the county to improve cybersecurity. The county is moving away from the long-running URL ending (cook.co.mn.us) in favor of a simple .gov.
Watkins explained that the shift to using URLs that end in .gov improves the public’s ability to recognize scams. He said the former ending, which was longer and more complicated, allowed more opportunities for a scammer to use an email that is only slightly different from the genuine county URL.
Over the next six month, Watkins and the MIS department will be adjusting all county email addresses and other URL uses. The current URLs will remain active, but reroute to the new addresses.
WTIP’s Kirsten Wisniewski spoke with Rowan Watkins about cyber security. Audio. of that interview is below.