We Are in the 1% – Yay!

As many Lampassholes on Facebook were griping today about their utility bills being wrong or non-existent due to the 10-day computer outage from the recent attack, one dunce named Melissa Johnson wrote “well, you can’t really rag on the IT Department about that…after all, 20 other cities got hacked”.

I guess that is one way to look at it.

A better and more accurate way to look at it would be to say “well, 2000 other towns DIDN’T get attacked – thus 99% of the towns in Texas managed to keep their systems secured”.

But that’s just me.

“Minimal Impact” Computer Disruption From Cyber Attack Appears to End on Day Ten

Well, ten days after the initial ransomware attack, the City appears to have their utility department website back up! Great job tech department TSM Consulting!! Can we assume ALL systems are back to normal? Hopefully the Dispatch or Radiogram will have some real information on this.

Now, we will await a full accounting of what exactly went down, how it was solved, and what will stop it from happening again.

Was Kristy Acevedo Negligent or Incompetent?

Kristy Acevedo holds the title of “Network Administrator” for the City of Lampasas. She and her superior, Monica Wright, are paid quite well ($180,000 in salary and benefits – Pay Group 30 for Monica and 22 for Kristy) to “maintain and troubleshoot all network systems and equipment” (this is taken directly from the City of Lampasas description of her job).

The city spends over $300,000 per year on the IT Department and has spent about $1.5 MILLION DOLLARS on that department over the last six years. They are proposing a huge increase to $374,000 this year alone.

So it’s hard to argue they don’t throw enough money at that department. Hell, Monica had enough cash to blow almost $100,000 on a NO-BID audio/visual system for City Council chambers last year, when she COULD have only spent $34,000, so they are clearly rolling in dough. Perhaps I have simply been right all along in saying they are totally unqualified and in way over their heads. Incompetent, is the word I am looking for here.

Employees of the city serve “at will” and can be dismissed at any time [Section 13.01 of the City Personnel Policy]. One of the many reasons for possible dismissal listed is “Incompetence or Neglect of Duty”

Now, this problem hasn’t even been resolved yet, so the finger pointing can wait until our TWO IT ‘experts’ have fixed their mess….but after the dust has settled, it seems City Council should be looking into how this was allowed to happen and whether our Network Administrator was incompetent or neglectful of her duties. Considering how many days off they get per year, there is about a 20% chance one of them wasn’t even at work last Friday!

The Finley-Spin Begins. Here is a TRUE Ransomware Timeline

City Hall is already starting to spin the narrative on this ransomware attack, so I felt it necessary to start and maintain a timeline of what REALLY transpired and will continue to transpire – with my commentary in brackets:

Friday August 16: Somebody launches a ransomware cyber attack against 22 Texas cities this morning. That same day, multiple Lampasas citizens start questioning why their utility payments aren’t being processed. According to the August 21 Radiogram, “IT Director Monica Wright immediately implemented response protocols for this type of incident.” [This is the spin it took Finley FIVE days to come up with? So the official spin is “thank god Monica was there to slam the barn door shut well AFTER the cow got out, knocked over the lantern and burned down the city…the very same door she left wide open in the first place.]

[The “protocols”! Sounds very sophisticated. Like a James Bond movie. I’d guess the actual “protocol” was Monica voiding the entire contents of her bowels into her underwear, yanking the power cord of her personal computer out of the wall thinking that might help, and then running in tears to Finley’s office sobbing about some “randomware” on her computer. Finley then turns a sickly green color and calls TSM or the state of Texas or SOMEBODY who knows SOMETHING about computers, dammit!!!]

Friday afternoon August 16, Saturday August 17, Sunday August 18: Not a peep from the City about this disaster. At this point, the police and sheriff computer systems had to be down, but that was not made public. I know this because the police system was still down on Tuesday the 20th at 5pm [and yes, I have proof]. I know they will say “we couldn’t make this public since we had a target on our backs”, but that is a pile of nonsense….because remember, the quick-thinking Monica had ALREADY implemented “protocols for this type of incident”…which any moron must assume included chopping all connections with the outside Internet world to prevent further damage….right? [at this point, the City probably hoped to solve this quickly and sweep it under the rug so as to not be completely embarrassed. Thus total radio silence]

Monday August 19: I myself started getting suspicious reading about all the people unable to pay their bills and remembering the attacks in Texas the previous week. Still not a PEEP from the city 72 hours after the incident….and police systems STILL presumably down.

Tuesday August 20: Finley tells a blatant lie to the Radiogram, saying that “a series of unrelated incidences [sic] caused the Sheriff’s Department, Police Department and Utility Department to go offline last Friday and the problem is being corrected.” [Why make this blatant lie? This is why I don’t ever trust a thing Spinley/Finley says. The cat was going to get out of the bag eventually and you know damn good and well the CITY MANAGER knew this was a coordinated attack three days ago – so why tell this complete b.s. about “unrelated incidences [sic]??]

Tuesday August 20: This very blog begins to connect the dots and get info from reliable sources at the city and state level that Lampasas DID get hit – despite Finley’s lie in the Radiogram that very morning. This blog questions Gary and Finley point-blank about it by email around 3:30pm. By 9pm, ACM Gary Cox admits they were hit and federal authorities are involved.

Wednesday August 21: The Radiogram finally prints an official statement from the Police Department that includes all the b.s. Spinley/Finley has produced after five days of polishing this turd. The most laughable part of the Spinley’s yarn is this part:

“While this attack did have some impact on City operations, the City implemented its continuity of operations plan and continued to provide City services with minimal impact to our citizens……As of press time, the City of Lampasas utility department is still offline. They are assuring customers that no cut-offs, or late notices are being processed. They hope to be back on line by Friday morning”.

[Seriously?? Continued to provide city services with minimal impact? Yeah sure….everything was just fine except all the broken parts. Lol. Then a few sentences later they say the utility department is STILL offline!! AND, they HOPE to have this mess sorted out by Friday!! A FULL WEEK after the attack! (but the impact is limited, lol) That is some serious b.s. spin, right there. Wow. Bill Clinton himself couldn’t have spun dog shit into diamonds that well].

Thursday August 22: Problem still not solved. A source of mine entered city hall and saw our two intrepid IT “experts” looking “quite frazzled”. [Probably the first full week either of them have clocked in years]

Friday August 23: One full week after the attack – problem still not solved. The Lampasas Dispatch Record reports on the attack – and regurgitates much of the same palaver reported in the Radiogram. The Original Lampasshole also makes an official Open Records Request and asks for copies of these “response protocols” and “continuity of operations” plans that were supposedly implemented in the wake of the attack.

Saturday August 24: Tried to log on and use the “Pay Utilities” page….still not up. Eight days and counting!!

Sunday August 25: The “minimal impact” STILL continues – cannot log onto the utilities payment page. How long until they just give in and pay the ransom? Will it come out of Kristy’s paycheck? Do they even know how to buy bitcoin?? We shall see…

Monday August 26th: Systems appear to be back to normal after 10 days. Mayor Misti “Drunken Sailor” Talbert thanks the City Staff for all their “hard work during the ransomware attack” (page 66). No seriously. She did.

Tuesday September 3rd: City attorney Christy-Jo Brown writes a six page letter to Texas Attorney General pleading their case as to why I should be denied information about the ransomware attack. Yup – keep the taxpaying citizens in the dark. As usual.

Monday September 9th: requests come flooding in for replacement equipment to replace servers and computers ruined in the ransomware attack – currently over $36,000 of equipment is ruined.

When the the clouds of dust settle from this debacle, there needs to be a very PUBLIC and HONEST accounting of what the hell happened. Answers to things like:

  • How EXACTLY did they get in?
  • Exactly when did Finley realize this was part of the statewide ransomware attacks and how quickly did he call in the REAL experts?
  • How long was the police system completely down?
  • Was ransom demanded? How much? Did the city pay in full?
  • Which “experts” were called in and how much did they bill the city for this mess?
  • Where was Kristy Acevedo Friday morning and afternoon? She is not mentioned at all, yet her job is “Network Administrator” and the network was left vulnerable and attacked.

Ransomware Attack Confirmed By City

It’s official.

According to Assistant City Manager Gary Cox, “the City of Lampasas is one of 22 entities which was affected by a ransomware attack that occurred last Friday.  The matter is under investigation by federal law enforcement authorities at this time.”

Wow.

No word on the amount of “ransom” demanded by the perpetrators. I’m sure the Dispatch and Radiogram will be all over this with the details soon (right guys?).

How much are they demanding, if anything? Will the city pay up? Will any heads roll in the IT Department or City Hall for this colossal screw-up?

Stay tuned.

Contacts at State Level Tell Me Lampasas WAS Hit By Malicious Computer Attacks

The birdies are chirping too loudly for me to ignore now. I am told by well-placed sources at the state level that Lampasas WAS on the list of cities hit by the malicious cyber attacks last Friday.

If true, this is a HUGE black eye for City Manager Finley DeGraffenried and our TWO IT ‘experts’ Monica Wright and Kristy Acevedo. For a department which sucks up $300,000 $374,000 per year of the city budget, it is highly embarrassing and unacceptable. I love hate to say “I told you so”, but I did tell you so….about 50 times over the last 12 months: our IT Department is an overpaid, under-qualified joke – and now the city is AGAIN paying the price.

There are plenty of clues that I am correct. The most glaring is that even though the attacks happened last Friday the 16th, Finley stated in yesterday’s Radiogram (four days later) that the problem “is being corrected”.

Not “corrected”….but BEING corrected…as in, still NOT corrected.

When a computer problem is not solved four days later, it tells me that either (1) somebody is holding them hostage and they are locked out of their own systems or (2) it is so bad that even the expensive outside REAL computer experts are having trouble figuring it out – which means a LOT of billable hours at about $150 per hour, I’m guessing.

Lampasas City Offices Go Offline On Exact Same Day as Texas Ransomware Attacks…Hmmmmmm

As previously reported, around 20 to 23 cities were hit last Friday August 16th by malware/ransomware attacks. On the EXACT SAME DAY, City of Lampasas offices were reported to go offline.

According to the Radiogram, City Manager Finley DeGraffenried assures us that “a series of unrelated incidences [sic] caused the Lampasas County Sheriff’s Department, the Lampasas City Police Department AND the Lampasas City Utilities Department to go offline last Friday. He stated that technicians were called in, and that the problem is being corrected.”

Well, that is one hell of a coincidence.

I have directly emailed City Manager DeGraffenried AND his assistant Gary Cox to either confirm or deny that this was related to the statewide attacks last Friday. They have not responded.

I DO have a few questions and observations, however:

  • The “problem” (singular) is being corrected? You just said it was a series of unrelated incidences [sic] (plural). Which is it?
  • What was the “problem”, exactly? Did somebody spill coffee on multiple keyboards in multiple departments at the exact same time?
  • Why did “technicians” need to be called in? We have TWO highly paid Information Systems “experts” in a $300,000-per-year IT Department who supposedly handle this kind of thing, no? Who were these technicians? TSM Consulting? Camp Mabry? How much did THAT cost to fix? Is it fixed? Sounds like it isn’t….birdies are chirping right now on Tuesday evening telling me the systems are STILL down.

I look forward to answers to all of these questions, but unfortunately I expect the City to be evasive about the true nature and scope of the problem – seeing as how I have been harping on their IT Department for over a year now. They would love nothing less than to see me proved right.

Side-By-Side IT Comparison: How Overpaid Are Monica and Kristy?

I hate to flagellate a deceased equine, but literally every single city or county I look at makes it more and more obvious that our IT Department is FAR larger and more expensive than it has any right to be. Just for kicks, I recently compared the entire COUNTY of Burnet to our little town of Lampasas. Here is what I found:

LAMPASAS

Population 7,800

Area 6.2 square miles

IT staff – 2

IT salary $125,881

IT benefits $55,081

Consulting expense $21,600

TOTAL $202,562

BURNET COUNTY

Population 50,000

Area 1021 square miles

IT staff – 2

IT salary $113,336

IT benefits $43,788

Consulting expense $0

TOTAL $157,124

As you can see, Lampasas spends 29% MORE on salary, benefits and paying for outside consultants.

I have included “consulting” in this comparison because it represents the money we hand to TSM Consulting ($1,800 per month, every month) to be on call to do Kristy’s job for her. That is just the MINIMUM. They actually pay them more when there is actual work to do….but I am being conservative in my comparison.

You may notice the benefits are wildly higher here in Lampasas – something I have railed against for a year now. Here is the breakdown on benefits:

Kristy and Monica: $19,288 for retirement and $25,905 for insurance

Burnet county: $12,520 for retirement and $21,528 for insurance

The annual retirement contribution is FIFTY-FOUR PERCENT HIGHER here in our little town than it is 15 miles down the street. Insurance is TWENTY PERCENT HIGHER.

Yet more proof that our IT Department is over-staffed, over-paid and under worked. I say “under worked” because Monica takes off over TWO MONTHS every year, when you add it all up (as I did).

But that STILL isn’t enough loafing around for our IT Princesses! Oh, no! They want MORE time off, as you can see below:

Marble Falls ALSO Has No IT Department.

Marble Falls – which is right down the street and has a similar population – ALSO has no IT department. According to Kaleb Kraenzel, the Assistant City Manager: “currently, our organization contracts out with a local company for that service”.

That makes TEN cities our size I have checked with and ZERO IT Departments. That’s 0-10 on IT Departments….not a very good batting average, even for government work. The facts look worse for Monica and Kristy every time I get a response from another city manager.

Marble Falls takes in about FIVE TIMES the money we do in sales tax ($150k per month versus $750k), so there is clearly more money sloshing around there….yet STILL no IT department.

I asked Mr Kraenzel how much they spend on their IT contract and am waiting to hear back.

Hell, even Copperas Cove, which is around FIVE TIMES our population, only spends about $380,000 on their IT. Five times larger yet they spend roughly what we do? Very odd.

Clearly, we are overstaffed. I’m going to call the Lampasas IT Department the Department of Redundancy Department from now on. Monica has been feathering her nest for almost 14 years now. Perhaps it is time for a change.

Lampasas City IT Department Should Be Eliminated and Outsourced – May Save the City Hundreds of Thousands of Dollars PER YEAR.

[QUICK synopsis for those of you new to this site: our IT Department consists of TWO people – neither of whom hold basic network certifications from Microsoft or Cisco and who subsequently pay TSM Consulting tens of thousands more per year to do THEIR network jobs for them. Monica Wright was somehow awarded with the sinecure (look it up, Monica) of Director of the IT ‘Department’ 13 years ago and her BFF and underling Kristy Acevedo comprises the rest of the “department”. Their ‘department’ was budgeted THREE HUNDRED THOUSAND DOLLARS this past year…which includes their $181,000 in salary and benefits see page 24 and 25].

[Monica came to my attention last July when she oversaw the award of a no-bid contract to Azbell Electronics for almost $100,000 for the City Council chambers A/V system (TVs and microphones, essentially). I later discovered City Hall had actually gone out for competitive bid the FIRST time on this and had awarded the contract to Broadcast Works for $34,000. This was then rescinded for reasons unknown and the contract awarded with NO BIDDING to Azbell Electronics, also for reasons unknown].

I have spent the last week going over the city budgets of NINE other random small towns in Texas to see if THEY waste such colossal sums on an IT “department”. They are all very close to us in population size, although some are slightly larger and have a higher per-capita income. I used THIS list to find my candidates.

I have also sent an email (twice) to the manager of all those cities, although some never bothered to answer me. Either way, I looked over their city budget AND their city organizational flow charts looking for “IT Department” or “Technology Department” or something similar.

NOT A SINGLE ONE OF THESE TOWNS HAD AN IT DEPARTMENT OR TECHNOLOGY DEPARTMENT.

Not only did they not have a DEPARTMENT they didn’t even have a PERSON. They outsourced their IT to large, expert companies like Barcom, TSM, or Network Plus.

The cities I researched are: Carthage, Gladewater, White Oak, Princeton, Hitchcock, Sanger, Crockett, Kaufman and Silsbee. Results are as follows:

Kaufman city manager Mike Slye told me they have a third-party contract for all IT services. He did not say which company it was.

Hitchcock city administrator Marie Gelles told me they “have a third-party contract with Barcom for IT services“. I requested the amount spent or a link to that department…no answer yet.

Carthage budget, website and organizational chart show no IT Department. I am waiting to hear back from city manager Stephen Williams CPA. They DO, however, have a civic center which ran a $112,000 deficit last year ($147,400 to operate vs $35,000 in revenue). The year before that, it ran a $92,000 deficit. Bruce “The Rascal” Haywood’s micro-penis will probably become fully erect after reading about that kind of reckless and profligate spending.

White Oak city manager Melba Haralson told me “we contract out those services“. Side note – this was one of the more impressive websites I navigated – slick, fast and extremely well laid out. Whoever is in charge of all that is quite a professional…an “anti-Monica”, if you will. Their budget summary and layout is incredible. [Fun fact: their expenditure on city salaries and benefits in the latest budget is $2,374,216 ($1.354 million of that is police). Ours is over $8 million.]

Gladewater apparently has never heard of email. I can’t find a single email for ANY city employees or departments. By far the shittiest and most incomplete of all the websites. In other words – perfect. The city probably spends close to nothing on a site nobody goes to anyways. Brilliant. I’d be shocked if they have a Monica or Kristy type on their payroll milking them dry. Maybe I’ll call them.

Crockett appears to have no IT Department. They are the city I profiled the other day who blow $86,000 per year on a civic center operating deficit. Waiting to hear back from the city administrator John Angerstein (awesome name). [Fun fact: city of Crockett operating budget of $8.1 million….they also spend $3.289 million on personnel – we spend over $8 million]

Princeton Assistant City Manager Lesia Gronemeier told me that “currently we contract this service out and will continue to do so for approximately the next three years“. Their budget shows no sign of an IT or tech department (page 22 organizational chart). Pretty sweet website for this city as well.

Sanger also has a fairly slick website and awesome budget page but appears to have no IT department (page 29 organizational chart). I could not find an email for a city manager or other big wig, so I emailed the city council….waiting to hear back. [Fun fact: very similar in government size to Lampasas with around 100 employees and a $25 million budget – however, “salaries and benefits” total $6.241 million in Sanger (page 49) and over EIGHT MILLION in Lampasas (so we somehow spend about 30% more on salaries and benefits)]

Silsbee city manager DeeAnn Zimmerman was very pleasant to deal with and informed me that “the city of Silsbee uses Network Plus for all of our IT work”….so they have no IT Department.

It is my belief that City Council and the City manager of Lampasas (Finley DeGraffenreid) need to seriously look at this department and decide if TWO full time employees are actually needed. I find it very hard to believe that the tiny town of Lampasas has 80 hours of IT work per week to keep them both occupied all day long. And by “IT work” I mean actual IT work (server migration, installing cabling, troubleshooting)….not Monica running over to the library or golf course to change a printer cartridge. I’m pretty sure every grown adult knows how to do that.

My personal belief is that the second IT position was created because (1) Monica was incapable of doing the work and (2) Monica then gets to be a “director” of this one-woman department – which I assume comes with higher pay and even less work. If the city had hired a competent IT tech to begin with, there would have never been a need for someone else.

It seems to me there are several options, all of which benefit the taxpayer:

  1. Eliminate the entire department and outsource everything. Gary Cox should get on the horn and talk to all these other cities to see if this is feasible. If they can outsource to TSM or Network Plus or Barcom for, say, $120k per year, they are STILL saving $180k per year overall – or $1.8 million over the next ten years. Think of all the roads and water lines that could be properly maintained with that money.
  2. Eliminate the second (redundant) “network administrator” job and give Monica a chance to actually get certified to do real IT work so she never has to call TSM consulting – this would result in TSM’s contract being cancelled – saving tens of thousands per year and also saving around $80,000 more as Acevedo’s redundant job position is eliminated. It would also mean Monica actually has to work full time instead of taking off 8 weeks per year. This would save about $1 million over ten years.
  3. Fire Monica and Kristy both as unqualified, hire some 24-year-old tech nerd right out of school who DOES possess all the normal network qualifications (Cisco or Microsoft) and let him actually do everything the job requires (no more calling TSM and handing them $30,000 a year to solve your problems for you) – a “one man department” who is well-qualified and pay him a decent wage. This eliminates the TSM contract as well as Monica and Kristy’s bloated salaries – or probably around $1.1 million over ten years.