First Time Was Funny….Now It’s Just Sad

City Council met on November 12th for the second time in their new $1.5 million-dollar Fishbowl. I’d like to tell you that they finally got the fancy $95,000 no-bid Azbell Electronics video recording/archiving/streaming system to work this time, as was promised by recently fired resigned ACM Gary Cox well over a year ago. But, alas, it is not to be. Again.

You can hear the $95,000-quality audio recording here: https://www.lampasas.org/Archive.aspx?AMID=212

What’s the over/under on how many weeks it takes Monica to bite the bullet and call Azbell back out to re-teach her how to operate the Ferrari of A/V Systems? Go ahead, Monica. The $1,000 they charge you for the service won’t show up in the monthly list of “checks written for over $4,000″….so I probably won’t see it.

Or will I?

After all, it’s only been about a year since the system was installed and you were trained on it…and another 2 weeks since the last Council meeting. How could I possibly expect a City IT employee of 14 years to get things figured out THAT fast?

I should probably just “sit here for a minute and realize it was very worth it” to shell out $95,000 for an audio recorder and $8,600 worth of 70″ TV screens. Very, very worth it.

City Council Humor…And Crazy Math

Listening to the audio-only recording of the first City Council meeting in the new Fishbowl provided some laughs…even if I had to sit through 90 minutes of absolute agony to get there.

Link to audio: https://app.box.com/s/k7e9kao553yiyt4vgatpfhvx6igyk9gq

The humor (once again) concerns the horrible deal the City wants to make by moving the police department servers from in-house servers to cloud servers.

If you slide forward to the 1:29:25 mark, you will hear (barely – the audio is terriblenot worth $95,000) the explanation as to why the PD needs to make the move to cloud storage. We are told that “by OUTSOURCING our video to a cloud solution, it’s gonna eliminate some work that Monica and Kristy have to do to maintain, update and repair that server.” [1:31:10 mark]

Yes, we definitely don’t want to burden Monica and Kristy with “maintaining or repairing the servers!” That is only, like, their JOB and stuff. Christ, between TSM Consulting, Watchguard, Tyler Technologies and all the others we pay for IT work, the poor girls will have nothing to do but change printer cartridges and head out for an early lunch! Poor dears.

There’s that word OUTSOURCING again! Something I’ve been calling for all along. EVERY city I contacted that was close to our size in population OUTSOURCES their IT. So I’m all for outsourcing – but you ALSO have to get rid of our overpaid IT Department at the same time. Otherwise it makes no sense.

More ‘crazy math’ comes in when we are told they need about 9TB of storage which will cost $270 per month. Apparently storage cost is 3 cents per gigabyte per month – or 9,000 gigs times 3 cents = $270.

Which SOUNDS cheap. Until you go to NewEgg.com and see that you can BUY a 10TB drive for $200 – or 2 cents per gig.

I’m no computer expert and I’m sure that a PD video server and NewEgg external drives are not completely fungible (look it up, Monica) but my point is made: storage is CHEAP in the year 2019. We can BUY storage for TWO cents per gig and own it forever OR we can RENT storage for THREE cents per gig PER MONTH. That makes zero sense to me.

Zero sense, that is, unless the ultimate aim here is to relieve Kristy and Monica of the ‘burden’ of doing their jobs and securing data. Only then does it make a tiny bit of sense.

Another scary thing I noticed from this audio-only recording was how quickly The Seven Goldfish just unanimously vote for massive new expenditures on stuff like this after a 2-minute presentation. Zero research. Zero deep questions. No tabling it until next meeting so they can check on some claims or do some math or ask about other alternatives. Nope. Somebody asks for a big check, and the Goldfish throw tax dollars at it. Easy as that.

The same thing happened with our useless city recycling program. One dummy at a town hall meeting asked for it – and voila: we have a new $12,000 expenditure for something that does ZERO for the environment. It’s actually quite alarming how easily the Goldfish are duped into writing big checks.

It Sure Looks Like IT Department Incompetence Just Cost The City MORE Money

The latest issue of the Dispatch had another interesting nugget jammed into the end of an unrelated article yesterday. Apparently the police department will be using a cloud-based storage system from now on, instead of using their own servers, which they have been doing up til now. From MY reading of this deal, it makes ZERO financial sense. From the Dispatch article:

 “The council voted unanimously to purchase a cloud-based video storage system for the police department. The police department’s existing video storage server is starting to fail, Montgomery said. He added that if the city bought a new physical server instead of using the cloud-based system, the new server would last only about four years.

The cloud-based system will keep data secure, allow for backups and make video-related work more efficient, Montgomery and Information Technology Director Monica Wright said.

The initial cost of the cloud-based storage system is $7,000. In addition, the per-month storage cost – based on the amount of total data the police department stores now – will be about $270, Montgomery said. Recurring annual costs – including software updates and support — will be $10,620.”

A quick look at the math tells me this is an ATROCIOUS deal, financially. The only possible motivation I can think of for this is that the August 16th ransomware attack made them realize just how incompetent our IT Department is and they are now paying up BIGLY to take this out of Monica’s hands and give it to someone who IS competent. I can gather this by how Montgomery points out the benefits of ‘keeping data secure and having backups‘ – which implies we do NOT currently have those assurances under Monica.

Servers cost about $11,000 and are SUPPOSEDLY good for only four years (this is nonsense, but I’ll run with it). So we divide the $11,000 by 4 years and we get a cost of about $2,750 per year set aside for server purchases. That is the CURRENT arrangement – buy a new $10,725 server every four years.

The NEW (financially retarded) deal is this: the City immediately gets bent over for $7,000 as the ‘initial cost’ (for what??). THEN, the City pays $270 a month ($3,240 per year) for data storage. THEN the City gets bent over AGAIN for $10,620 in recurring costs for support EVERY YEAR!!

So we go from $2,750 per year in the current arrangement to $13,860 PER YEAR with the new arrangement! Oh, and toss in a $7,000 ‘initial cost’ on top of it all!! This ‘new arrangement’ will cost the City almost $120,000 over the next 10 years. THAT is yet another REAL cost of having an incompetent IT Department who cannot be trusted to keep data secure.

This most bizarre part of this decision? The City JUST SPENT $10,725 on a NEW PD SERVER earlier this year – Feb 26th, 2019!!! [page 37].

So if we JUST SPENT $10,725 on a new server, then how is it “starting to fail,” as we are told in the article? It’s brand new. And how does a server “start” to fail? It either works or it doesn’t, right?

No, here’s what I think REALLY happened – and this is my OPINION, not fact. It is the only explanation that makes sense to me:

  • PD purchased that server in Feb for $10,725 just like they have been doing all along.
  • The August 16th ransomware attack happens and the police servers get frozen out (we KNOW this happened).
  • I’m guessing the PD servers were either ruined like the water department servers and City hall servers, or had to be rebuilt/recovered at a huge cost of time and hassle.
  • Somebody with a brain realizes Monica should not be trusted with important stuff like the police servers. When Monica ruins City Hall equipment, it can be swept under the rug by a pliable City Manager…but if police servers get bungled, very bad things can happen. Like gigantic lawsuits.
  • The City is in a pickle because they LITERALLY just purchased a new server 8 months ago. They have to gin up this b.s. about the server ‘starting to fail’
  • The Seven Goldfish cannot be THAT bad at math. I just refuse to believe they are THAT incompetent. I presume they are tacitly making a trade and paying an extra $11,000 every year for eternity in exchange for keeping an incompetent IT staff away from the important stuff.

All of this begs the question YET AGAIN: why do we need these two IT clowns in the first place? Why not just outsource ALL of the IT stuff and chop the city payroll by about $200,000 per year? We already have TSM on the payroll for $20k to $30k per year for general ‘network support‘ ….we have Tyler Technologies on the payroll for $44,000 per year…and now WatchGuard will be in charge of the police department IT for at least another $14,000 per year.

If buying a new server every 4-5 years is such a BAD idea and putting stuff on the cloud is such a GOOD idea, then why have we been buying servers all these years? Why didn’t we make this move 12 years ago? Why NOW? I know my guess: a disastrous ransomware attack in August of this year woke up the City to how clueless our IT Department really is.

Not Only Has IT Department Head Monica Wright Not Explained Ransomware Attack – She Skipped The Next City Council Meeting!!

For those of you not aware, on August 16th the City of Lampasas was hit by a ransomware attack. The city network apparently having been left wide open by our TWO highly-paid computer experts. Here is a timeline of what transpired.

You’d think after the city was held hostage for ten days and at LEAST $36,000 worth of equipment was ruined (that we know of), City Council might have some questions and Monica Wright (the HEAD of the IT Department) might have some answers or explanations about how it happened and why it won’t happen again.

Nope.

One reason for the lack of details was that Monica Wright couldn’t even be bothered to show up for the August 26th City Council meeting to make her departmental report!! She sent her sidekick and supposed “network administrator” to the meeting instead [page 1: City Staff present]. See photo of minutes below:

There are only two explanations for this: Monica was on one of her many vacations OR she was afraid to face the music. She loves having the title and extra pay of a ‘department head’, apparently….but she doesn’t want all those icky responsibilities and hard work.

Well, at least Kristy was there to explain it all – since she is ostensibly (look it up, Monica) in charge of the City’s network.

Nope. Apparently Kristy sat there twiddling her thumbs the entire meeting. No report was made by her either. The fire chief made his report and that was the end of any departmental reports (see pages 5 and 6). See photo below:

Not only that, City Council (whom I call The Seven Goldfish, due to their very short memories) didn’t even ask about it!! In fact, Misti Talbert THANKED them for their hard work and that was the end of it.

I’d like to tell you that City Manager Finley “Spinley” DeGraffenried was there to make a report on the cyber attack, but HE wasn’t there either! He sent his assistant Gary Cox to “commend the IT and Finance Departments” over the ransomware attack. I assume he included the Finance Department since they will be writing a bunch of huge checks to replace all the ruined computer servers and computers, right?

Monica Can’t-Wright Requests $6,216.36 In Emergency Funds for Computers Ruined in Ransomware Attack

Apparently the “minimal impact” ransomware event wasn’t entirely minimal. The first casualty popped up in City Council packets (page 103): Monica needs $6,216.36 to replace some ruined computers.

Over $1,000 per computer? Seems high – I see nice computers on Amazon for $300 all the time. But after digging, I see some of that is also for some new monitors! Because computer viruses always ruin the monitors too, right Monica? Or maybe somebody is just using this debacle as an excuse to buy some fancy new monitors. I’d place my bets on the latter.

Must be awesome to work for the city IT Department: Blow hundreds of thousands per year on fancy equipment, take 8 or 9 weeks off every year, get almost $30,000 in benefits IN ADDITION to your bloated salary, leave the City network open to attack and STILL get to keep your job, nobody asks you a single question about how it happened and THEN you tell Spinley and The Seven Goldfish you need over $6,000 to buy some new stuff because you wrecked the old stuff.

Hell, $6,200 is spit in the ocean compared to a $185,000 bathroom – the Goldfish won’t even bat an eye.

Rest assured I have requested records on which department these computers were from, how old they were and what they originally cost. Maybe Jo-Christy Brown will deny me that information as well.

City Attorney Stonewalls My Request For Ransomware Attack Details.

Far from being questioned or chastised about the recent IT Department screw-up which left the City’s computers open to attack, Monica Can’t-Wright and her accomplice Kristy “The Joker” Acevedo were PRAISED for their “hard work during the ransomware attack”! Seriously – there were ZERO questions from City Council about how the attack happened or why the IT Department got caught with their pants down (Council minutes page 66).

Only in government work can you screw the pooch that hard and then get praise for helping to clean it up. In the private sector, you’d probably be looking for a new job. God forbid The Seven Goldfish ask a single question about the entire incident – they have already forgotten it entirely!

What exactly did Monica do to save the day? What were the “emergency protocols” the quick-thinking Monica implemented? The City won’t say! That’s right. After I requested a copy of these supposed “protocols” that Monica implemented, the City attorney, Jo-Christy Brown produced six pages of drivel (lots of billable hours!) in a letter to the Texas Attorney General’s office explaining to them why the City of Lampasas should be able to deny my request.

Of course, I know damn good and well there ARE no protocols. But Ms. Brown and the City of Lampasas are taking the ridiculous position that release of any of this data “might result in a ‘targeted attack’ towards any perceived vulnerabilities”.

So, if I were to ask the fire department any questions about how they respond to fires, they would deny my request in a tizzy because I might use that information to go and burn down some houses?? Absolutely ridiculous.

Just more of the same from the Talbert administration: screw it up then cover it up and tell the citizens to pound sand.

Was Kristy Acevedo Negligent or Incompetent?

Kristy Acevedo holds the title of “Network Administrator” for the City of Lampasas. She and her superior, Monica Wright, are paid quite well ($180,000 in salary and benefits – Pay Group 30 for Monica and 22 for Kristy) to “maintain and troubleshoot all network systems and equipment” (this is taken directly from the City of Lampasas description of her job).

The city spends over $300,000 per year on the IT Department and has spent about $1.5 MILLION DOLLARS on that department over the last six years. They are proposing a huge increase to $374,000 this year alone.

So it’s hard to argue they don’t throw enough money at that department. Hell, Monica had enough cash to blow almost $100,000 on a NO-BID audio/visual system for City Council chambers last year, when she COULD have only spent $34,000, so they are clearly rolling in dough. Perhaps I have simply been right all along in saying they are totally unqualified and in way over their heads. Incompetent, is the word I am looking for here.

Employees of the city serve “at will” and can be dismissed at any time [Section 13.01 of the City Personnel Policy]. One of the many reasons for possible dismissal listed is “Incompetence or Neglect of Duty”

Now, this problem hasn’t even been resolved yet, so the finger pointing can wait until our TWO IT ‘experts’ have fixed their mess….but after the dust has settled, it seems City Council should be looking into how this was allowed to happen and whether our Network Administrator was incompetent or neglectful of her duties. Considering how many days off they get per year, there is about a 20% chance one of them wasn’t even at work last Friday!

The Finley-Spin Begins. Here is a TRUE Ransomware Timeline

City Hall is already starting to spin the narrative on this ransomware attack, so I felt it necessary to start and maintain a timeline of what REALLY transpired and will continue to transpire – with my commentary in brackets:

Friday August 16: Somebody launches a ransomware cyber attack against 22 Texas cities this morning. That same day, multiple Lampasas citizens start questioning why their utility payments aren’t being processed. According to the August 21 Radiogram, “IT Director Monica Wright immediately implemented response protocols for this type of incident.” [This is the spin it took Finley FIVE days to come up with? So the official spin is “thank god Monica was there to slam the barn door shut well AFTER the cow got out, knocked over the lantern and burned down the city…the very same door she left wide open in the first place.]

[The “protocols”! Sounds very sophisticated. Like a James Bond movie. I’d guess the actual “protocol” was Monica voiding the entire contents of her bowels into her underwear, yanking the power cord of her personal computer out of the wall thinking that might help, and then running in tears to Finley’s office sobbing about some “randomware” on her computer. Finley then turns a sickly green color and calls TSM or the state of Texas or SOMEBODY who knows SOMETHING about computers, dammit!!!]

Friday afternoon August 16, Saturday August 17, Sunday August 18: Not a peep from the City about this disaster. At this point, the police and sheriff computer systems had to be down, but that was not made public. I know this because the police system was still down on Tuesday the 20th at 5pm [and yes, I have proof]. I know they will say “we couldn’t make this public since we had a target on our backs”, but that is a pile of nonsense….because remember, the quick-thinking Monica had ALREADY implemented “protocols for this type of incident”…which any moron must assume included chopping all connections with the outside Internet world to prevent further damage….right? [at this point, the City probably hoped to solve this quickly and sweep it under the rug so as to not be completely embarrassed. Thus total radio silence]

Monday August 19: I myself started getting suspicious reading about all the people unable to pay their bills and remembering the attacks in Texas the previous week. Still not a PEEP from the city 72 hours after the incident….and police systems STILL presumably down.

Tuesday August 20: Finley tells a blatant lie to the Radiogram, saying that “a series of unrelated incidences [sic] caused the Sheriff’s Department, Police Department and Utility Department to go offline last Friday and the problem is being corrected.” [Why make this blatant lie? This is why I don’t ever trust a thing Spinley/Finley says. The cat was going to get out of the bag eventually and you know damn good and well the CITY MANAGER knew this was a coordinated attack three days ago – so why tell this complete b.s. about “unrelated incidences [sic]??]

Tuesday August 20: This very blog begins to connect the dots and get info from reliable sources at the city and state level that Lampasas DID get hit – despite Finley’s lie in the Radiogram that very morning. This blog questions Gary and Finley point-blank about it by email around 3:30pm. By 9pm, ACM Gary Cox admits they were hit and federal authorities are involved.

Wednesday August 21: The Radiogram finally prints an official statement from the Police Department that includes all the b.s. Spinley/Finley has produced after five days of polishing this turd. The most laughable part of the Spinley’s yarn is this part:

“While this attack did have some impact on City operations, the City implemented its continuity of operations plan and continued to provide City services with minimal impact to our citizens……As of press time, the City of Lampasas utility department is still offline. They are assuring customers that no cut-offs, or late notices are being processed. They hope to be back on line by Friday morning”.

[Seriously?? Continued to provide city services with minimal impact? Yeah sure….everything was just fine except all the broken parts. Lol. Then a few sentences later they say the utility department is STILL offline!! AND, they HOPE to have this mess sorted out by Friday!! A FULL WEEK after the attack! (but the impact is limited, lol) That is some serious b.s. spin, right there. Wow. Bill Clinton himself couldn’t have spun dog shit into diamonds that well].

Thursday August 22: Problem still not solved. A source of mine entered city hall and saw our two intrepid IT “experts” looking “quite frazzled”. [Probably the first full week either of them have clocked in years]

Friday August 23: One full week after the attack – problem still not solved. The Lampasas Dispatch Record reports on the attack – and regurgitates much of the same palaver reported in the Radiogram. The Original Lampasshole also makes an official Open Records Request and asks for copies of these “response protocols” and “continuity of operations” plans that were supposedly implemented in the wake of the attack.

Saturday August 24: Tried to log on and use the “Pay Utilities” page….still not up. Eight days and counting!!

Sunday August 25: The “minimal impact” STILL continues – cannot log onto the utilities payment page. How long until they just give in and pay the ransom? Will it come out of Kristy’s paycheck? Do they even know how to buy bitcoin?? We shall see…

Monday August 26th: Systems appear to be back to normal after 10 days. Mayor Misti “Drunken Sailor” Talbert thanks the City Staff for all their “hard work during the ransomware attack” (page 66). No seriously. She did.

Tuesday September 3rd: City attorney Christy-Jo Brown writes a six page letter to Texas Attorney General pleading their case as to why I should be denied information about the ransomware attack. Yup – keep the taxpaying citizens in the dark. As usual.

Monday September 9th: requests come flooding in for replacement equipment to replace servers and computers ruined in the ransomware attack – currently over $36,000 of equipment is ruined.

When the the clouds of dust settle from this debacle, there needs to be a very PUBLIC and HONEST accounting of what the hell happened. Answers to things like:

  • How EXACTLY did they get in?
  • Exactly when did Finley realize this was part of the statewide ransomware attacks and how quickly did he call in the REAL experts?
  • How long was the police system completely down?
  • Was ransom demanded? How much? Did the city pay in full?
  • Which “experts” were called in and how much did they bill the city for this mess?
  • Where was Kristy Acevedo Friday morning and afternoon? She is not mentioned at all, yet her job is “Network Administrator” and the network was left vulnerable and attacked.

Ransomware Attack Confirmed By City

It’s official.

According to Assistant City Manager Gary Cox, “the City of Lampasas is one of 22 entities which was affected by a ransomware attack that occurred last Friday.  The matter is under investigation by federal law enforcement authorities at this time.”

Wow.

No word on the amount of “ransom” demanded by the perpetrators. I’m sure the Dispatch and Radiogram will be all over this with the details soon (right guys?).

How much are they demanding, if anything? Will the city pay up? Will any heads roll in the IT Department or City Hall for this colossal screw-up?

Stay tuned.

Was Lampasas’ Inept IT Department Hit by Computer Malware Attack?

Hmmmmmm…..last week I saw an article claiming many cities in Texas were hit by malware attacks. I immediately thought to myself “Lampasas better hope they weren’t one of them, because our IT “experts” are anything but”. Of course, Texas is a huge state with thousands of cities…I figured the odds were highly against it and forgot about the whole thing.

THEN, yesterday and today, I read Facebook posts about computers being down for people trying to pay their utilities here in town since last Friday (see: Lampasas County Breaking News).

Could these two things be related?? Did Lampasas fall victim to a computer malware attack?? This is all total speculation on my part, but it would be quite fitting if the TWO unqualified IT “experts” on the bloated payroll (who I have been railing against for over a year now) left the front door wide open for a cyber attack. Quite fitting indeed.

If so, I would love to be a fly on the wall as Monica Can’t-Wright and her sidekick, Kristy “The Joker” Acevedo run around like headless chickens frantically dialing TSM Consulting to ride to the rescue and fix it all for an exorbitant sum.