St. George Fire sues cybersecurity firm after 2023 hack | Courts
St. George Fire sues cybersecurity firm after 2023 hack | Courts
Publish Date: 2026-06-09 06:00:00
Source Domain: www.theadvocate.com
Using an unordered list, summarize the following article with between 4 and 8 key points. The St. George Fire Protection District is suing a Baton Rouge cybersecurity firm after hackers were found to have gained access to the fire district’s network— and were lying in wait for a future attack.In a suit filed on May 23, the fire district is seeking damages for a December 2023 security breach that its contracted cybersecurity firm, General Informatics, allegedly failed to prevent.
Hackers in that attack were found to have been “living off the land” inside St. George Fire Protection District’s computer network, meaning they were using legitimate and trusted software tools already built into the network to evade detection and gain access to other trusted networks.
“In ‘living off the land’ attacks, adversaries commonly hijack legitimate tools to escalate privileges, access different systems and networks, steal or encrypt data, install malware, set backdoor access points or otherwise advance the attack path,” the lawsuit said.
Attorneys for the fire protection district suspect the attack aimed to eventually lock the district out of its own network, preventing it from responding to emergencies until a ransom was paid to regain access.The lawsuit claims the fire protection district was made “imminently vulnerable to a cyber-attack.”
Hackers could also have sought to leverage their trusted position within the fire district’s network to gain access to other state or municipal networks, the lawsuit said.
Law enforcement found that the same hackers who’d breached the fire district’s network had also successfully attacked another East Baton Rouge municipal agency, one that goes unnamed in the filing but is reportedly tasked with coordinating emergency services between the parish and St. George using “computer-aided dispatch.”
This other, unnamed agency was also a client of General Informatics, according to the lawsuit.
Through its investigation, law enforcement also found that General Informatics had been using the same username and password for its remote access tool across its clientele.”Even after learning from law enforcement in November 2023 that its remote access tool credentials were compromised, General Informatics continued to use known compromised credentials for its other clients, like [ St. George Fire Protection District,]” the lawsuit said.
Passwords in plain textThe hack was first reported to the fire district by law enforcement on December 23, 2023, and agents soon reviewed the fire district’s servers to identify the source of the breach.
Law enforcement found that the network’s “domain controllers” had been compromised. These are servers that manage network security, authenticate users and authorize access to resources within a domain.
“It acts as a central repository for user, computer and policy data, acting as a ‘gatekeeper’ to ensure that only authorized users access network resources,” the lawsuit says. “Once the (domain controller) is compromised, the attacker can access any portion of the network, posing as any user.”Following the attack, the fire district accepted the help of Louisiana Emergency Support Function —17, a subsection of the Governor’s Office of Homeland Security and Environmental Protection, who spent five months reviewing the fire district’s network security.
According to the lawsuit, the agency was able to find multiple other vulnerabilities within the fire district’s network, including a “note written in plain text which contained the fire district’s administrative credentials for its various accounts and software applications.”Other reported vulnerabilities included the fact the network’s firewall was not recording logging activity and that the network was not “segmented” to prevent the spread of malware.
The review also found that General Informatics had allegedly installed high-speed internet for the fire district at the fire district’s expense, but then sold the fire district network switches that were incapable of accommodating the new high speed fiber internet.
Similarly, the lawsuit claims General Informatics never made any back-ups of the fire district’s servers, despite being required to in their contract.
The fire district was forced to rebuild its entire network following the hack, including getting new servers, new switches, new domain controllers, new firewalls and new backups, the lawsuit said.Following the hack, General Informatics also billed the fire district for server remediation efforts and for its own attorneys’ fees.In response to the suit, General Informatics filed on May 18 to force the dispute into arbitration.
