Grand Forks County staff temporarily shut down their email service amid reports of a security problem found in the software that service uses.

On Thursday, county staff began reverting to a backup of their email server after North Dakota’s statewide IT department told them they had a potentially serious vulnerability. The county shares a Microsoft Exchange email server with several other municipalities, and Microsoft claimed that Chinese hackers had found and exploited a vulnerability in that software. County staff expect their email service will be offline until early next week.

The extent of the problem has been presented in essentially two ways by county administrators. Dean Dahl, the county’s IT director, sent a mass email to county employees on Thursday afternoon warning that “the Chinese have hacked our Email server” and that the county’s email service would be shut off until tech staff could build another server from backups, and a second email from a “no-reply” address announced the same and pegged it to “being hacked by a foreign country.” Sheriff Andy Schneider’s office announced to the public at large that an unnamed country “has hacked our email server.”

But that general account doesn’t square with subsequent interviews with Tom Ford, the county’s head administrator, or a followup message from Dahl.

Microsoft announced Tuesday that it had found several exploits that were being used to attack certain versions of its Exchange software. Those virtual attackers were able to access email accounts and install malware, the company said.

WDAY logo
listen live
watch live
Newsletter signup for email alerts

“Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures,” company staff wrote on Tuesday. Hafnium is “highly skilled and sophisticated,” and it primarily targets infectious disease researchers, law firms, higher education institutions, defense contractors, and policy think tanks, according to Tom Burt, a Microsoft vice president.

But, according to Ford, the county doesn’t believe that hackers from Hafnium or anywhere else accessed Grand Forks County emails. The server the county uses and shares with other North Dakota governments has the same vulnerability as servers that have been hacked, however, which is why the county hit the brakes and is reverting to an earlier version.

“This is a precaution,” Ford said. “We’ve been identified as vulnerable, so we are just shutting it down, scrapping it, and rebuilding a new one just to be safe.”

Dahl on Friday told the Herald that “nothing negative has happened” but the county is nonetheless taking preventive action. He did not immediately respond when asked via text message about the email claiming the Chinese had hacked the county’s email server.

Ford compared the initial messages about the problem to a game of “telephone,” in which a message is gradually distorted as it moves from person to person.

Kevin Ford, the chief information security officer at North Dakota’s statewide IT department, did not return an emailed request for comment, and staff there said they are not allowed to disclose his office line or transfer callers to him.