NEW YORK CITY — The hacking attack that left city agencies unable to receive some emails last week may have originated from somewhere near Russia and was an attempt to scam city employees and others out of money, according to law enforcement sources.
And it may be more widespread than previously believed, with workers at the state-overseen Long Island Rail Road receiving infected emails as well.
The denial of service attack was spread via malware, malicious software that is often hidden as email attachments, according to sources. They are designed to damage a computer or steal information.
Sources described it as a swarm attack, where numerous simultaneous attempts are made to get into the system.
The Parking Violations Bureau, which is part of the Department of Finance, appears to have been one of the entry targets, sources said.
The city downplayed the attack Tuesday, saying that although it was "universal" and affected all city agencies, it just left the city unable to process some inbound and outbound messages and that intra-agency emails were unaffected.
"The nature of the attack is only designed to interfere with service, not to steal or access any private information. It's designed to slow down email," Jackie Albano, a spokeswoman for the city's Department of Information Technology and Telecommunications said about the attack when asked on Tuesday.
"On the scale of cyber incidences it's kind of low."
However, more than 100 employees at the LIRR received a malware-filled email from the city's Department of Finance last Tuesday, the first day of the attack, sources said.
According to a source at the LIRR who asked not to be named because they were not authorized to speak publicly about the issue, the email alarmed the agency's security department because it was filled with zip attachments and other file extensions that could set up programs that take over a person's computer and steal sensitive data.
The LIRR's security systems were able to intercept and quarantine the email.
A copy of the Feb. 17 email obtained by DNAinfo New York shows that the LIRR's security system blocked about seven separate attachment and file extensions.
It was not clear exactly what the attachments contained.
"We are one of the largest transportation providers in the region so luckily we have a sophisticated malware prevention system in place," a source said.
The LIRR did not immediately respond to a request for comment.
Asked about the seemingly more serious nature of the attack, Albano declined comment.
"We are currently investigating the finance emails," said Albano.
Albano said Tuesday that the attack was halted last week, but a City Hall source said there was "ongoing malicious activity" as recently as Monday.
Agencies such as the Department of Transportation set up temporary Gmail accounts to receive emails during the attack.
Three agencies, the FBI, NYPD and the Multi-State Information Sharing and Analysis Center, are currently investigating the incident.