Baltimore mayor orders security review after city employee found with hacking tools on his computer

Mayor Catherine Pugh ordered a security review after a technology staffer at Baltimore’s water agency gave himself special access to the computer of the Department of Public Works director and was found with hacking tools on his own city computer, according to the city inspector general and documents obtained by The Baltimore Sun.

On Thursday, Inspector General Isabel Mercedes Cumming issued a summary of the investigation into the employee, who no longer works for the city.

“It was concerning. Very, very concerning,” Cumming said in an interview. “Once it was discovered, action was taken immediately.”

The employee is not named in the summary, but former city IT specialist Tirell Clifton confirmed to the Sun that he was the subject of the investigation. The city fired him in May.

City IT officials aiding the inspector general concluded Clifton created several routes to maintain his access to Public Works Director Rudy Chow’s computer, according to documents Clifton shared with the Sun.

But Clifton, who sought the Democratic nomination for mayor in 2016, said the investigation’s findings were the result of a misunderstanding and that he was researching how to better protect the city’s systems. He said the program characterized as a hacking tool was anti-virus software.

“My goal was to make my supervisors and managers proud of me for finding ways to improve the infrastructure and it completely backfired in my face,” Clifton said.

In a response to Cumming, Pugh wrote Tuesday that the investigation, “raises serious concerns about the lack of oversight and accountability on the part of IT administrators.”

The mayor said she had ordered a review of “protocols and accountability measures” as well as a risk assessment.

The city hired Clifton in 2008 and paid him $48,000 a year.

He said Thursday that he had a new job as an IT technician for the Baltimore County Public Schools. The school system did not respond to a request for comment.

According to the inspector general’s report, the city employee had access to sensitive department data, including the plans for the controls for the city’s water system. He also had installed apps for accessing pornography on his city computer, the inspector general found.

Clifton said he never viewed pornography at work and that the apps were part of his security research. He also said that what the report described as sensitive data was available to all department employees and that he gained access to Chow’s computer to help him solve a problem with Chow’s email archive.

Clifton shared with The Baltimore Sun a copy of his appeal of his dismissal, which included an interim report by the inspector general’s office from April that offers more details of the investigation than the public summary. It also included an email from a security officer in the city's IT department to Cumming. The security officer wrote that Clifton took steps to configure Chow's computer in such a way that even if Clifton lost access to it, he still would be able to see the data on it.

Clifton contested many of the findings in the interim report and appealed his termination. But in November, a city hearing officer upheld the decision to fire him, according to a summary of the appeal Clifton also shared.

The interim report says investigators found “suspicious materials” on Clifton’s computer, including a guide to defeating electronic door locks, information on how to improvise lock picks and copies of “The Anarchist Cookbook” and activist Abbie Hoffman’s “Steal This Book.” The former book includes instructions on bomb- and drug-making, among other topics.

According to the report, a security officer from the city’s IT office told investigators that he found evidence that Clifton misrepresented himself to city vendors in an attempt to gain access to systems he didn’t need for his work and the officer discovered tools for pirating software.

“It is my professional opinion Mr. Clifton’s actions pose a severe danger to both DPW and the city of Baltimore,” the security officer told investigators.

Clifton said that some of the material on his computer had inadvertently been synced from his Google cloud storage. He denied having the software pirating tools.

Clifton said he is planning to run for president in 2020. He said he never read the books, but they were part of his national security research.

Cumming credited city officials for acting quickly once the problems were uncovered and said the material on Clifton’s computer was “a definite security concern.”

“They’re doing a very extensive review,” Cumming said. “This is a very serious issue and the mayor took it very seriously.”

Jeffrey Raymond, a spokesman for the Public Works Department, said the department already had taken steps to improve its security. He declined to describe them.

“We’ll do whatever we need to do to protect our systems,” Raymond said.

The investigation began when public works department managers complained that the employee was using his work computer to conduct a political campaign. Cumming said the investigation confirmed that allegation, but its importance was diminished once investigators found the computer security issues.

Dave Fitz, a spokesman for the FBI, said the agency’s Baltimore office provided technical help in the investigation but said he couldn’t share details.

Clifton said the city disciplined him twice before it fired him, both times over allegations that he misused his city-issued computer. In the first case, dating back to his run for mayor, Clifton said he acknowledged using a city computer for his campaign, but he said the second allegation was not accurate.

Clifton said he was caught off guard by the latest investigation and said there was no evidence he caused any harm.

“Instead of talking to me before they suspended me, they didn’t have any discussion with me whatsoever,” Clifton said. “I was blindsided by all of it. I had no malicious intent.”