Baltimore government could have lost its website last week. And not because of hackers
EXCLUSIVE: The city’s website almost went blank because of unpaid bills and an unrenewed contract
Above: Baltimore City’s website was up yesterday, even though many of the city’s critical services were not. (www.baltimorecity.gov)
Baltimore City’s main website nearly went dark last Friday, but not because of hackers or a fresh ransomware attack.
Instead, the city risked losing the website – www.baltimorecity.gov – because the Baltimore City Information & Technology office (BCIT) had failed to pay past-due fees and extend an expired hosting contract, according to documents reviewed by The Brew.
The omission forced the Department of Finance to intervene last week and assure Interpersonal Frequency LLC, the host, that the city would pay its delinquent bills and extend the contract.
“The city came dangerously close to losing its website because of poor management. Someone failed to pay the fees and didn’t do the paperwork for the Board of Estimates to extend the contract,” a knowledgeable source said.
The Brew’s review of records shows that Virginia-based Interpersonal Frequency was hired in January 2014 to redesign and host Baltimore city government’s website.
Contract Expired in January
The initial $286,000 contract (B50003075) had a number of renewal dates, with the final price set at over $800,000 when it expired on January 16, 2019.
The contract was set to be re-advertised and opened to bids. But for unknown reasons, a new contract wasn’t prepared by BCIT, and the existing contract expired without a renewal by the Board of Estimates.
“The city came dangerously close to losing its website because of poor management,” a source said.
City Solicitor Andre Davis expressed satisfaction at a Wednesday news conference that the website had not been compromised by the ransomware attack, disclosed May 7, that has paralyzed the city’s email system and many of its telephones.
He assured residents that the website was safe and could be relied on for future updates about the downed computer networks.
Omitted from his remarks, and those of Chief Digital Officer Frank Johnson, was disclosure of BCIT’s failure to renew the web host contract.
Such a renewal still requires Board of Estimates approval, which is expected at an upcoming meeting.
History of Nonpayments
Sources tell The Brew that You “Jet” Lu was responsible for handling the web hosting contract.
Lu was hired as BCIT’s Digital DevOps Director last June. The post pays $158,100 a year, according to city records.
Lu reportedly said that the ransomware attack last week was to blame for his office’s failure to pay the web-host bills. The nonpayments on the contract stretch back at least six months.
Lu could not be reached for comment. Johnson said on Wednesday that all press inquiries about BCIT matters should be directed to the law department and to Davis.
The city solicitor did not immediately respond to Brew requests for comment.
Interpersonal Frequency’s CEO, Harish Rao, was not available for comment.
UPDATE 1 – Davis contacted The Brew shortly after publication and provided this response:
“We were in the midst of a vendor switch when the attack occurred. I am assured the city’s websites are not going away.”
UPDATE 2 – CEO Rao responded as follows by email:
“We are working in good faith with the Baltimore City Office of Information & Technology and the Department of Finance on obtaining a contract and payment. Our company’s purpose is to ‘enable public organizations to be more relevant, responsive and accessible’ to the people – and we take our mission seriously.”