fbpx

Rebekah Jones arrested for unauthorized access of FDOH system

BY JENNIFER CABRERA

Agents with the Florida Department of Law Enforcement announced today that Rebekah Jones, 31, has been arrested and charged with one count of offenses against users of computers, computer systems, computer networks and electronic devices, FSS 815.06(2)(a). Jones turned herself into the Leon County Detention Facility last night and was released on $2500 bond this morning.

The investigation began November 10, after FDLE received a complaint from the Florida Department of Health that someone illegally accessed a state emergency-alert messaging system, known as ReadyOp.  FDLE agents determined the message was sent from a residence on Centerville Court in Tallahassee, the home of Jones.  Evidence retrieved from a search warrant on December 7 shows that Jones illegally accessed the system, sent a message to approximately 1,750 people, and downloaded confidential FDOH data and saved it to her devices.

According to the arrest warrant, on November 10, the Florida Department of Health (FDOH) reported a “possible network intrusion” to their ReadyOp system. During that access, a mass text message was sent; FDOH estimates that the message was sent to approximately 1,750 people before the software vendor was able to stop the message. The message read: “It’s time to speak up before another 17,000 people are dead. You know this is wrong. You don’t have to be a part of this. Be a hero. Speak out before it’s too late.”

An FDLE agent requested the technical history IP logs from the time frame surrounding that message and found an IPv6 address that had logged into the system two times on November 10. The IPv6 address was under the control of Comcast Cable Communications.

Further examination of the ReadyOp text history logs revealed that two other text messages were sent on November 10. The first one, sent to a single person (Witness A), read, “It’s time to speak out before another 17,000 are dead. Text Rebekah – From StateESF8.Planning.” The second one was sent to Witness B and read, “It’s time to speak up before another 17,000 are dead – From: StateESF8.Planning.”

FDLE sent a subpoena to Comcast to identify the holder of the IP address, and the response indicated that the IP address belonged to account holder Rebekah Jones at her home address. FDLE then spoke with Witness A, who said Jones was a former employee of FDOH who had been terminated on May 25, 2020. Witness A also said Jones was not authorized to access the ReadyOp system “since her dismissal from FDOH.” Even when employed, “Jones’s role would not have required her to send messages through the ReadyOp system. If, for some unforeseen reason, Jones needed to send a message during her employment with FDOH, it would have required prior supervisor approval.”

On December 7, a search warrant was executed on Jones’s home. A tower computer was seized; in a post-Miranda interview, Jones said that everyone in her household has their own electronic devices, and they do not use each others’ devices. She also said she is the sole user of the computer.

A forensic analysis on the computer found that it was the device responsible for the two separate accesses to the FDOH ReadyOp system. The analysis also found that Jones had downloaded a 2.9MB file named Roster_contacts.xlsx containing personal information for 19,182 people. The file contained first and last name, organizations, titles, counties located, personal email addresses, and phone numbers for those people. The file was saved to the computer and to a Microsoft OneDrive account belonging to Jones.

Further review of the FDOH user access logs found additional unauthorized attempts to access the ReadyOp system on November 12 from a different IP address. This address was also found to be assigned to Jones at her home address. These attempts were blocked by increased security settings that were implemented after the November 10 incident.

The arrest warrant recommends that release conditions should include “No computer access. No Internet Access, and No contact with the witnesses of those people who personal information was aquired [sic] through the download.” The bond information posted to the Leon County court system only shows $2500 bond, so it’s unclear whether those conditions were included.

This case will be prosecuted by the Office of the State Attorney, 2nd Judicial Circuit.

>