Month: August 2024

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials. The order, issued by a judge in Ohio’s Franklin County, came after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes of the city’s data. A ransomware group known as Rhysida took credit for the attack and offered to auction off the data with a starting bid of about $1.7 million in bitcoin. On August 8, after the auction failed to find a bidder, Rhysida released what it said was about 45 percent of the stolen data on the group’s dark web site, which is accessible to anyone with a TOR browser.

Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the city’s forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them “unusable” to the thieves. Ginther went on to say the data’s lack of integrity was likely the reason the ransomware group had been unable to auction off the data. Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On Thursday, the city of Columbus sued Ross (PDF) for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him “interacting” with them and required special expertise and tools. The suit went on to challenge Ross alerting reporters to the information, which ii claimed would not be easily obtained by others. “Only individuals willing to navigate and interact with the criminal element on the dark web, who also have the computer expertise and tools necessary to download data from the dark web, would be able to do so,” city attorneys wrote. “The dark web-posted data is not readily available for public consumption. Defendant is making it so.” The same day, a Franklin County judge granted the city’s motion for a temporary restraining order (PDF) against Ross. It bars the researcher “from accessing, and/or downloading, and/or disseminating” any city files that were posted to the dark web. The motion was made and granted “ex parte,” meaning in secret before Ross was informed of it or had an opportunity to present his case.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials. The order, issued by a judge in Ohio’s Franklin County, came after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes of the city’s data. A ransomware group known as Rhysida took credit for the attack and offered to auction off the data with a starting bid of about $1.7 million in bitcoin. On August 8, after the auction failed to find a bidder, Rhysida released what it said was about 45 percent of the stolen data on the group’s dark web site, which is accessible to anyone with a TOR browser.

Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the city’s forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them “unusable” to the thieves. Ginther went on to say the data’s lack of integrity was likely the reason the ransomware group had been unable to auction off the data. Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On Thursday, the city of Columbus sued Ross (PDF) for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him “interacting” with them and required special expertise and tools. The suit went on to challenge Ross alerting reporters to the information, which ii claimed would not be easily obtained by others. “Only individuals willing to navigate and interact with the criminal element on the dark web, who also have the computer expertise and tools necessary to download data from the dark web, would be able to do so,” city attorneys wrote. “The dark web-posted data is not readily available for public consumption. Defendant is making it so.” The same day, a Franklin County judge granted the city’s motion for a temporary restraining order (PDF) against Ross. It bars the researcher “from accessing, and/or downloading, and/or disseminating” any city files that were posted to the dark web. The motion was made and granted “ex parte,” meaning in secret before Ross was informed of it or had an opportunity to present his case.

Read more of this story at Slashdot.

Read More 

mmell writes: Regular Slashdot users will certainly be aware of the saga unfolding between the country of Brazil and X. Reuters has already reported that what I have to relay here will come as no surprise to Elon Musk, but reporting on CNN confirms that Brazilian Justice Alexandre de Moraes has ordered X to suspend operations in Brazil until X names a representative to appear on X’s behalf in Brazilian Courts.
Is this the end of X or some brilliant Machiavellian ploy on the part of Elon Musk? Only time and the informed and spirited debate of the users here at /. can be sure. Here’s a recap of the saga, as told by X’s Grok-2 chatbot:
The Beginning: Alexandre de Moraes, a Brazilian Supreme Court Justice with a reputation for tackling misinformation, especially around elections, found himself at odds with Elon Musk, the space-faring, electric-car magnate turned social media mogul. The conflict kicked off when Moraes ordered X to block certain accounts in Brazil, part of his broader crackdown on what he deemed as misinformation.

The Escalation: Musk, never one to shy away from a fight, especially when it involves what he perceives as free speech issues, declared on X that he would not comply with Moraes’ orders. This defiance wasn’t just a tweet; it was a digital declaration of war. Musk accused Moraes of overstepping his bounds, betraying the constitution, and even likened him to Darth Vader in a less than flattering comparison. Moraes, not amused, opened an investigation into Musk for obstruction of justice, accusing him of inciting disobedience and disrespecting Brazil’s sovereignty. The stakes were raised with fines of around $20,000 per day for each reactivated account, and threats of arresting X employees in Brazil.

The Drama Unfolds: The internet, as it does, had a field day. Posts on X ranged from Musk supporters calling Moraes a dictator to others backing Moraes, arguing he was defending democracy against foreign billionaires. The conflict became a global spectacle, with Musk’s posts drawing international attention, comparing the situation to a battle for free speech versus censorship. Musk, in true Musk fashion, didn’t just stop at defiance. He shared all of Moraes’ demands publicly, suggesting users use VPNs, and even hinted at closing X’s operations in Brazil, which eventually happened, citing the need to protect staff safety.

The Latest Chapter: Recently, X announced the closure of its operations in Brazil, a move seen as the culmination of this legal and ideological battle. Musk framed it as a stand against what he saw as an assault on free speech, while critics viewed it as an overreaction or a strategic retreat.

Read more of this story at Slashdot.

mmell writes: Regular Slashdot users will certainly be aware of the saga unfolding between the country of Brazil and X. Reuters has already reported that what I have to relay here will come as no surprise to Elon Musk, but reporting on CNN confirms that Brazilian Justice Alexandre de Moraes has ordered X to suspend operations in Brazil until X names a representative to appear on X’s behalf in Brazilian Courts.
Is this the end of X or some brilliant Machiavellian ploy on the part of Elon Musk? Only time and the informed and spirited debate of the users here at /. can be sure. Here’s a recap of the saga, as told by X’s Grok-2 chatbot:
The Beginning: Alexandre de Moraes, a Brazilian Supreme Court Justice with a reputation for tackling misinformation, especially around elections, found himself at odds with Elon Musk, the space-faring, electric-car magnate turned social media mogul. The conflict kicked off when Moraes ordered X to block certain accounts in Brazil, part of his broader crackdown on what he deemed as misinformation.

The Escalation: Musk, never one to shy away from a fight, especially when it involves what he perceives as free speech issues, declared on X that he would not comply with Moraes’ orders. This defiance wasn’t just a tweet; it was a digital declaration of war. Musk accused Moraes of overstepping his bounds, betraying the constitution, and even likened him to Darth Vader in a less than flattering comparison. Moraes, not amused, opened an investigation into Musk for obstruction of justice, accusing him of inciting disobedience and disrespecting Brazil’s sovereignty. The stakes were raised with fines of around $20,000 per day for each reactivated account, and threats of arresting X employees in Brazil.

The Drama Unfolds: The internet, as it does, had a field day. Posts on X ranged from Musk supporters calling Moraes a dictator to others backing Moraes, arguing he was defending democracy against foreign billionaires. The conflict became a global spectacle, with Musk’s posts drawing international attention, comparing the situation to a battle for free speech versus censorship. Musk, in true Musk fashion, didn’t just stop at defiance. He shared all of Moraes’ demands publicly, suggesting users use VPNs, and even hinted at closing X’s operations in Brazil, which eventually happened, citing the need to protect staff safety.

The Latest Chapter: Recently, X announced the closure of its operations in Brazil, a move seen as the culmination of this legal and ideological battle. Musk framed it as a stand against what he saw as an assault on free speech, while critics viewed it as an overreaction or a strategic retreat.

Read more of this story at Slashdot.

Read More 

The Pidgin messaging app removed the ScreenShareOTR plugin from its third-party plugin list after it was found to be used to install keyloggers, information stealers, and malware targeting corporate networks. BleepingComputer reports: The plugin was promoted as a screen-sharing tool for secure Off-The-Record (OTR) protocol and was available for both Windows and Linux versions of Pidgin. According to ESET, the malicious plugin was configured to infect unsuspecting users with DarkGate malware, a powerful malware threat actors use to breach networks since QBot’s dismantling by the authorities. […] Those who installed it are recommended to remove it immediately and perform a full system scan with an antivirus tool, as DarkGate may be lurking on their system.

After publishing our story, Pidgin’s maintainer and lead developer, Gary Kramlich, notified us on Mastodon to say that they do not keep track of how many times a plugin is installed. To prevent similar incidents from happening in the future, Pidgin announced that, from now on, it will only accept third-party plugins that have an OSI Approved Open Source License, allowing scrutiny into their code and internal functionality.

Read more of this story at Slashdot.

The Pidgin messaging app removed the ScreenShareOTR plugin from its third-party plugin list after it was found to be used to install keyloggers, information stealers, and malware targeting corporate networks. BleepingComputer reports: The plugin was promoted as a screen-sharing tool for secure Off-The-Record (OTR) protocol and was available for both Windows and Linux versions of Pidgin. According to ESET, the malicious plugin was configured to infect unsuspecting users with DarkGate malware, a powerful malware threat actors use to breach networks since QBot’s dismantling by the authorities. […] Those who installed it are recommended to remove it immediately and perform a full system scan with an antivirus tool, as DarkGate may be lurking on their system.

After publishing our story, Pidgin’s maintainer and lead developer, Gary Kramlich, notified us on Mastodon to say that they do not keep track of how many times a plugin is installed. To prevent similar incidents from happening in the future, Pidgin announced that, from now on, it will only accept third-party plugins that have an OSI Approved Open Source License, allowing scrutiny into their code and internal functionality.

Read more of this story at Slashdot.

Read More