this post was submitted on 04 Sep 2024
618 points (99.4% liked)

Technology

59311 readers
5006 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials.

The order, issued by a judge in Ohio's Franklin County, came after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes of the city’s data. A ransomware group known as Rhysida took credit for the attack and offered to auction off the data with a starting bid of about $1.7 million in bitcoin. On August 8, after the auction failed to find a bidder, Rhysida released what it said was about 45 percent of the stolen data on the group’s dark web site, which is accessible to anyone with a TOR browser.

Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the city’s forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them “unusable” to the thieves. Ginther went on to say the data’s lack of integrity was likely the reason the ransomware group had been unable to auction off the data.

Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On Thursday, the city of Columbus sued Ross for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him “interacting” with them and required special expertise and tools.

you are viewing a single comment's thread
view the rest of the comments
[–] powerofm@lemmy.ca 143 points 2 months ago (2 children)

He deserves way more than an apology. The mayor lied about the impact and then got a restraining order granted without David knowing about it or having legal representation. People really think the "dark web" is some secret magical interspace and not just one tor-browser download away.

[–] Hacksaw@lemmy.ca 13 points 2 months ago (1 children)

Not even that complex anymore, just download brave and "open private window with tor". Then go to the website and download the data.

Downloading a "tor browser" always sound more "hacker" than it is these days.

[–] Corkyskog@sh.itjust.works 1 points 2 months ago (1 children)

Does that work with mobile app?

[–] Hacksaw@lemmy.ca 0 points 2 months ago

I think it's desktop only, but I rarely use the mobile brave app.

[–] LodeMike@lemmy.today 6 points 2 months ago (1 children)

Wouldn't it be unenforcable if someone didn't know about it?

[–] roofuskit@lemmy.world 3 points 2 months ago (1 children)

They delivered the order after the decision was made. He didn't know about the proceedings that led to the order.

[–] LodeMike@lemmy.today 1 points 2 months ago

Oh that's completely fine.