this post was submitted on 30 Aug 2024
350 points (99.4% liked)

News

23275 readers
3405 users here now

Welcome to the News community!

Rules:

1. Be civil


Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban. Do not respond to rule-breaking content; report it and move on.


2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.


Obvious right or left wing sources will be removed at the mods discretion. We have an actively updated blocklist, which you can see here: https://lemmy.world/post/2246130 if you feel like any website is missing, contact the mods. Supporting links can be added in comments or posted seperately but not to the post body.


3. No bots, spam or self-promotion.


Only approved bots, which follow the guidelines for bots set by the instance, are allowed.


4. Post titles should be the same as the article used as source.


Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.


5. Only recent news is allowed.


Posts must be news from the most recent 30 days.


6. All posts must be news articles.


No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.


7. No duplicate posts.


If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.


8. Misinformation is prohibited.


Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.


9. No link shorteners.


The auto mod will contact you if a link shortener is detected, please delete your post if they are right.


10. Don't copy entire article in your post body


For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.

founded 1 year ago
MODERATORS
 

Kinda like that jackass AG who targeted a journalist for viewing the HTML of a state site and published an article about the PII hard-coded within the web app. Don’t make us look bad!

all 14 comments
sorted by: hot top controversial new old
[–] [email protected] 98 points 2 months ago

"It's impossible for them to know anything since it's corrupted."

"That's not true, look I just downloaded it. It even has your name and home address right here."

"HOLD IT RIGHT THERE, CRIMINAL SCUM! YOU HAVE VIOLATED THE LAW BY DOWNLOADING THAT DATA!"

"I only downloaded it to show that you were lying..."

"THAT IS ALSO WHY WE HATE YOU."

[–] [email protected] 59 points 2 months ago (2 children)

This effect is to get [Ross] to stop downloading and disclosing stolen criminal records to protect public safety.

Why him specifically? That's a lot of effort to stop one guy doing what literally anybody with some time and willpower could do? Surely they have bigger problems right now? Fucking pathetic.

[–] [email protected] 22 points 2 months ago

Because the real reason is obviously that the city got called out on and caught in a straight up lie, and they're pissed and seeking revenge.

[–] [email protected] 8 points 2 months ago

Except most people don't have the time and willpower, and now you might be scared that you'll have to lawyer up if you want to do what he did.

I think it's still a bad strategy because it encourages journalists to share their results with a lot of other people prior to going to publication, so that judges can't issue unconstitutional gag orders.

But you can imagine what the City bosses are thinking. All they can see is the small problem in front of them and they choose the most convenient solution, totally ignoring what's legal and what the side effects will be.

[–] [email protected] 58 points 2 months ago

Hooray for accountability 🙄

[–] [email protected] 48 points 2 months ago

Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the city’s forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them “unusable” to the thieves. Ginther went on to say the data’s lack of integrity was likely the reason the ransomware group had been unable to auction off the data.

Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On one hand, having a bad lie exposed weakened their position for the ransom.

On the other, they fucked up three different ways now.

[–] [email protected] 42 points 2 months ago

Barbara? Barbara Streisand? Is that you?

[–] [email protected] 31 points 2 months ago

"The information provided by Ross."

You disengenuous cunts. The information was provided by the city with it's shit IT practices. Ross just proved that you were lying about it by showing what was in the wild. Anyone that takes this horseshit at face value should be shot with a ball of their own shit.

[–] explodicle 7 points 2 months ago (3 children)

Stupid question: how is ransomware still a thing? Why don't institutions back up their data yet?

[–] [email protected] 18 points 2 months ago (1 children)

In the early days of ransomware I helped a small business of a friend that was attacked. They got in and waited months, creating garbage backups until they were confident then sprang the trap.

Tbh I was impressed with how thorough they'd been.

[–] [email protected] 12 points 2 months ago

Yeah, backups are useless unless you restore and test regularly. But it’s one more step of admin that few people / organisations do sadly.

[–] [email protected] 4 points 2 months ago

Locking a company out of their systems isn't the most lucrative part of ransomware anymore. Data exfiltration and threatening to release the data to the highest bidder is now the norm.

Ransomware also typically sits on a system doing nothing for ~6 weeks before ever starting to encrypt and upload data. Even if companies have backups to restore from, they need to choose whether they're going to restore entire machines quickly and risk still having the ransomware on the restored machine. Or they can take the long a painful route of spinning up new machines, then restoring just the data itself to individual apps/services to ensure you don't still have ransomware after the restore.

[–] [email protected] 3 points 2 months ago

Because the amount of organizations needing data backups / protection far exceeds the amount of available qualified IT personnel. So instead of training themselves, they hire morons who say "sure I can do your IT"