Ransomware, Lies, and Legal Threats: The City of Columbus vs. a Security Researcher
Description
Video Episode: https://youtu.be/oMptm-Oi1R4
In today’s episode of The Daily Decrypt, we tackle a high-profile case involving the City of Columbus and security researcher David Leroy Ross. Ross is facing a lawsuit and restraining order after revealing the true extent of a ransomware attack that the city had downplayed. Despite claims by Mayor Andrew Ginther that the stolen 6.5 terabytes of sensitive data were unusable due to encryption, Ross proved otherwise—highlighting that personal information like Social Security numbers and details from domestic violence cases were fully intact and accessible on the dark web.
00:00 - Intro
00:37 - Updates from The Daily Decrypt
01:45 - Columbus, OH vs Security Researcher
09:23 - More News
We dive into the legal and ethical complexities that arise when a researcher discloses illegally obtained data in the name of public interest. What happens when the desire to protect people’s privacy clashes with responsible disclosure protocols? Ross bypassed these procedures, opting instead to expose the city’s misinformation by going directly to the media, leading to legal consequences that reflect a challenging gray area for security researchers.
In the second half, we discuss how Columbus's reaction—suing the very person who pointed out the severity of their data breach—sends a chilling message to those working in cybersecurity. Are they discouraging future researchers from revealing vulnerabilities, even when it’s for the public good?
We also explore:
How Columbus mishandled the attack.
The city's controversial decision to sue Ross.
The broader implications for security researchers who choose to challenge powerful organizations.
Stick around for our lightning round of cybersecurity headlines, including a busted one-time password fraud service in the UK, a former engineer’s attempt to extort Bitcoin, and new vulnerabilities in Microsoft’s macOS applications.
Links to the articles discussed:
https://thehackernews.com/2024/09/new-flaws-in-microsoft-macos-apps-could.html
https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html
https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/
https://arstechnica.com/security/2024/08/city-of-columbus-sues-man-after-he-discloses-severity-of-ransomware-attack/
Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/
Logo Design by https://www.zackgraber.com/
vulnerabilities, Microsoft, Cisco Talos, macOS, Bitcoin, extortion, insider, Missouri, OTP Agency, interception, passcodes, scammers, ransomware, Columbus, dark web, restraining order
What are today's top cybersecurity news stories, how can macOS users safeguard their devices from vulnerabilities, what tactics did the ex-employee use for Bitcoin extortion, what precautions can individuals take against OTP interception scams, what legal implications arise from disclosing ransomware attack details, what are the latest threats in cybersecurity, how does insider knowledge contribute to cyber crimes, what are the impacts of ransomware on local governments, how can companies protect themselves from extortion, what measures can be taken to enhance online security against scams
Video Episode: https://youtu.be/EO95sU1Ux28
In today’s episode, we discuss the recent cyber exploits by the Russian RomCom hackers, who utilized two zero-day vulnerabilities in Firefox and Windows, impacting users across North America and Europe. We also cover New York’s $11.3 million fines...
Published 11/26/24
Video Episode: https://youtu.be/sBkirh8aLIs
In today’s episode, we explore recent cyber threats, including the innovative attack methods used by the Russian hacker group Forest Blizzard to breach US organizations by exploiting less secure Wi-Fi networks. We also discuss Meta’s removal of over 2...
Published 11/25/24