iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A non-profit whistleblower site has published 11.7 gigabytes worth of data from a recent ransomware attack on the Oakland City Council in the US state of California.
Distributed Denial of Secrets (DDoSecrets) obtained the data from the Play ransomware group, which had been negotiating with the council for about a month. When negotiations apparently failed, the data was published on the dark web and shared with DDoSecrets.
The release contains the personal data of city employees, including mayor Sheng Thao. It also contains a lot of information regarding police operations and complaints and bank details from the city’s own accounts.
With the data now public, city employees are angry at the council for the security breach.
“I’m very worried about identity theft,” one anonymous city employee told the San Francisco Chronicle. “It’s another example of the city not protecting the people who work tirelessly for them.”
Other employees have cited the council’s lack of two-factor authentication as a point of contention.
However, while those fears are legitimate, the leak has also revealed some concerning data regarding police behaviour.
The Oakland Police department has been under federal oversight for 20 years in an effort to reform a department well-known for a long history of police abuses. While DDoSecrets has published the data in a limited capacity (journalists and researchers can apply to the org for a copy of the data), it has looked through the dataset and has confirmed that it contains some damning documents.
“DDoSecrets reviewed some of the files and has confirmed officer disciplinary records including for supervisors that failed to intervene and report misconduct,” DDoSecrets said in an announcement.
“We are also able to confirm the files include information on misconduct allegations against high-ranking police officers, and documents about internal affairs investigations.”
The Play ransomware group began operation in June 2022 and has performed a number of ransomware attacks around the world. It operates largely against Latin American organisations, such as Argentina’s Judiciary of Cordoba. Due to its tactics, it is believed that Play has links to the Hive and Nokoyawa ransomware groups.
Its attack against the Oakland City Council began on 8 February, and so far, the council has not revealed the attack vector that allowed the threat actor to compromise its systems.
While there can be no arguing that the group is far from a white hat operation, it can be argued that the publishing of the data has revealed ongoing and systemic policing issues, as well as what appears to be very lax security on behalf of the council itself.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
