Connect with us

Published

on

Ransomware has long been plaguing American municipalities. It appeared to be another typical ransomware attack that impacted the city of Columbus, Ohio, this past July. The city’s response to the hack, however, was not, and it has cybersecurity and legal experts across the country questioning its motives.

Connor Goodwolf (legal name is David Leroy Ross) is an IT consultant who plumbs the dark web as part of his job. “I track dark web-type crimes, criminal organizations, and stuff like what the Telegram CEO has been arrested for,” Goodwolf said.

So when word got out that the city of Columbus, his hometown, had been breached, Goodwolf did what he does: he poked around online. It didn’t take him long to discover what the hackers had in their possession.

“It wasn’t the biggest, but it was one of the most impactful breaches I have seen,” Goodwolf said.

In some ways, he described it as a routine breach, with personal identifiable information, protected health information, Social Security numbers and driver’s license photos exposed. However, because multiple databases were breached, it was more encompassing than other attacks. According to Goodwolf, the hackers had breached multiple databases from the city, the police, and the prosecutor’s office. There were arrest records and sensitive information about minors and domestic violence victims. Some of the breached databases, he says, went back to 1999. 

Goodwolf found over three terabytes of data that took over 8 hours to download.

“The first thing I see is the prosecutor’s database, and I’m like ‘holy sh-t’ these are domestic violence victims. When it comes to domestic violence victims, we need to protect them the most because they have already been victimized once, and now they are again by having their information exposed,” he said.

Goodwolf’s first action was to contact the city to let them know how serious the breach was, because what he saw contradicted official statements. At a press conference on August 13,  Columbus Mayor Andrew Ginther said: “The personal data that the threat actor published to the dark web was either encrypted or corrupted, so the majority of the data came by the threat actor is unusable.”

But what Goodwolf was finding didn’t support that view. “I tried to reach out to the city multiple times to multiple departments and was blown off,” he said.

Google-owned Mandiant, as well as many other top cybersecurity firms, have been tracking a continued increase in ransomware attacks, both in prevalence and severity, and the rise of the Rhysida Group behind the Columbus hack, which has come into prominence within the last year.

The Rhysida Group claimed responsibility for the hack. While not much is known about the cyber gang, Goodwolf and other security experts say they appear to be state-sponsored and based in Eastern Europe, possibly linked to Russia. Goodwolf says these ransomware gangs are “professional operations” with a staff, paid vacation, and PR people.

“They have ramped up the attacks and targets since last autumn,” he said.

The U.S. government’s Cybersecurity and Infrastructure Security Agency issued a bulletin about Rhysida last November.

Goodwolf said that because no one from the city responded to him he went to the local media and shared data with journalists to get the word out about the seriousness of the breach. And that is when he heard from the city of Columbus, in the form of a lawsuit and a temporary restraining order preventing him from disseminating additional information. 

The city defended its response in a statement to CNBC:

“The City initially moved to obtain this order, which was granted by the Court, to prevent the dissemination of sensitive and confidential information, potentially including the identities of undercover police officers, that threatens public safety and criminal investigations.”

The city’s temporary 14-day restraining order against Goodwolf has since expired, and now it has a preliminary injunction and an agreement with Goodwolf not to release more data.

“It should be noted that the Court order does not prohibit the defendant from discussing the data breach or even describing what kind of data was exposed,” the city’s statement added. “It simply prohibits the individual from disseminating the stolen data posted on the dark web. The City remains engaged with federal authorities and cyber security experts to respond to this cyber intrusion.”

Meanwhile, the mayor did have to perform a mea culpa at a subsequent press conference, saying his initial statements were based on the information he had at the time. “It was the best information we had at the time. Clearly, we discovered that that was inaccurate information and I have to accept responsibility for that.”

Realizing the exposure to residents was greater than first thought, the city is offering two years of free credit monitoring from Experian. This includes anyone who has had contact with the city of Columbus via an arrest or other business. Columbus is also working with Legal Aid to see what additional protections are needed for domestic violence victims who may have been compromised or need help with civil protection orders.

To date, the city has not paid the hackers, who were demanding $2 million in ransom.   

‘He’s Not Edward Snowden’

Those who study cybersecurity law and work within the realm expressed surprise at Columbus filing a civil lawsuit against the researcher.

“Lawsuits against data security researchers are rare,” said Raymond Ku, professor of law at Case Western Reserve University. On the rare occasion they do happen, he said, it is usually when the researcher is alleged to have disclosed how a flaw was or can be exploited, which would then allow others to take advantage of the flaw as well.

“He wasn’t Edward Snowden,” said Kyle Hanslovan, CEO of cybersecurity company Huntress, who described himself as troubled by the city of Columbus’s response and what it could mean for future breaches. Snowden was a government contract employee who leaked classified information and faced criminal charges, but considered himself a whistleblower. Goodwolf, Hanslovan says, is a Good Samaritan who independently found the breached data.

“In this case, it appears we have just silenced someone who, as far as I can tell, appears to be a security researcher who did the bare minimum and confirmed the official statements made were not true. This can’t possibly be an appropriate use of the courts,” Hanslovan said, predicting the case will be quickly overturned.

Columbus City Attorney Zach Klein said during a September press conference that the case was “not about freedom of speech or whistleblowing. This is about downloading and disclosure of stolen criminal investigatory records.”

Hanslovan worries about the ripple effect where cybersecurity consultants and researchers are afraid to do their jobs for fear of being sued. “The bigger story here is are we seeing the emergence of a new playbook” for hacking response in which individuals are silenced, and that should not be welcomed, he said. “Silencing any opinion, even for 14 days, could be enough to prevent something credible from coming to light, and that terrifies me,” Hanslovan said. “That voice needs to be heard. As we see bigger cybersecurity incidents come up, I am worried that folks will be more concerned bringing them to light.”

Scott Dylan, founder of United Kingdom-based venture capital firm NexaTech Ventures, also thinks the actions of the city of Columbus could induce a chilling effect on the field of cybersecurity.

“As the field of cyberlaw continues to mature, this case is likely to be referenced in future discussions about the role of researchers in the aftermath of data breaches,” Dylan said.

He says legal frameworks must evolve to keep pace with the sophistication of both cyberattacks and the ethical dilemmas they generate, and the approach taken by Columbus is a mistake.

Meanwhile, the legal process will grind on for Goodwolf. Despite Columbus and Goodwolf reaching an agreement last week on the dissemination of information, the city is still suing him for damages in a civil suit that could reach $25,000 or higher. Goodwolf is representing himself in his talks with the city, though says that he has a lawyer on standby, if needed.

Some residents have filed a class-action lawsuit against the city. Goodwolf says that 55% of the information breached has been sold onto the dark web, while 45% is available for anyone with the skills to access it.

Dylan thinks the city is taking a big risk, even if its actions may be legally defensible, by creating the appearance of an attempt to silence discourse rather than encourage transparency. “It’s a strategy that could backfire, both in terms of public trust and future litigation,” he said.

“I am hoping the city realizes the mistake of filing a civil suit and the implications not just on security,” Goodwolf said, noting that Intel is building a $1 billion facility in a Columbus suburb. In recent years, the city has been positioning itself as a new tech hub in the Midwest, and attacking white hats and cybersecurity researchers, he said, could cause some in the tech sector to rethink it as a location.

Continue Reading

Technology

Amazon CEO Jassy says AI will lead to ‘fewer people doing some of the jobs’ that get automated

Published

on

By

Amazon CEO Jassy says AI will lead to 'fewer people doing some of the jobs' that get automated

AI will change the workforce, says Amazon CEO Andy Jassy

Amazon CEO Andy Jassy said the rapid rollout of generative artificial intelligence means the company will one day require fewer employees to do some of the work that computers can handle.

“Like with every technical transformation, there will be fewer people doing some of the jobs that the technology actually starts to automate,” Jassy told CNBC’s Jim Cramer in an interview on Monday. “But there’s going to be other jobs.”

Even as AI eliminates the need for some roles, Amazon will continue to hire more employees in AI, robotics and elsewhere, Jassy said.

Earlier this month, Jassy admitted that he expects the company’s workforce to decline in the next few years as Amazon embraces generative AI and AI-powered software agents. He told staffers in a memo that it will be “hard to know exactly where this nets out over time” but that the corporate workforce will shrink as Amazon wrings more efficiencies out of the technology.

It’s a message that’s making its way across the tech sector. Salesforce CEO Marc Benioff last week claimed AI is doing 30% to 50% of the work at his software vendor. Other companies such as Shopify and Microsoft have urged employees to adopt the technology in their daily work. The CEO of Klarna said in May that the online lender has managed to shrink its headcount by about 40%, in part due to investments in AI and natural attrition in its workforce.

Jassy said on Monday that AI will free employees from “rote work” and “make all our jobs more interesting,” while enabling staffers to invent better services more quickly than before.

Amazon and other tech companies have also been shrinking their workforces through rolling layoffs over the past several years. Amazon has cut more than 27,000 jobs since the start of 2022, and it’s announced smaller, more targeted layoffs in its retail and devices units in recent months.

Amazon shares are flat so far this year, underperforming the Nasdaq, which has gained 5.5%. The stock is about 10% below its record reached in February, while fellow megacaps Meta, Microsoft and Nvidia are all trading at or very near record highs.

WATCH: Jassy says robots that will eventually do delivery and transportation

Over time we will have robots that will do delivery and transportation, says Amazon CEO Andy Jassy

Continue Reading

Technology

Stablecoin issuer Circle applies for a national bank charter

Published

on

By

Stablecoin issuer Circle applies for a national bank charter

Traders work on the floor at the New York Stock Exchange (NYSE), on the day of Circle Internet Group’s IPO, in New York City, U.S., June 5, 2025.

Brendan McDermid | Reuters

Stablecoin issuer Circle Internet Group has applied for a national trust bank charter, moving forward on its mission to bring stablecoins into the traditional financial world after the firm’s big market debut this month, CNBC confirmed.

Shares rose 1% after hours.

If the Office of the Comptroller of the Currency grants the bank charter, Circle will establish the First National Digital Currency Bank, N.A. Under the charter, Circle, which issues the USDC stablecoin, will also be able to offer custody services in the future to institutional clients for assets, which could include representations of stocks and bonds on a blockchain network.

Reuters first reported on Circle’s bank charter application.

There are no plans to change the management of Circle’s USDC reserves, which are currently held with other major banks.

Anchorage Digital is the only other crypto company to obtain such a license.

Circle’s move comes after a wildly successful IPO and debut trading month on the public markets. Shares of the company are up 484% in June. The company is also benefiting from a wave of optimism after the Senate’s passage of the GENIUS Act, which would give the U.S. a regulatory framework for stablecoins.

Having a federally regulated trust charter would also help Circle meet requirements under the GENIUS Act.

“Establishing a national digital currency trust bank of this kind marks a significant milestone in our goal to build an internet financial system that is transparent, efficient and accessible,” Circle CEO Jeremy Allaire said in a statement shared with CNBC. “By applying for a national trust charter, Circle is taking proactive steps to further strengthen our USDC infrastructure.”

“Further, we will align with emerging U.S. regulation for the issuance and operation of dollar-denominated payment stablecoins, which we believe can enhance the reach and resilience of the U.S. dollar, and support the development of crucial, market neutral infrastructure for the world’s leading institutions to build on,” he said.

Don’t miss these cryptocurrency insights from CNBC Pro:

Continue Reading

Technology

Meta shares hit all-time high as Mark Zuckerberg goes on AI hiring blitz

Published

on

By

Meta shares hit all-time high as Mark Zuckerberg goes on AI hiring blitz

Mark Zuckerberg, chief executive officer of Meta Platforms Inc., during the Meta Connect event on Wednesday, Sept. 25, 2024.

Bloomberg | Bloomberg | Getty Images


Meta shares hit a record high on Monday, underscoring investor interest in the company’s new AI superintelligence group.

The company’s shares reached $747.90 during midday trading, topping Meta’s previous stock market record in February when it began laying off the 5% of its workforce that it deemed “low performers.”

Meta joins Microsoft and Nvidia among tech megacaps that have reached new highs of late, all closing at records Monday. Apple, Amazon, Alphabet and Tesla remain below their all-time highs reached late last year or early this year.

Meta CEO Mark Zuckerberg has been on an AI hiring blitz amid fierce competition with rivals such as OpenAI and Google parent Alphabet. Earlier in June, Meta said it would hire Scale AI CEO Alexandr Wang and some of his colleagues as part of a $14.3 billion investment into the executive’s data labeling and annotation startup.

The social media company also hired Nat Friedman and his business partner, Daniel Gross, the chief of Safe Superintelligence, an AI startup with a valuation of $32 billion, CNBC reported on June 19. Meta’s attempts to buy Safe Superintelligence were rebuffed by the startup’s founder and AI expert Ilya Sutskever, the report noted.

Wang and Friedman are the leaders of Meta’s new Superintelligence Labs, tasked with overseeing the company’s artificial intelligence foundation models, projects and research, a person familiar with the matter told CNBC. The term superintelligence refers to technology that exceeds human capability.

Bloomberg News first reported about the new superintelligence unit.

Meta has also snatched AI researchers from OpenAI. Sam Altman, OpenAI’s CEO, said during a podcast that Meta was offering signing bonuses as high as $100 million.

Andrew Bosworth, Meta’s technology chief, spoke about the social media company’s AI hiring spree during a June 20 interview with CNBC’s “Closing Bell Overtime,” saying that the talent market is “really incredible and kind of unprecedented in my 20-year career as a technology executive.”

WATCH: Meta’s AI talent spending spree

Meta escalated talent war with OpenAI

Continue Reading

Trending