Connect with us

Published

7 months ago

on

Ransomware has long been plaguing American municipalities. It appeared to be another typical ransomware attack that impacted the city of Columbus, Ohio, this past July. The city’s response to the hack, however, was not, and it has cybersecurity and legal experts across the country questioning its motives.

Connor Goodwolf (legal name is David Leroy Ross) is an IT consultant who plumbs the dark web as part of his job. “I track dark web-type crimes, criminal organizations, and stuff like what the Telegram CEO has been arrested for,” Goodwolf said.

So when word got out that the city of Columbus, his hometown, had been breached, Goodwolf did what he does: he poked around online. It didn’t take him long to discover what the hackers had in their possession.

“It wasn’t the biggest, but it was one of the most impactful breaches I have seen,” Goodwolf said.

In some ways, he described it as a routine breach, with personal identifiable information, protected health information, Social Security numbers and driver’s license photos exposed. However, because multiple databases were breached, it was more encompassing than other attacks. According to Goodwolf, the hackers had breached multiple databases from the city, the police, and the prosecutor’s office. There were arrest records and sensitive information about minors and domestic violence victims. Some of the breached databases, he says, went back to 1999. 

Goodwolf found over three terabytes of data that took over 8 hours to download.

“The first thing I see is the prosecutor’s database, and I’m like ‘holy sh-t’ these are domestic violence victims. When it comes to domestic violence victims, we need to protect them the most because they have already been victimized once, and now they are again by having their information exposed,” he said.

Goodwolf’s first action was to contact the city to let them know how serious the breach was, because what he saw contradicted official statements. At a press conference on August 13,  Columbus Mayor Andrew Ginther said: “The personal data that the threat actor published to the dark web was either encrypted or corrupted, so the majority of the data came by the threat actor is unusable.”

But what Goodwolf was finding didn’t support that view. “I tried to reach out to the city multiple times to multiple departments and was blown off,” he said.

Google-owned Mandiant, as well as many other top cybersecurity firms, have been tracking a continued increase in ransomware attacks, both in prevalence and severity, and the rise of the Rhysida Group behind the Columbus hack, which has come into prominence within the last year.

The Rhysida Group claimed responsibility for the hack. While not much is known about the cyber gang, Goodwolf and other security experts say they appear to be state-sponsored and based in Eastern Europe, possibly linked to Russia. Goodwolf says these ransomware gangs are “professional operations” with a staff, paid vacation, and PR people.

“They have ramped up the attacks and targets since last autumn,” he said.

The U.S. government’s Cybersecurity and Infrastructure Security Agency issued a bulletin about Rhysida last November.

Goodwolf said that because no one from the city responded to him he went to the local media and shared data with journalists to get the word out about the seriousness of the breach. And that is when he heard from the city of Columbus, in the form of a lawsuit and a temporary restraining order preventing him from disseminating additional information. 

The city defended its response in a statement to CNBC:

“The City initially moved to obtain this order, which was granted by the Court, to prevent the dissemination of sensitive and confidential information, potentially including the identities of undercover police officers, that threatens public safety and criminal investigations.”

The city’s temporary 14-day restraining order against Goodwolf has since expired, and now it has a preliminary injunction and an agreement with Goodwolf not to release more data.

“It should be noted that the Court order does not prohibit the defendant from discussing the data breach or even describing what kind of data was exposed,” the city’s statement added. “It simply prohibits the individual from disseminating the stolen data posted on the dark web. The City remains engaged with federal authorities and cyber security experts to respond to this cyber intrusion.”

Meanwhile, the mayor did have to perform a mea culpa at a subsequent press conference, saying his initial statements were based on the information he had at the time. “It was the best information we had at the time. Clearly, we discovered that that was inaccurate information and I have to accept responsibility for that.”

Realizing the exposure to residents was greater than first thought, the city is offering two years of free credit monitoring from Experian. This includes anyone who has had contact with the city of Columbus via an arrest or other business. Columbus is also working with Legal Aid to see what additional protections are needed for domestic violence victims who may have been compromised or need help with civil protection orders.

To date, the city has not paid the hackers, who were demanding $2 million in ransom.   

‘He’s Not Edward Snowden’

Those who study cybersecurity law and work within the realm expressed surprise at Columbus filing a civil lawsuit against the researcher.

“Lawsuits against data security researchers are rare,” said Raymond Ku, professor of law at Case Western Reserve University. On the rare occasion they do happen, he said, it is usually when the researcher is alleged to have disclosed how a flaw was or can be exploited, which would then allow others to take advantage of the flaw as well.

“He wasn’t Edward Snowden,” said Kyle Hanslovan, CEO of cybersecurity company Huntress, who described himself as troubled by the city of Columbus’s response and what it could mean for future breaches. Snowden was a government contract employee who leaked classified information and faced criminal charges, but considered himself a whistleblower. Goodwolf, Hanslovan says, is a Good Samaritan who independently found the breached data.

“In this case, it appears we have just silenced someone who, as far as I can tell, appears to be a security researcher who did the bare minimum and confirmed the official statements made were not true. This can’t possibly be an appropriate use of the courts,” Hanslovan said, predicting the case will be quickly overturned.

Columbus City Attorney Zach Klein said during a September press conference that the case was “not about freedom of speech or whistleblowing. This is about downloading and disclosure of stolen criminal investigatory records.”

Hanslovan worries about the ripple effect where cybersecurity consultants and researchers are afraid to do their jobs for fear of being sued. “The bigger story here is are we seeing the emergence of a new playbook” for hacking response in which individuals are silenced, and that should not be welcomed, he said. “Silencing any opinion, even for 14 days, could be enough to prevent something credible from coming to light, and that terrifies me,” Hanslovan said. “That voice needs to be heard. As we see bigger cybersecurity incidents come up, I am worried that folks will be more concerned bringing them to light.”

Scott Dylan, founder of United Kingdom-based venture capital firm NexaTech Ventures, also thinks the actions of the city of Columbus could induce a chilling effect on the field of cybersecurity.

“As the field of cyberlaw continues to mature, this case is likely to be referenced in future discussions about the role of researchers in the aftermath of data breaches,” Dylan said.

He says legal frameworks must evolve to keep pace with the sophistication of both cyberattacks and the ethical dilemmas they generate, and the approach taken by Columbus is a mistake.

Meanwhile, the legal process will grind on for Goodwolf. Despite Columbus and Goodwolf reaching an agreement last week on the dissemination of information, the city is still suing him for damages in a civil suit that could reach $25,000 or higher. Goodwolf is representing himself in his talks with the city, though says that he has a lawyer on standby, if needed.

Some residents have filed a class-action lawsuit against the city. Goodwolf says that 55% of the information breached has been sold onto the dark web, while 45% is available for anyone with the skills to access it.

Dylan thinks the city is taking a big risk, even if its actions may be legally defensible, by creating the appearance of an attempt to silence discourse rather than encourage transparency. “It’s a strategy that could backfire, both in terms of public trust and future litigation,” he said.

“I am hoping the city realizes the mistake of filing a civil suit and the implications not just on security,” Goodwolf said, noting that Intel is building a $1 billion facility in a Columbus suburb. In recent years, the city has been positioning itself as a new tech hub in the Midwest, and attacking white hats and cybersecurity researchers, he said, could cause some in the tech sector to rethink it as a location.

Related Topics:
Continue Reading

Technology

Silicon Valley’s early return on Trump investment: Plunging valuations, delayed IPOs

Published

3 hours ago

on

April 5, 2025

By

Silicon Valley's early return on Trump investment: Plunging valuations, delayed IPOs

The Nasdaq MarketSite in New York, June 9, 2023.

Michael Nagle | Bloomberg | Getty Images

Silicon Valley executives and financiers publicly opened their wallets in support of President Donald Trump’s 2024 presidential run. The early returns in 2025 aren’t great, to say the least.

Following Trump’s sweeping tariff plan announced Wednesday, the Nasdaq suffered steep consecutive daily drops to finish 10% lower for the week, the index’s worst performance since the beginning of the Covid pandemic in 2020.

The tech industry’s leading CEO’s rushed to contribute to Trump’s inauguration in January and paraded to Washington, D.C., for the event. Since then, it’s been a slog.

The market can always turn around, but economists and investors aren’t optimistic, and concerns are building of a potential recession. The seven most valuable U.S. tech companies lost a combined $1.8 trillion in market cap in two days.

Apple slid 14% for the week, its biggest drop in more than five years. Tesla, led by top Trump adviser Elon Musk, plunged 9.2% and is now down more than 40% for the year. Musk contributed close to $300 million to help propel Trump back to the White House.

Nvidia, Meta and Amazon all suffered double-digit drops for the week. For Amazon, a ninth straight weekly decline marks its longest such losing streak since 2008.

With Wall Street selling out of risky assets on concern that widespread tariff hikes will punish the U.S. and global economy, the fallout has drifted down to the IPO market. Online lender Klarna and ticketing marketplace StubHub delayed their IPOs due to market turbulence, just weeks after filing with the Securities and Exchange Commission, and fintech company Chime is also reportedly delaying its listing.

CoreWeave, a provider of artificial intelligence infrastructure, last week became the first venture-backed company to raise more than $1 billion in a U.S. IPO since 2021. But the company slashed its offering, and trading has been very volatile in its opening days on the market. The stock plunged 12% on Friday, leaving it 17% above its offer price but below the bottom of its initial range.

“You couldn’t create a worse market and macro environment to go public,” said Phil Haslett, co-founder of EquityZen, a platform for investing in private companies. “Way too much turbulence. All flights are grounded until further notice.”

CoreWeave investor Mark Klein of SuRo Capital previously told CNBC that the company could be the first in an “IPO parade.” Now he’s backtracking.

“It appears that the IPO parade has been temporarily halted,” Klein told CNBC by email on Friday. “The current tariff situation has prompted these companies to pause and assess its impact.”

Tech will see an 'economic armageddon' if these tariffs stay, says Wedbush's Dan Ives

‘Cave rapidly’

During last year’s presidential campaign, prominent venture capitalists like Marc Andreessen backed Trump, expecting that his administration would usher in a boom and eliminate some of the hurdles to startup growth set up by the Biden administration. Andreessen and his partner, Ben Horowitz, said in July that their financial support of the Trump campaign was due to what they called a better “little tech agenda.”

A spokesperson for Andreessen Horowitz declined to comment.

Some techies who supported Trump in the campaign have taken to social media to defend their positions.

Venture capitalist Keith Rabois, a managing director at Khosla Ventures, posted on X on Thursday that “Trump Derangement Syndrome has morphed into Tariff Derangement Syndrome.” He said tariffs aren’t inflationary, are effective at reducing fentanyl imports, and he expects that “most other countries will cave and cave rapidly.”

That was before China’s Finance Ministry said on Friday that it will impose a 34% tariff on all goods imported from the U.S. starting on April 10.

At Sequoia Capital, which is the biggest investor in Klarna, outspoken Trump supporter Shaun Maguire, wrote on X, “The first long-term thinking President of my lifetime,” and said in a separate post that, “The price of stocks says almost nothing about the long term health of an economy.”

However, Allianz Chief Economic Advisor Mohamed El-Erian warned on Friday that Trump’s extensive raft of import tariffs are putting the U.S. economy at risk of recession.

“You’ve had a major repricing of growth prospects, with a recession in the U.S. going up to 50% probability, you’ve seen an increase in inflation expectations, up to 3.5%,” he told CNBC’s Silvia Amaro on the sidelines of the Ambrosetti Forum in Cernobbio, Italy.

Former Microsoft CEOs Bill Gates, left, and Steve Ballmer, center, pose for photos with CEO Satya Nadella during an event celebrating the 50th Anniversary of Microsoft on April 4, 2025 in Redmond, Washington. 

Stephen Brashear | Getty Images

Meanwhile, executives at tech’s megacap companies were largely silent this week, and their public relations representatives declined to provide comments about their thinking.

Microsoft CEO Satya Nadella was in the awkward position on Friday of celebrating his company’s 50th anniversary at corporate headquarters in Redmond, Washington. Alongside Microsoft’s prior two CEOs, Bill Gates and Steve Ballmer, Nadella sat down with CNBC’s Andrew Ross Sorkin for a televised interview that was planned well before Trump’s tariff announcement.

When asked about the tariffs at the top of the interview, Nadella effectively dodged the question and avoided expressing his views about whether the new policies will hamper Microsoft’s business.

Ballmer, who was succeeded by Nadella in 2014, acknowledged to Sorkin that “disruption is very hard on people” and that, “as a Microsoft shareholder, this kind of thing is not good.” Ballmer and Gates are two of the 12 wealthiest people in the world thanks to their Microsoft fortunes.

C-suites may not be able to stay quiet for long, especially if the recent turmoil spills into next week.

Lise Buyer, who previously helped guide Google through its IPO and now works as an adviser to companies going public, said there’s no appetite for risk in the market under these conditions. But there is risk that staffers get jittery, and they’ll surely look to their leaders for some reassurance.

“Until markets settle out and we have the opportunity to access valuation levels, public company CEOs should work to calm potentially distressed employees,” Buyer said in an email. “And private company managements should refine plans to get by on dollars already in the treasury.”

— CNBC’s Hayden Field, Jordan Novet, Leslie Picker, Annie Palmer and Samantha Subin contributed to this report.

WATCH: Chime is reportedly delaying its IPO

Chime is reportedly delaying its IPO

Continue Reading

Technology

Tesla’s June robotaxi deadline looms as political backlash builds over Elon Musk

Published

4 hours ago

on

April 5, 2025

By

Tesla's June robotaxi deadline looms as political backlash builds over Elon Musk

Elon Musk has been promising investors for about a decade that Tesla’s cars are on the verge of turning into robotaxis, capable of driving themselves cross-country, after one big software update.

That hasn’t happened yet.

What Tesla offers is a sophisticated, but only partially automated, driving system that’s marketed in the U.S. as its Full Self-Driving (Supervised) option, though many Tesla fans refer to it as FSD. In China, Tesla recently changed the system’s name to “intelligent assisted driving.”

Full Self-Driving, as it was previously called, relies on cameras and software to enable features like automatic navigation on highways and city streets, or automatic braking and slowing in response to traffic lights and stop signs.

Tesla owner’s manuals warn users that FSD “is a hands-on feature” that requires them to pay attention to the road at all times. “Keep your hands on the steering wheel at all times, be mindful of road conditions and surrounding traffic,” the manuals say.

But many of Tesla’s customers ignore the fine print and use the system hands-free anyway.

Tesla’s partially automated driving systems have been a source of inspiration for its stalwart fans. But they’ve also caused controversy and concern for public safety after reports of injurious and fatal collisions where Tesla’s standard Autopilot or premium FSD systems were known to be in use.

FSD does a lot of things “amazingly well,” said Guy Mangiamele, a professional test driver for automotive consulting firm AMCI Testing, during a recent long drive in Los Angeles. But he added that “the times that it trips up, you could kill somebody or you could hurt yourself.”

The pressure has never been higher on Tesla to elevate the technology and deliver on Musk’s long-delayed promises.

The Tesla CEO is the wealthiest person in the world and was the biggest financial backer of President Donald Trump’s 2024 campaign. Since Trump’s January inauguration, Musk has been leading the administration’s Department of Government Efficiency effort to drastically slash the federal workforce and government spending.

The DOGE team has been connected to more than 280,000 layoff plans for federal workers and contractors impacting 27 agencies over the last two months, according to data tracked by Challenger Gray, the executive outplacement firm.

Musk’s work with DOGE – along with his frequently incendiary political rhetoric and endorsement of Germany’s far-right, anti-immigrant party AfD – has led to a tremendous backlash against Tesla.

Protests, boycotts and even criminal acts of vandalism have targeted the electric vehicle maker in recent months and led many prospective Tesla customers to turn to other brands. Meanwhile, existing Tesla owners have been trading in their EVs at record levels, according to data from Edmunds.

Tesla’s stock dropped 36% through the first three months of 2025, representing its steepest decline since 2022 and third-biggest slide for any quarter since the EV maker went public in June 2010. Tesla also reported 336,681 vehicle deliveries in the first quarter of 2025, a 13% decline from the same period a year ago.

Product unveilings and a “robotaxi launch” expected from Tesla in Austin, Texas, this year could revitalize investors’ sentiment about the company and hopefully lift its share price, Piper Sandler analysts wrote in a note following the worse-than-expected deliveries report.

On Tesla’s last earnings call, Musk promised investors that Tesla will finally start its driverless ride-hailing service in Austin in June.

To see whether the company’s FSD technology is anywhere close to a robotaxi-ready release, CNBC spent months riding along with Tesla owners who use Full Self-Driving (Supervised) and speaking with automotive safety experts about their impressions.

Auto-tech enthusiast and Tesla owner Chris Lee, host of the YouTube channel EverydayChris, told CNBC that Tesla’s system “definitely has a ways to go, but the fact that it’s able to go from where it was three years ago to today, is insane.”

Many experts, including Telemetry Vice President of Market Research Sam Abuelsamid, remain skeptical. There’s been “no evidence” that FSD is “anywhere close to being ready to be used in an unsupervised form” by June, said Abuelsamid, whose firms specializes in automotive intelligence.

Tesla FSD will “often work really well, particularly in daytime conditions” but then “randomly, in a scenario where it did fine previously, it will fail,” said Abuelsamid, adding that those scenarios can be unpredictable and dangerous.

Watch the video to learn more about the evolution of Tesla’s Full Self-Driving (Supervised) and whether it will be robotaxi-ready this June.

Continue Reading

Technology

Microsoft AI chief Suleyman sees advantage in building models ‘3 or 6 months behind’

Published

17 hours ago

on

April 5, 2025

By

Microsoft AI chief Suleyman sees advantage in building models ‘3 or 6 months behind’

Microsoft owns lots of Nvidia graphics processing units, but it isn’t using them to develop state-of-the-art artificial intelligence models.

There are good reasons for that position, Mustafa Suleyman, the company’s CEO of AI, told CNBC’s Steve Kovach in an interview on Friday. Waiting to build models that are “three or six months behind” offers several advantages, including lower costs and the ability to concentrate on specific use cases, Suleyman said.

It’s “cheaper to give a specific answer once you’ve waited for the first three or six months for the frontier to go first. We call that off-frontier,” he said. “That’s actually our strategy, is to really play a very tight second, given the capital-intensiveness of these models.”

Suleyman made a name for himself as a co-founder of DeepMind, the AI lab that Google bought in 2014, reportedly for $400 million to $650 million. Suleyman arrived at Microsoft last year alongside other employees of the startup Inflection, where he had been CEO.

More than ever, Microsoft counts on relationships with other companies to grow.

It gets AI models from San Francisco startup OpenAI and supplemental computing power from newly public CoreWeave in New Jersey. Microsoft has repeatedly enriched Bing, Windows and other products with OpenAI’s latest systems for writing human-like language and generating images.

Microsoft’s Copilot will gain “memory” to retain key facts about people who repeatedly use the assistant, Suleyman said Friday at an event in Microsoft’s Redmond, Washington, headquarters to commemorate the company’s 50th birthday. That feature came first to OpenAI’s ChatGPT, which has 500 million weekly users.

Through ChatGPT, people can access top-flight large language models such as the o1 reasoning model that takes time before spitting out an answer. OpenAI introduced that capability in September — only weeks later did Microsoft bring a similar capability called Think Deeper to Copilot.

Microsoft occasionally releases open-source small-language models that can run on PCs. They don’t require powerful server GPUs, making them different from OpenAI’s o1.

OpenAI and Microsoft have held a tight relationship shortly after the startup launched its ChatGPT chatbot in late 2022, effectively kicking off the generative AI race. In total, Microsoft has invested $13.75 billion in the startup, but more recently, fissures in the relationship between the two companies have begun to show.

Microsoft added OpenAI to its list of competitors in July 2024, and OpenAI in January announced that it was working with rival cloud provider Oracle on the $500 billion Stargate project. That came after years of OpenAI exclusively relying on Microsoft’s Azure cloud. Despite OpenAI partnering with Oracle, Microsoft in a blog post announced that the startup had “recently made a new, large Azure commitment.”

“Look, it’s absolutely mission-critical that long-term, we are able to do AI self-sufficiently at Microsoft,” Suleyman said. “At the same time, I think about these things over five and 10 year periods. You know, until 2030 at least, we are deeply partnered with OpenAI, who have [had an] enormously successful relationship for us.

Microsoft is focused on building its own AI internally, but the company is not pushing itself to build the most cutting-edge models, Suleyman said.

“We have an incredibly strong AI team, huge amounts of compute, and it’s very important to us that, you know, maybe we don’t develop the absolute frontier, the best model in the world first,” he said. “That’s very, very expensive to do and unnecessary to cause that duplication.”

WATCH: Microsoft Copilot beginning of a seismic shift in AI integration, says Microsoft AI CEO Suleyman

Continue Reading

Trending