The Chilling Effect of Suing a Dark Web Researcher \ stacker news ~news

I ran across this initially yesterday and wanted to look more into it before I posted it about it. All I can say is YIKES either Columbus, Ohio are the biggest idiots in the world or they are so full of themselves they cannot admit being wrong. Honestly, it is probably at least a little bit of both as the story is beyond bizarre.

For those who have not heard about this in July the city of Columbus suffered from a cyberattack and Columbus Mayor Andrew Ginther said on August 13 that a “breakthrough” in the investigation and most if not all the data stolen was either encrypted or corrupted and thus unusable. However, when a resident of the city whose job is monitoring the dark web, Connor Goodwolf, went poking around he quickly realized that this was not the fact at all. It wasn't a typical attack as multiple databases were hacked, data went back to 1999, and sensitive information about both minors and domestic abuse victims was all in there.

The amount of data stolen was enormous and something that the city did not tell people and so Goodwolf tried to contact the city multiple times to let them know what he had found and how big of an issue this was to no avail. It shouldn't be a surprise then that since the city would not talk with him or change their tune he went to local media and showed them. So the city ended up getting embarrassed as they had to change their tune but where they went off the rails was that they launched a lawsuit AGAINST him and went to the courts silencing him.

All of this was done under the guise of holding him responsible for sharing sensitive data but ummm he didn't steal it and if he found it other people could as well. By raising the alarm and getting this attack the attention it requires he has essentially been held responsible for the PUBLIC finding out by the city. Already we have seen cybersecurity experts from across the world speak out against this because of how absurd it is and how he should be commended and rewarded rather than sued and silenced that is what we see from autocratic governments, not democratic ones.

Not to mention what type of impact this will have in the future for white hackers and others who poke and prod security systems used to protect data across the US. The effect is extremely chilling as people who do the right thing are now being silenced and shamed even though they did not do anything wrong. This guy didn't hack or steal and even though he downloaded some of it how else was he supposed to show anyone what had been leaked?! This was what was required but the city government seems to have been to upset they have been caught misleading their citizens that they are just trying to squash him instead of championing his actions and his discovery.

10 sats \ 0 replies \ @cheerioMsSophie 17 Sep

This is a highly concerning issue, not only in the USA. I am a German scientist currently working in the field of IoT forensics, and I constantly have to ensure that I do not overstep legal boundaries, which significantly hinders my ability to conduct thorough research. For example, if I were to extract cloud tokens from an IoT device and use them to access my own account on the manufacturer's cloud, it could be considered computer sabotage, potentially resulting in imprisonment.

Even if I were to win such a case, there's a strong possibility that my equipment would be confiscated for months, effectively preventing me from working. The university would not provide support, as they generally avoid getting involved in the legal matters of their researchers.

118 sats \ 2 replies \ @zapsammy 16 Sep

when stacker.news detectives territory?

0 sats \ 1 reply \ @Cje95 OP 16 Sep

Lol I dont have enough sats to fund a territory but maybe one day!

0 sats \ 0 replies \ @zapsammy 16 Sep freebie

i likewise hope there will be some deflation in the wild west market... forever deflation.

0 sats \ 2 replies \ @clarity 16 Sep

So the term "white hat" is being brought into question. I'm not sure what this dude did was "white hat". He took stolen data from dark web and copied it to the web.. Seems like a shade of darkness in the "white hat"... Maybe he did do EVERYTHING he could to contact the proper people. Is there a process documented for how to handle whistleblowing in this situation?

103 sats \ 1 reply \ @Cje95 OP 16 Sep

I am not saying he was a white hat. He also did not copy data to the web he copied it from the dark web and showed it to local media. He only showed it to local media after the city refused to meet.

So he did contact all the proper people and he found data that was being sold.

0 sats \ 0 replies \ @clarity 16 Sep

Thank you for clearing that up for me. My web2 feeds are telling me all sorts of different versions of this. I've not even had to read a single article to be kept abreast on this.

0 sats \ 1 reply \ @Satosora 16 Sep

Probably a bit of both, to tell you uthe truth. And maybe a bit of pride, they didnt want to tell everyone they had been breached.

0 sats \ 0 replies \ @Cje95 OP 16 Sep

I agree... It is a wild move though esp since they are suing him.... that seems like they think he should pay for the credit protection stuff the city is being forced to offer. Just a wild thing tbh