Tag Archive for: refuses

Hackers Post Data From LAUSD Ransomware Breach After District Refuses To Pay Ransom


A group of hackers has released sensitive data stolen from the Los Angeles Unified School District’s online systems during the Labor Day weekend ransomware attack, district officials confirmed Sunday.

The development comes just days after LAUSD officials confirmed that cyberattackers had demanded the school district pay a ransom to prevent the data’s exposure. LAUSD leaders refused.

What Data Do The Attackers Have?

The scope of the stolen data is unclear. LAUSD Superintendent Alberto Carvalho issued a statement on Twitter saying that experts with the district and law enforcement were “analyzing the full extent of this data release.”

LAist has reviewed screenshots from the website of the ransomware gang Vice Society, which multiple tech journalists have reported is responsible for the attack. On the page displaying directories of data the group allegedly stole, one folder is labeled “Secret Confidential.” Another is labeled “ssn” — apparently short for “Social Security number.”

One screenshot shows other more innocuously named file directories that appear to be part of the release: “Contractor Docs,” “Document Control Group,” “DIARY REQUEST MASTER LOG,” and “Passport.”

LAUSD’s facilities system — used for managing building projects and paying contractors — was hardest hit by the September ransomware attack, and is still largely inoperable. Carvalho has confirmed data from that system was stolen.

How Concerned Should Teachers, Students And Parents Be?

Previously, Carvalho has said LAUSD’s employee payroll system — which contains employee Social Security numbers — was untouched.

The superintendent has also said that hackers managed to “touch” systems containing sensitive data on students; he’s expressed cautious optimism that data from those systems wasn’t stolen, but it’s difficult to rule that possibility out definitively.

Cybersecurity experts…

Source…

Costa Rica refuses to pay ransom in hack


SAN JOSE, Costa Rica — Nearly a week into a ransomware attack that has crippled Costa Rican government computer systems, the country refused to pay a ransom as it struggled to implement workarounds and braced itself as hackers began publishing stolen information.

The Russian-speaking Conti gang claimed responsibility for the attack, but the Costa Rican government had not confirmed its origin.

The Finance Ministry was the first to report problems Monday. Attacks on the social security agency’s human resources system and on the Labor Ministry, as well as others followed.

The initial attack forced the Finance Ministry to shut down for several hours the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.

Conti had not published a specific ransom amount, but Costa Rica President Carlos Alvarado said, “The Costa Rican state will not pay anything to these cybercriminals.” A figure of $10 million circulated on social media platforms, but did not appear on Conti’s site.

Costa Rican businesses fretted over confidential information provided to the government that could be published and used against them, while average citizens worried that personal financial information could be used to clean out their bank accounts.

Christian Rucavado, executive director of Costa Rica’s Exporters Chamber, said the attack on the customs agency had collapsed the country’s import and export logistics. He described a race against the clock for perishable items waiting in cold storage and said they still didn’t have an estimate for the economic losses. Trade was still moving, but much more slowly.

“Some borders have delays because they’re doing the process manually,” Rucavado said. “We have asked the government for various actions like expanding hours so they can attend to exports and imports.”

He said normally Costa Rica exports a daily average of $38 million in products.

Allan Liska, an intelligence analyst with security firm Recorded Future, said that Conti was pursuing a double extortion: encrypting government files to freeze agencies’ ability to function and posting stolen files…

Source…

Judge Refuses To Dismiss Batch Of Nicholas Sandmann’s Media Lawsuits In The Laziest Defamation Ruling I’ve Ever Seen

I am perplexed. Nicholas Sandmann, the Kentucky teenager who had a highly publicized and widely debated encounter in Washington DC is somewhat of a Rorshach Test for how you view the media. There are all sorts of interpretations of his encounter, and all sorts of arguments about the media coverage of that encounter — and much of it is driven by people’s prior beliefs. What should not be controversial, however, is that his ongoing series of SLAPP suits about the media coverage of that encounter are an attack on the 1st Amendment.

We were a bit surprised that (after first having the case thrown out before it was reinstated on very narrow grounds), the Washington Post agreed to settle, as did CNN. Given the basis of the case, and the nature of defamation law, it seemed highly likely that the cases settled for what is known as a “nuisance fee.” Less than it would cost to actually bring the case to conclusion, but not a significant amount to either media property. Of course, Sandmann’s lawyer has threatened to sue some more journalists and end careers of some who speculated on the nature of the settlements, though as far as I can tell, no such lawsuits have been filed.

That said, there was a long list of other Sandmann lawsuits filed against major media companies for reporting on his DC encounter. All of them are under the same judge, William Bertelsman, and he has now refused to dismiss all of them. The opinions in the cases against the NY Times, ABC News, Rolling Stone and CBS News are all virtually identical.

I will admit that I am perplexed by the judge’s reasoning in these cases, which does not seem anything even remotely like any other defamation case I’ve ever seen. Because the rulings are all pretty similar (with just some slight differences), we’ll just go through the ruling against the NY Times and highlight some of the oddities. The judge summarizes the case and then just says “well, I found the statement to be libelous in previous cases, and therefore it is here.”

The Complaint is based on the defendant’s news coverage of an event that occurred on January 18, 2019, during a visit by plaintiff Nicholas Sandmann and his fellow Covington Catholic High School students to Washington, D.C.

Greatly summarized, the Complaint alleges that Sandmann was libeled by the defendant when it published a news article stating that Sandmann, while at the Lincoln Memorial, “blocked” Native-American activist Nathan Phillips and “prevented Phillips’ retreat while Nicholas and a mass of other young white boys surrounded, taunted, jeered and physically intimidated Phillips.”….

This news story is alleged to be false and defamatory…. Sandmann further alleges that this publication by defendant and similar stories by other news media caused him to be harassed by the public, causing him great emotional distress….. Sandmann also alleges that defendant’s article “is now forever a part of the historical Internet record and will haunt and taint Nicholas for the remainder of his natural life and impugn his reputation for generations to come.”…

The motion to dismiss argues that this publication is not libelous, but the Court has ruled in companion cases that it is libelous. The Court continues to hold that opinion for the reason stated in such preceding cases. See Sandmann v. The Washington Post, Cov. Case No. 19cv19 (Docs. 47, 64); Sandmann v. Cable News Network, Cov. Case No. 19cv31 (Docs. 43, 44); Sandmann v. NBCUniversal Media, LLC, Cov. Case No. 19cv56 (Doc. 43).

So, there are a bunch of oddities already in here, but I’ll just focus on that last paragraph, in which the judge says that “the Court has ruled in companion cases that it is libelous” and then points to those other cases. But, that’s not what actually happened. The key case that matters here is the one against the Washington Post. The judge points to two documents in that case: 47 and 64, neither of which have the judge saying that these statements are libelous. In fact, the only thorough analysis of the statements comes in document 47 and it concludes that… what was written by the Washington Post was not libelous. It goes through it all pretty thoroughly and notes that the claims of libel are either protected opinion or not about Sandmann himself.

More to the point, this ruling — again by the same judge — says that what constitutes “blocked” is a subjective matter of opinion and thus not defamatory:

This is kind of important, because it’s the exact same statement that is the basis of all of these lawsuits that the judge refused to dismiss.

Yet, he says that he found that statement to be defamatory… while pointing to a filing in which he did the opposite. Now, in the later ruling that reinstated a tiny, limited part of the case (filing 64) involving that same statement, the judge says that he will allow for more discovery before deciding on whether or not they’re defamatory.

The Court will adhere to its previous rulings as they pertain to these statements except Statements 10, 11, and 33, to the extent that these three statements state that plaintiff “blocked” Nathan Phillips and “would not allow him to retreat.” Suffice to say that the Court has given this matter careful review and concludes that “justice requires” that discovery be had regarding these statements and their context. The Court will then consider them anew on summary judgment.

The other cases that the judge mentions as proving he found these statements libelous only point back to the Washington Post filing… that again says the opposite. So the judge is basing his ruling on the fact that he already found these statements to be libelous when he didn’t actually do that. It’s the most bizarre thing I’ve seen from a federal judge.

From there he goes on to quote the same paragraph (oddly leaving out quotation marks where they obviously belong):

As in other cases, the Complaint herein alleges that the defendant’s article quoted the following statement by Phillips:

It was getting ugly, and I was thinking: I’ve got to find myself an exit out of this situation and finish my song at the Lincoln Memorial, Mr. Phillips told The Post. I started going that way, and that guy in the hat stood in my way and we were at an impasse. He just blocked my way and wouldn’t allow me to retreat.

The Complaint alleges that this statement was false in that Sandmann did not block Phillips or interfere with him in any way, and that it conveys a defamatory meaning because it imputes to Sandmann racist conduct.

Note that this is again the same statement that the court originally found to be not defamatory and then later said he would allow discovery on, but over which the case settled before going much further. So I’m completely lost as to how the judge can say he already found this to be defamatory.

The parties agree that Kentucky law applies to this case. Under Kentucky law, a writing is defamatory “if it tends to (1) bring a person into public hatred, contempt or ridicule; (2) cause him to be shunned or avoided; or (3) injure him in his business or occupation.”… The allegations of the Complaint fit this definition precisely.

Wait… what? This leaves out more than a few things about defamation under Kentucky Law (and the 1st Amendment). It leaves out that the statements need to be false statements of fact, for example. Statements of opinion cannot be defamatory. That seems, you know, kind of… important?

The judge then rejects the NY Times’ citation of another case in the same circuit, saying that that was under Ohio law rather than Kentucky law. But that ruling was using standard 1st Amendment standards for defamation law that still apply in Kentucky. And the reasoning the judge gives makes no sense at all.

In Croce, a newspaper published an article that included unflattering allegations against the plaintiff, a university professor and cancer researcher. The Court held that, in “full context,” a “reasonable reader would interpret the article as a standard piece of investigative journalism” which simply reported “newsworthy allegations with appropriate qualifying language.”

That holding is inapplicable under the allegations of the Complaint here. Defendant published a statement by Phillips that was made after Sandmann had departed for home, a statement to which Sandmann had no opportunity to reply in real time. While Sandmann had such an opportunity later, and such evidence might be admissible to show lack of malice, it is not a defense to the defamatory meaning of Phillips’ original statement itself.

WHAT?!? That’s not how defamation law works at all. The question of whether or not someone has the ability to “reply in real time” has nothing to do with the standards for defamation law. Notice that the judge here doesn’t cite anything for claiming this. He just… says it. And, again the other case that the NY Times points to is exactly on point, whether it’s talking about Kentucky or Ohio. The 1st Amendment still exists. The fact that Phillips said stuff after Sandmann went home is… totally and completely irrelevant.

Also, let’s be clear here. This is a case about Phillips’ statement that he made to the Washington Post, which were then repeated in the NY Times (attributed to the Post). If this case were against Phillips, you might be able to squint and kinda sorta, but not really, find a way to say that there’s an argument here (again, no, not really). If this were the case against the Washington Post, again, you might be able to squint and see that, which is why the allowance for more discovery was made in the first place. But, how does Sandmann’s inability to reply to the Washington Post quoting Phillips in real time have anything whatsoever to do with the question of whether or not the NY Times is liable for defamation? It doesn’t.

The judge also rejects the Times’ statute of limitations claim, which under Kentucky law is one year. The lawsuit was filed 14 months after the incident. The judge says that since Sandmann is a minor, the statute of limitations is effectively extended until he turns 18. The Times argues that at the very least, the statute of limitations should have started ticking when he filed the original lawsuit against the Washington Post, but again the judge just says “nope.” Even though the NY Times pointed to previous rulings that agreed with their analysis of the statute of limitations the judge says that the procedural history in that other case was different (he doesn’t explain how or why) and that he “does not believe” that the original case the Times point to would be upheld if it were appealed. Which… is a take.

Anyway, this does not mean that Sandmann has yet won. It just means that these cases can move forward. And that’s dangerous for a few reasons. I’m not 100% sure, but it’s possible that the media defendants won’t be able appeal on this point (this gets beyond my knowledge of Kentucky civil procedure — but some laws allow for “interlocutory appeal” in which you can appeal specific aspects of a ruling, while others want you to wait until the court makes a final ruling on the case before it can go up on appeal). If that’s the case then appeals would have to wait until later in the case, after the case has gone on through more expensive stages — and that means that many of the media companies (and their insurance companies) may feel a lot of pressure to just throw a bit of money at Sandmann to make the case go away for less than it will cost to go through to the next round.

The NY Times has a history of not caving in cases like this, recognizing that it has to set the standard, so I hope it continues fighting. But it would not surprise me to see some of the other media companies also do “confidential settlements” that many people will judge as some huge victory for Sandmann.

All in all this is a very, very, very odd ruling that does not fit with any other defamation case I’ve seen, appears to go against plenty of precedent and, most bizarrely, has the judge citing his own rulings in a different case that say the exact opposite of what he claims it says in this case.

Techdirt.

EU General Court Refuses To Allow St. Andrews Links To Trademark ‘St. Andrews’ For All The Things

For those of us who have fallen in love with the world’s most personally infuriating sport, golf, the name The St. Andrews Links Golf Course is of course quite notable. The famed “Cathedral of Golf” also happens to be located in a town of the same name, St. Andrews in Scotland. St. Andrews is a fairly common term in the naming of locations and famous landmarks. Despite this, The Saint Andrews Links went to the EU’s Intellectual Property Office to request it be granted a trademark for “St. Andrews” in roughly every category, including broadly in apparel and sports goods. When that request was denied in 2016 on grounds that location names have high bars to clear to get trademarks and are therefore relatively rarely granted, St. Andrews Links took its case to Luxembourg on appeal.

There, the EU General Court dismissed the appeal, arguing again that “St. Andrews” is primarily a reference to the town of St. Andrews, not to any provider of the type of goods that St. Andrews Links wanted to hold trademarks for.

But having had its application to the European Union Intellectual Property Office (EUIPO) turned down in 2016, an appeal against the decision has now been dismissed by the EU General Court in Luxembourg.  According to official documents, the appeal board argued “the expression ‘St Andrews’ referred above all to a town known for its golf courses though not particularly for the manufacturing or marketing of clothing, footwear, headgear, games and playthings.”

The court said EU and UK law generally excludes the registration of geographical names as trade marks “where they designate specified geographical locations which are already famous, or are known for the category of goods or services concerned.”

In other words, the town itself is also well known and, because the mark applied for consisted of the name of that famous town, St. Andrews Links can’t lock up “St. Andrews” for itself in a bunch of categories not directly related to its business. Readers here will likely be nodding along, understanding that this all makes perfect sense. The reason I’m highlighting all of this is because of how frustratingly rare it is for an intellectual property office and appeals court to get this so, so right. Too often, corporate wishes are simply granted, especially when dealing with an entity like St. Andrews Links, which is itself rather famous and is a point of pride for the region.

It sure would be nice if other IPOs applied the intent of the law this strictly.

Permalink | Comments | Email This Story

Techdirt.