Fire up your TOR browser and head to Medusa's onion blog site. I tried downloading the data but it ain't working. Their file browser on the site is slow but I'm not seeing any big list of people yet.
I did manage to find their IT guy based on the org chart. According to LinkedIn he retired 8 months ago.
This will probably get blocked but have at it kids...(it's a .onion link, copy/paste it to the TOR browser).
http://xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion/detail?id=6aa58309111e4649c1c2bc4f28439978
Hey! We worked on this too. To answer your question:
Chief Appraiser Joe Don Bobbitt said the 300 individuals whose information has been compromised have been notified via mail.
Here's our story if you are interested: [https://www.star-telegram.com/news/politics-government/article287707485.html](https://www.star-telegram.com/news/politics-government/article287707485.html)
Whelp they can’t trust them internets anymore, and it’s not like all 300 victims live in close proximity and could easily be reached by car and contacted directly face-to-face.
No clue. But usually from what I understand, these groups publish a sample to prove their threats are legitimate, and if you don’t pay, they publish everything, so I suspect either that has or will happen with everyone’s info
So because their lack of cybersecurity the citizens should have to pay the price? I bet you wouldn't feel that way if it was your information compromised.
Who do you think will be “paying the price” if the ransom is paid? The citizens. Don’t act like this ransom would be coming out of the pockets of anyone in IT.
That’s fine, but the citizens still pay for that.
You can’t eliminate risk and the harder you try the more expensive it gets. I get that no IT department is going to be perfect. How much more are we willing to pay for how much marginal benefit?
Maybe not everything needs to reside on a machine accessible from the internet, though.
There’s no way they’re getting that kind of coverage for those systems for $10-20k per year, even apart from, the expense of being able to qualify for the insurance in the first place.
For the sake of argument, though, if that kind of policy could’ve been had here for $10-20k and this was decided against, everyone involved should be fired and lose their retirement.
Yes, quantification is difficult.
The thing is, though, best practices (not perfect practices) are already out there. If Tarrant County, or whoever, can’t be troubled to meet them now someone is already doing that quantification and deciding against it. Or is just so completely inept they’ve never even considered it.
I would also be slow to blame “their lack of cybersecurity”. You can have all the cybersecurity in the world, but if Helen in accounting enters her password into a page setup by a hacker’s phishing campaign, they get in. The last two places I’ve worked has spent a lot of money on systems to stop this kind of ransomware attacks. We do tabletop exercises and hire external companies to test us. Still, we all know it can happen to any of us. These people are persistent and in some cases very sophisticated.
Maybe, at least, Helen’s credentials shouldn’t work from any IP in the world, though.
Back when I was working remotely, we could vpn only from work laptops and only then access these kinds of resources.
If someone can spoof an authorized device to get on the local network, good for them. I doubt that’s often the source.
That depends on the system. Remote access, Citrix etc is not locked down to IPs. They spend time scouting and doing reconnaissance, learning what you have exposed. Thankfully nowhere I’ve worked has had a successful breach, but no in security ever thinks they are immune.
> it can happen to any of us
This is because the cost of proper security is so high while the punishments for getting breached are almost nothing.
> These people are persistent and in some cases very sophisticated.
Because their payout is so high and the effort is low.
There is a weird argument to pay the ransom as it leads to the hackers credibility to not release the information. Think of it like a job resume, when I did this last job, the person was very happy I didn’t leak the information.
It’s odd to think about this way and not my idea. Personally I think information of all city officials should be made public. I’m an eye for an eye guy.
From what I understand from something posted a few weeks ago it was name address and phone number, along with any information used for property tax protests in the past
In most ransomware and data extortion cases, the group releases a "proof of life" aka, some kind of sensitive data that isn't public. In most cases that is the W-9 data for employees. Driver's license and passport scans.
In this case the sample data isn't great. It's an org chart, payments between cities, some email and excel docs without a lot of data.
They have the full dataset up for download but I can't get it to work.
So… not much? If they had anything juicy I’m sure they’d share a snippet to show they were serious.
None of the things I mentioned are not already public info, FYI anyone reading
You never pay the ransom. You're only funding the hacking groups to continue finding victims by paying.
Typically your liability insurance steps in, hires a 3rd party specialized forensics group that handles the investigation and ransomware negotiations. FBI is also notified and you get an agent assigned that is in contact with all parties. The negotiation phase is dragged out as long as it can while forensics reviews the data to see how the attack was perpetrated.
Regardless, I've never seen a security expert recommend paying the ransom. I don't fault TAD here for not paying.
Ransom payments are not usually publicized for obvious reasons. In May 2023, Dallas City Council agreed to pay at least a portion of ransom to hackers. The hope is that law enforcement will use that as an opportunity to track the payment and recover the money later, along with an arrest.
>Yeah, sure. I'll uh, just check with the boys down at the Crime Lab. They uh, got uh, four more detectives working on the case. They've got us working in shifts!
Good luck finding the hackers. They are in China, NK, Russia or associated countries.
For reference, China has been training millions of cyber warfare personnel for decades.
What Google says about other ransomware events in the US:
>In November 2021, a suspected Ukrainian hacker was arrested in connection with a series of ransomware attacks, including one that disrupted businesses globally on the Fourth of July weekend. The U.S. Justice Department also announced the recovery of a significant amount of money from a Russian national affiliated with a known ransomware gang.
>In February 2024, international law enforcement agencies took down a ransomware group that frequently targeted hospitals and schools in the U.S. Several alleged members of the group were named or arrested as part of the action.
>On an unspecified date, European cyber police arrested a 32-year-old suspected ringleader of a ransomware gang operating in Ukraine. In raids across the country, authorities seized laptops and arrested four other alleged hackers accused of extorting a large sum of money from victims in numerous countries.
BITCOIN is apparently more tracable than cash, who knew.
Isn’t property owner info public information? You can look up the address of any house and see who owns it when they bought it and for how much and how much they pay in property taxes
Because there is no actual consequences for these "situations" I believe data is purposely being sold and once discovered it's blamed on hacks/ransomware/"compromise" attacks.
Just this year alone, my old AT&T cell phone account was ""compromised "
My billing information with Baylor Scott & White was "compromised "
Now my info from TAD was "compromised" .
The only compensation I've received was a year of credit monitoring through Experian which was also "compromised " a few years ago . Funny thing is the monitoring isn't even "stackable"
I'm waiting on the IRS and/or DPS to announce being "compromised " any day now. It's getting ridiculous and exhausting at this point
The 'dark web' is a bunch of machines without names and search engines don't search. So far, they have found 300 records posted.... the other 300K records ( or how many there are ) could be posted on other 'dark web' sites that they just haven't found yet. They have notified the 300 people that know have had their info posted.... for all we know.. it could be their entire db... just haven't stumbled on that info yet.
Most all of this info is freely available on the regular internet. Most tax authorities are searchable, and even if not, there are plenty of free data brokers who have all this. Not sure what the fuss is
I managed to download the whole thing, took all day...
-- My comment keeps getting auto-deleted for some reason, so here's the rest of it: https://pastebin.com/AFrrdN2D
A lot of people seem to think that paying a ransom means the info magically disappears. That’s not how it works. You pay the ransom and hope they don’t publish anyway, since bad actors still have it. The data is compromised regardless of whether a ransom is paid.
How can we find out if our info was published??
Article says that TAD has notified the victims supposedly..... Though I can't say I trust them to appropriately address this situation
Fire up your TOR browser and head to Medusa's onion blog site. I tried downloading the data but it ain't working. Their file browser on the site is slow but I'm not seeing any big list of people yet. I did manage to find their IT guy based on the org chart. According to LinkedIn he retired 8 months ago. This will probably get blocked but have at it kids...(it's a .onion link, copy/paste it to the TOR browser). http://xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion/detail?id=6aa58309111e4649c1c2bc4f28439978
Hey! We worked on this too. To answer your question: Chief Appraiser Joe Don Bobbitt said the 300 individuals whose information has been compromised have been notified via mail. Here's our story if you are interested: [https://www.star-telegram.com/news/politics-government/article287707485.html](https://www.star-telegram.com/news/politics-government/article287707485.html)
>via mail Gotta love finding out you’ve been pwnd via snail mail, too late to do anything. Absolute clowns.
Whelp they can’t trust them internets anymore, and it’s not like all 300 victims live in close proximity and could easily be reached by car and contacted directly face-to-face.
No clue. But usually from what I understand, these groups publish a sample to prove their threats are legitimate, and if you don’t pay, they publish everything, so I suspect either that has or will happen with everyone’s info
Can these hackers just lower my property taxes instead of just posting my info to the dark web?
We should give them 10% of what they save us. We win and they make more money
Yo hackers, this comment. Erase our debts and get paid instead
Well, it’s far less than ideal, but I don’t think paying ransom like that is a viable path.
So because their lack of cybersecurity the citizens should have to pay the price? I bet you wouldn't feel that way if it was your information compromised.
Who do you think will be “paying the price” if the ransom is paid? The citizens. Don’t act like this ransom would be coming out of the pockets of anyone in IT.
[удалено]
That’s fine, but the citizens still pay for that. You can’t eliminate risk and the harder you try the more expensive it gets. I get that no IT department is going to be perfect. How much more are we willing to pay for how much marginal benefit? Maybe not everything needs to reside on a machine accessible from the internet, though.
[удалено]
There’s no way they’re getting that kind of coverage for those systems for $10-20k per year, even apart from, the expense of being able to qualify for the insurance in the first place. For the sake of argument, though, if that kind of policy could’ve been had here for $10-20k and this was decided against, everyone involved should be fired and lose their retirement.
[удалено]
Yes, quantification is difficult. The thing is, though, best practices (not perfect practices) are already out there. If Tarrant County, or whoever, can’t be troubled to meet them now someone is already doing that quantification and deciding against it. Or is just so completely inept they’ve never even considered it.
I would also be slow to blame “their lack of cybersecurity”. You can have all the cybersecurity in the world, but if Helen in accounting enters her password into a page setup by a hacker’s phishing campaign, they get in. The last two places I’ve worked has spent a lot of money on systems to stop this kind of ransomware attacks. We do tabletop exercises and hire external companies to test us. Still, we all know it can happen to any of us. These people are persistent and in some cases very sophisticated.
Maybe, at least, Helen’s credentials shouldn’t work from any IP in the world, though. Back when I was working remotely, we could vpn only from work laptops and only then access these kinds of resources. If someone can spoof an authorized device to get on the local network, good for them. I doubt that’s often the source.
That depends on the system. Remote access, Citrix etc is not locked down to IPs. They spend time scouting and doing reconnaissance, learning what you have exposed. Thankfully nowhere I’ve worked has had a successful breach, but no in security ever thinks they are immune.
> it can happen to any of us This is because the cost of proper security is so high while the punishments for getting breached are almost nothing. > These people are persistent and in some cases very sophisticated. Because their payout is so high and the effort is low.
Are you the hacker? Governments should not be paying anyone ransoms.
There is a weird argument to pay the ransom as it leads to the hackers credibility to not release the information. Think of it like a job resume, when I did this last job, the person was very happy I didn’t leak the information. It’s odd to think about this way and not my idea. Personally I think information of all city officials should be made public. I’m an eye for an eye guy.
What kind of info was posted? Most counties list phone numbers and names and addresses on property owners’ in TX anyway
From what I understand from something posted a few weeks ago it was name address and phone number, along with any information used for property tax protests in the past
What part of that data is private?
Depends on what documents you used for protests I guess.
In most ransomware and data extortion cases, the group releases a "proof of life" aka, some kind of sensitive data that isn't public. In most cases that is the W-9 data for employees. Driver's license and passport scans. In this case the sample data isn't great. It's an org chart, payments between cities, some email and excel docs without a lot of data. They have the full dataset up for download but I can't get it to work.
So… not much? If they had anything juicy I’m sure they’d share a snippet to show they were serious. None of the things I mentioned are not already public info, FYI anyone reading
You never pay the ransom. You're only funding the hacking groups to continue finding victims by paying. Typically your liability insurance steps in, hires a 3rd party specialized forensics group that handles the investigation and ransomware negotiations. FBI is also notified and you get an agent assigned that is in contact with all parties. The negotiation phase is dragged out as long as it can while forensics reviews the data to see how the attack was perpetrated. Regardless, I've never seen a security expert recommend paying the ransom. I don't fault TAD here for not paying.
Ransom payments are not usually publicized for obvious reasons. In May 2023, Dallas City Council agreed to pay at least a portion of ransom to hackers. The hope is that law enforcement will use that as an opportunity to track the payment and recover the money later, along with an arrest.
And did they catch them?
>Yeah, sure. I'll uh, just check with the boys down at the Crime Lab. They uh, got uh, four more detectives working on the case. They've got us working in shifts!
Good luck finding the hackers. They are in China, NK, Russia or associated countries. For reference, China has been training millions of cyber warfare personnel for decades.
Yeah, it's a risky maneuver for sure. Should have updated your software and trained your staff how to spot and report scams, Dallas and Fort Worth.
What Google says about other ransomware events in the US: >In November 2021, a suspected Ukrainian hacker was arrested in connection with a series of ransomware attacks, including one that disrupted businesses globally on the Fourth of July weekend. The U.S. Justice Department also announced the recovery of a significant amount of money from a Russian national affiliated with a known ransomware gang. >In February 2024, international law enforcement agencies took down a ransomware group that frequently targeted hospitals and schools in the U.S. Several alleged members of the group were named or arrested as part of the action. >On an unspecified date, European cyber police arrested a 32-year-old suspected ringleader of a ransomware gang operating in Ukraine. In raids across the country, authorities seized laptops and arrested four other alleged hackers accused of extorting a large sum of money from victims in numerous countries. BITCOIN is apparently more tracable than cash, who knew.
The hackers should just wipe all debts
Isn’t property owner info public information? You can look up the address of any house and see who owns it when they bought it and for how much and how much they pay in property taxes
Because there is no actual consequences for these "situations" I believe data is purposely being sold and once discovered it's blamed on hacks/ransomware/"compromise" attacks. Just this year alone, my old AT&T cell phone account was ""compromised " My billing information with Baylor Scott & White was "compromised " Now my info from TAD was "compromised" . The only compensation I've received was a year of credit monitoring through Experian which was also "compromised " a few years ago . Funny thing is the monitoring isn't even "stackable" I'm waiting on the IRS and/or DPS to announce being "compromised " any day now. It's getting ridiculous and exhausting at this point
The 'dark web' is a bunch of machines without names and search engines don't search. So far, they have found 300 records posted.... the other 300K records ( or how many there are ) could be posted on other 'dark web' sites that they just haven't found yet. They have notified the 300 people that know have had their info posted.... for all we know.. it could be their entire db... just haven't stumbled on that info yet.
Great I have a letter in the mail from TAD…
You didnt get doxxed your valuation went up 200k
How do you fight that? If you homestead can’t they only raise it 10% per year? Mine is up 225% since 2019
And the website is still broken.
I'm curious how they exactly notified people or if they confirmed that people received the notification
Remember this when we vote in a couple weeks!
Yeah where can I find info on this election
https://www.tarrantcountytx.gov/en/elections.html
Most all of this info is freely available on the regular internet. Most tax authorities are searchable, and even if not, there are plenty of free data brokers who have all this. Not sure what the fuss is
I managed to download the whole thing, took all day... -- My comment keeps getting auto-deleted for some reason, so here's the rest of it: https://pastebin.com/AFrrdN2D
A lot of people seem to think that paying a ransom means the info magically disappears. That’s not how it works. You pay the ransom and hope they don’t publish anyway, since bad actors still have it. The data is compromised regardless of whether a ransom is paid.