You might recall that Donald Trump was trying to set up a social network, and it promptly got pwned within hours. Not only that, it was using an open source social networking platform called Mastodon improperly. And I speculated that this would become a problem for Trump.
Surprise, it’s now a problem for Trump according to The Verge:
This news comes from a blog post by Mastodon’s founder Eugen Rochko, but others have previously pointed out that the organization behind Truth, the Trump Media and Technology Group (or TMTG), was violating Mastodon’s software license by not providing the source code for the site built on top of it. Trump’s group has 30 days from when the letter was sent to comply with the license or stop using the software, or it could lose the right to do so.
While Truth hasn’t officially launched yet, internet users discovered that a test version basically had the same interface as Mastodon, and that some of the code for the site was unchanged from the other social network’s code. By itself, that’s actually the intended use of open-source software — but as the Software Freedom Conservancy pointed out last week, apps or websites based on software that uses the AGPLv3 license have to in turn provide their own source code. According to the foundation that wrote AGPL, it’s meant to make the community’s software better: if you improve on something that someone else made, they should be able to benefit from your work like you did theirs.
As Mastodon and Rochko reiterated on Friday, though, TMTG hasn’t done that — it even went as far as to call its software “proprietary,” and seemingly tried to hide the fact that it was based on Mastodon. Now that the Truth has been revealed, however, TMTG will either have to rebuild it without using Mastodon’s code — a tall order, as bootstrapping a social network site isn’t particularly easy — or release its source code and change the terms of service.
Now it will be interesting to see what Trump’s team does. Do the publish the code or start over scratch? And it will be interesting to see what Mastodon does if Trump’s team doesn’t comply. I am betting the word “lawsuit” will enter the conversation.
Stay tuned folks.
Toronto Transit Commission Pwned By Ransomware
Posted in Commentary with tags Hacked on October 30, 2021 by itnerdNobody is immune from getting pwned by ransomware. And the Toronto Transit Commission illustrates this as it’s come to light that it’s the victim of a ransomware attack:
Staff from the Toronto Transit Commission, along with external cybersecurity experts, continue to investigate and troubleshoot a systemwide ransomware attack.
The TTC says the personal information of riders and employees is safe, but service is still being impacted.
Customers will have trouble planning their trips online — ‘next vehicle’ information is unavailable — but there has not been any significant service disruptions to any TTC routes.
According to the TTC, they experienced loss of their Vision system which is used to communicate with vehicle operators, forcing them to use a backup radio system. They also lost vehicle information used to update trip planning apps and Wheel-Trans bookings were unavailable. Internal email service was also affected.
Given that the Toronto Transit Commission serves up a couple million rides a day, this is not trivial. Hopefully two things happens. One: They recover from this quickly. Two: They figure out how the hackers got in and perpetrated this attack so that they are never a victim again.
UPDATE: Darktrace‘s Director of Strategic Threat, Marcus Fowler, has the following comment:
As transit systems bounce back from the massive lull in ridership during the pandemic, they become an enticing target for ransomware actors. Anytime a ransomware attack can create a real-world impact, such as long lines or service disruption, cyber-criminals will likely demand higher ransom, with the expectation that victims will pay quickly. For the Toronto Transit Commission (TTC), thankfully, they reported no significant transit service disruption.
Interestingly, the TTC reported its security team detected unusual network activity Thursday night, and impact was minimal until midday Friday, when the attackers broadened their operations on network servers. When it comes to cyber disruptions, this is a critical point in the attack process. Identifying the intrusion is only the beginning of incident response.
Without the ability for an organization’s digital infrastructure to autonomously defend itself and disrupt the attacker, bad actors can pivot operations and immediately launch file encryption. Security teams find themselves in a race against time; time to detection, time to meaning, and time to response dictate success or failure for these teams. Those not automating portions of this chain to augment their human workforce will find it harder and harder to prevent business disruptions.
1 Comment »