zlacker

[return to "‘BlueLeaks’ Exposes Files from Hundreds of Police Departments"]
1. voiper+83[view] [source] 2020-06-22 12:04:25
>>itcrow+(OP)
>“Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”

So they are spinning it as a user's fault? Not the fault of Netsential for allowing malicious content to be a problem...

◧◩
2. joekri+H5[view] [source] 2020-06-22 12:29:47
>>voiper+83
That's the first thing I thought, too - sounds like they are trying to spin it as some malicious user "broke in". If a "customer user account" is able to upload a malicious payload and exfiltrate huge amounts of other customers' data, there's a much larger, underlying problem here. Hard to see how Netsential could get through this fiasco and still have any business.
◧◩◪
3. Cthulh+sr[view] [source] 2020-06-22 14:46:45
>>joekri+H5
Legally speaking, if you find a bug and abuse it (to e.g. extract data), you're breaking the law; I know people don't want to hear it and want to protect whistleblowers, but it's factually illegal to steal data like this.

That's what whistleblowing is all about though; purposefully breaking the law or a contract (like an NDA) to expose shit. Some countries will protect whistleblowers, others have to flee and seek asylum abroad.

So don't deny whether or not law and/or contract was broken, instead focus on whether the action was justified. Yes the system was broken and open for exploitation, but the attack was not accidental: they intentionally uploaded a malicious payload, intentionally extracted data, and intentionally uploaded it to the internets.

◧◩◪◨
4. stjohn+lY1[view] [source] 2020-06-22 21:07:30
>>Cthulh+sr
Yes but "the law" cuts deals all the time to address bigger crimes. (for example)They let off a small time drug dealer with a couple months in jail for ratting out a hitman for the mafia. I think sometimes it takes lesser crimes to bring justice bigger crimes like police brutality and murders that go unprosecuted because cops/DAs protect one another. I think that might be the case here. Independent hacktivists can now comb through that data and find cops that have lots of repeats offenses that obviously show a pattern of abusing the system and citizens whereas before that couldn't happen because such information was hidden from the public.
[go to top]