Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Missouri prosecutor declines to file charges over ‘hacker’ allegation against reporter

Missouri’s public prosecutor has decided not to file charges against a journalist accused of illegal hacking over his disclosure of security vulnerabilities in a state government-run website.

St. Louis Post-Dispatch reporter Josh Renaud expressed “relief” at the news but said the allegations made against him by Missouri governor Mike Parson in October 2021 could have a “chilling effect” on the good-faith reporting of security flaws.

The accusations centred on Renaud’s discovery of a problem in a domain maintained by the Missouri Department of Elementary and Secondary Education (DESE) that potentially exposed more than 100,000 Social Security numbers (SSNs) belonging to teachers and other school staff.

In a story published on October 13, the St. Louis Post-Dispatch revealed that it had notified DESE of the vulnerability and delayed publication of the findings to give the agency time to secure the exposed data.

A number of cybersecurity experts said at the time that this approach to vulnerability disclosure accorded with how professional security researchers routinely alert businesses to security flaws.

Some noted that Renaud’s actions did not even constitute ‘hacking’, since he had simply viewed the site’s HTML source code, which was leaking the sensitive data – something easily done using web browsers’ built-in functionality.

Nevertheless, Governor Parson labelled Renaud a “hacker”, claimed he had violated state computer crime laws, and referred the matter to the Missouri State Highway Patrol, which investigated the episode and relayed its findings to Cole County prosecutor Locke Thompson.

However, four months later, on Friday (February 11), Thompson told television station KRCG that he would not be filing charges.

‘Political persecution’

“This decision is a relief. But it does not repair the harm done to me and my family,” Renaud said in a statement (PDF).

“My actions were entirely legal and consistent with established journalistic principles. Yet Gov. Mike Parson falsely accused me of being a ‘hacker’ in a televised press conference, in press releases sent to every teacher across the state, and in attack ads aired by his political action committee. He ordered the Highway Patrol to begin a criminal investigation, forcing me to keep silent for four anxious months.

Renaud continued: “This was a political persecution of a journalist, plain and simple. Despite this, I am proud that my reporting exposed a critical issue, and that it caused the state to take steps to better safeguard teachers’ private data.”

According to the Kansas City Star, Mike Parson’s spokesperson Kelli Jones commented: “The state did its part by investigating and presenting its findings to the Cole County Prosecutor, who has elected not to press charges, as is his prerogative.”

Chilling effect

Renaud also warned that the case could have an adverse impact on the reporting of other security bugs.

“I am concerned that the governor’s actions have left the state more vulnerable to future bad actors,” he said. “His [Parson’s] high-profile threats of legal retribution against me and the Post-Dispatch likely will have a chilling effect, deterring people from reporting security or privacy flaws in Missouri, and decreasing the chance those flaws get fixed.”

The Daily Swig has invited the office of Missouri governor Mike Parson to comment further on the prosecutor’s decision not to pursue charges. We will update this article if and when we receive a response.

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/missouri-prosecutor-declines-to-file-charges-over-hacker-allegation-against-reporter

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

Actors linked to adversarial nations — namely China and Russia — worked across platforms to push inaccurate content, according to a report released Tuesday....

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Business News

The European Anti-Fraud Office (OLAF) has put forth a recommendation to halt the €140 million renovation project for the Kostenets-Septemvri railway in Bulgaria, while...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO