Type to search

Effects

Cyber ​​security expert apologizes from Missouri governor on hacking allegations

Share

A cybersecurity expert due for investigation by Missouri Governor Mike Parson calls for a public apology and payment of his legal aid and reputational costs.

Shaji Khan, Associate Professor at the University of Missouri-St. Louis and the director of his Cybersecurity Institute called for the claim in a letter sent Thursday by attorney Elad Gross to Parson’s office, several state and local agencies, and a political committee that supports Parson.

The letter requests that the “Missouri Administration, the Missouri Department of Elementary and Secondary Education, Gov. Mike Parson, Commissioner Margie Vandeven, and Uniting Missouri PAC publish separate, detailed, and public apologies to Professor Khan on their respective websites, with Missouri and national press offices, on social media sites, and anyone that the parties are wrong Communicated allegations. “

Khan was a source used by the St. Louis Post-Dispatch for a story about how a Department of Elementary and Secondary Education website provided access to social security numbers for educators. The letter said he helped the newspaper after it agreed to withhold any story about the security issue until it was addressed and the teachers’ social security numbers were no longer exposed to the public.

“Professor Khan is a respected expert in his field who has repeatedly served the state of Missouri and its people with valuable service,” wrote Gross. “The state, its officials, and their political operations have no reason to defame and harass a private individual who has helped protect teachers in Missouri.”

The letter is a “litigation retention request and solicitation” sent by attorneys to potential litigation victims to warn them to keep their records or face sanctions in court.

On the day the Post-Dispatch story was published, Parson called reporters into his office to read a statement accusing the reporter and those accused of investigating the hackers found to be prosecuted , were read aloud. He didn’t take any questions.

“This government stands up against all perpetrators who try to steal personal information and harm Missourians,” said Parson.

In Thursday’s letter, Gross demanded that “Gov. Mike Parson calls and broadcasts another press conference to apologize to Professor Khan, and shares and maintains the video on the governor’s social media pages.

Parson’s office did not respond to a request for comment on the letter.

In his statement last week, Parson directed the Missouri State Highway Patrol to investigate and said he had notified Cole County Attorney Locke Thompson.

Last Friday, Khan received a call from the patrol, the letter said.

“The soldier confirmed that the interview took into account statements made by Professor Khan to the St. Louis Post-Dispatch,” Gross wrote.

Gross told The Independent that Khan called him and the interview has not yet taken place.

“The interview will take place,” he said. “We’re cooperating and it looks like it will happen on Monday.”

When asked for information on the state of the investigation, the patrol spokesman Lt. Eric Brown that these are still ongoing and cannot comment further.

Thompson told The Independent earlier this week that the timetable for the investigation is in the hands of the patrol.

Parson’s request for prosecution of the reporter and others involved in the story met bipartisan criticism.

“Journalists who responsibly raise privacy alarms are not criminal hacking,” tweeted Republican Tony Lovasco, a Republican who worked in software development. Crystal Quade, the Springfield Democratic chairwoman, said the problem was poor security on state websites, not journalists seeing a weakness.

The social security numbers were available through a public website that allowed users to verify educator credentials. The website is currently deactivated.

To verify that the numbers were being used in such a way that they would be available to anyone visiting the site, Gross wrote, Khan took three standard security checking steps after reaching the site. No login was required to search the certified educators database.

Khan looked at the source code and identified “a suspicious piece” of the code. He copied it into a text document that revealed the social security number of the person found in the search.

“This entire process could be completed by anyone in a matter of minutes,” wrote Gross. “None of the data was encrypted, no passwords were required, and no steps were taken by the State of Missouri to protect its teachers’ Social Security numbers, which the state automatically sent to every website visitor.”

Uniting Missouri, a political action committee that supports Parson’s agenda, stood back on Wednesday against criticism of Parson’s calls for prosecution. The PAC produced a video in which the Post-Dispatch was attacked and stated that Parson was “obliged to bring anyone to justice who has received private information”.

Gross’ letter states that Uniting Missouri bought two blocks of ad on Facebook to promote the ad, which will target up to 15,000 Missourians. He demands that the PAC “produce another video apologizing to Professor Khan and buying ads to promote this video, as the organization is currently doing with its defamatory and fake video”.

John Hancock, chairman of Uniting Missouri, declined to comment on the letter.

Along with the Parson, Uniting Missouri Office, and Education Department, the letter was sent to the Office of Administration, Thompson, Patrol, Attorney General Eric Schmitt and Victory Enterprises, who manage Uniting Missouri’s Facebook account.

In addition to requests for an apology, the letter includes a legal analysis accusing the Ministry of Education of violating a law preventing agencies from disclosing individuals’ social security numbers in public databases.

The law against hacking, which Parson cited as the basis for law enforcement, requires intent to steal the information and does not make it a crime to report a data security problem, Gross wrote.

“The threat of prosecution by the government would have had a deterrent effect on people of ordinary strength and had such an effect on Professor Khan,” wrote Gross. “Professor Khan has already had to stop his normal dealings with media representatives. In addition, government retaliation will deter other Missourians from helping the state if they expose wrongdoing. “

Tags:

You Might also Like

Leave a Comment

Your email address will not be published. Required fields are marked *