The Dallas Morning News
Key players in the trial of Derek Chauvin
Nimble intruders targeted companies, government agencies in latest breach
MINNEAPOLIS — Jury selection begins Monday for a former Minneapolis police officer charged with murder and manslaughter in George Floyd’s death. Derek Chauvin’s trial, which is expected to last weeks, will be overseen by an experienced judge and argued by skilled attorneys on both sides.
Among the key figures and elements at trial:
COVID19 and security: Because the pandemic all but wiped out the possibility of public seating, the judge is allowing the trial to be broadcast and livestreamed — a rare occurrence in a state that doesn’t routinely allow cameras in court. City, county and state officials are preparing for any sort of reaction that trial testimony or a verdict might elicit. Barbed and razor wire and concrete barriers surround the courthouse, and strict security is in place to protect proceedings.
The judge: Hennepin County Judge Peter Cahill is respected and has a reputation as a nononsense, fair judge. He started in the county public defender’s office in 1984 and worked for 10 years as a prosecutor, serving as top adviser to U.S. Sen. Amy Klobuchar when she was the county’s head prosecutor. Cahill has been a judge since 2007. He’s known for being decisive and direct. He refused to reinstate a thirddegree murder charge, sending prosecutors to the Court of Appeals — which ruled Friday that he must reconsider that decision — and denied defense requests to move the trial out of Hennepin County.
Prosecution: Days after Floyd’s death, Minnesota’s governor announced that Attorney General Keith Ellison would take the lead on prosecuting the case. Ellison, the state’s first African American elected attorney general, previously served in Congress and worked as a defense attorney.
His team of prosecutors includes Matthew Frank, an experienced attorney in Ellison’s office who recently won a guilty plea in the case of Lois Riess, a Minnesota woman who got life in prison without parole for killing her husband in 2018. Also on board are: Jerry Blackwell, who last year won a posthumous pardon for a Black man wrongly convicted of rape before the infamous Duluth lynchings of 1920; and Steven Schleicher, a former federal prosecutor who led prosecution of the man who kidnapped and killed Jacob Wetterling in 1989.
Defense: Chauvin, 44, started working for the Minneapolis Police Department in 2001, making him by far the most experienced of the four officers involved in Floyd’s arrest. He was fired soon after bystander video of Floyd’s arrest emerged.
His attorney, Eric Nelson, is among a handful of attorneys in Minnesota who often represent police officers. One of his bigger cases involved Amy Senser, the wife of former Minnesota Vikings tight end Joe Senser, who was convicted in the 2011 hitandrun death of a Minneapolis chef. Nelson argued that Senser should be sentenced to probation, but a judge gave her 41 months in prison.
George Floyd: Floyd, 46, moved to Minneapolis from Houston several years before his death in hopes of finding work but had lost his job as a restaurant bouncer due to COVID19. On May 25, an employee at a Minneapolis grocery store called the police saying Floyd tried to pass a counterfeit $20 bill. Floyd left behind a young daughter, who lives with her mother in Houston.
The jury: Prospective jurors were sent questionnaires to determine how much they have heard about the case and whether they had formed any opinions. Legal experts say since pretrial publicity has been so pervasive, both sides will seek jurors who are willing to have open minds.
BOSTON — The Solarwinds hacking campaign blamed on Russian spies and the “grave threat” it poses to U.S. national security are widely known. A very different — and no less alarming — coordinated series of intrusions also detected in December has gotten considerably less public attention.
Nimble, highly skilled criminal hackers believed to operate out of Eastern Europe hacked dozens of companies and government agencies on at least four continents by breaking into a single product they all used.
The victims include New Zealand’s central bank, Harvard Business School, Australia’s securities regulator, the highpowered U.S. law firm Jones Day — whose clients include former President Donald Trump — the rail freight company CSX and the Kroger supermarket and pharmacy chain. Also hit was Washington state’s auditor’s office, where the personal data of up to 1.3 million people gathered for an investigation into unemployment fraud was potentially exposed.
Casualties piling up
The twostage megahack in December and January of a popular filetransfer program from the Silicon Valley company Accellion highlights a threat that security experts fear may be getting out of hand: intrusions by topflight criminal and statebacked hackers into software supply chains and thirdparty services.
The casualties keep piling up, with many being extorted by the Russianspeaking Clop cybercriminal gang, which threat researchers believe may have bought pilfered data from the hackers. Their threat: Pay up or we leak your sensitive data online, be it proprietary documents from Canadian aircraft maker Bombardier or lawyerclient communications from Jones Day.
The hack of up to 100 Accellion customers, who were easily identified by the hackers with an online scan, puts in painful relief a digitalage core mission at which both governments and the private sector have been falling short.
Members of Congress are already dismayed by the supplychain hack of the Texas network management software company Solarwinds that allowed suspected Russian statebacked hackers to tiptoe unnoticed — apparently intent solely on intelligencegathering — for more than half a year through the networks of at least nine government agencies and more than 100 companies and think tanks. Only in December was the Solarwinds hacking campaign discovered, by the cybersecurity firm Fireeye.
The hack was made possible by malware snuck in through software updates.
Notification timing issue
The Accellion hack was different in one key respect: Its filetransfer program resided on victims’ networks either as a standalone appliance or cloudbased app. Its job is to securely move around files too large to be attached to email.
The Accellion breach’s impact might have been dulled had the company alerted customers more quickly, some complain.
The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it after first learning in middecember that the nearly 20yearold FTA application — using antiquated technology and set for retirement — had been breached.
Despite having a patch available on Dec. 20, Accellion did not notify the bank in time to prevent its appliance from being breached five days later, the bank said.
Similarly, the Washington state auditor’s office has no record of being informed of the breach until Jan. 12, the same day Accellion announced it publicly, said spokeswoman Kathleen Cooper. Accellion said then that it released a patch to the fewer than 50 customers affected within 72 hours of learning of the breach.
Accellion now tells a different story. It says it alerted all 320 potentially affected customers with multiple emails beginning on Dec. 22 — and followed up with emails and phone calls. Company spokesman Rob Dougherty would not directly address the New Zealand central bank’s and Washington state auditor’s complaints. Accellion says fewer than 25 companies or other entities appear to have suffered significant data theft.
A timeline released March 1 by the cybersecurity firm Mandiant, which Accellion hired to examine the incident, says the company first got word of the breach on Dec. 16. The Washington state auditor says its hack occurred on Christmas.
The notification timing issue is serious. Washington state has already been hit by a lawsuit, and several have been filed against Accellion seeking class action status. Other organizations could also face legal or other consequences.
Too often, software companies with hundreds of programmers have just one or two security people, said Katie Moussouris, CEO of Luta Security.
“We wish we could say that organizations were uniformly investing in security. But we’re actually seeing them just dealing with the breaches and then vowing to do better in the future. And that’s been sort of the business model.”
Before doors opened at a vaccination site in Florida City on Sunday morning, hundreds of people had already lined up to get a jab — many not even eligible under state eligibility rules.
Julio Liggoria arrived at 8 a.m. He said he saw about 200 people already wrapped around the block, overwhelming the site. Many had seen reports that a day earlier that the vaccination site run by the Federal Emergency Management Agency had doled out doses to people who did not meet current state criteria, in part because of low demand.
It was fueled, in part, after local state Sen. Annette Taddeo incorrectly tweeted that the federally run site would again take all comers. The Democrat, who was the party’s lieutenant governor candidate in 2014, later deleted that tweet and corrected herself.
Liggoria and others showed up hoping to get vaccinated. He said that the mood was light and that people were joking. It felt good to socialize, he said, as they waited in line for something they all knew was a long shot.
By 10 a.m., he was asked to leave, and police had to calm the crowd when the site began turning away people who did not meet the current criteria set by Gov. Ron Desantis.
Florida is vaccinating a group that includes individuals 65 and older, some health care personnel, K12 school employees and individuals deemed “medically vulnerable” by a doctor.
A video shared by a Miami Herald reporter showed police reading the state’s eligibility requirements over a megaphone to those waiting in line.
Marty Bahamonde, a spokesman for FEMA, said what happened Saturday was isolated.
“It was nothing nefarious,” he said, adding: “It wasn’t anybody’s fault. The staff was just trying to do good work and get people vaccinated.”
Bahamonde said that on Saturday some individuals who showed up to the site for a vaccine said they were health workers, but they did not have their identification with them. Instead of turning them away, and because the site had not been reaching its daily dose allotment, the staff vaccinated them.
Bahamonde said those individuals spread the word, which may have contributed to others showing up Saturday despite not meeting state criteria. Numerous local officials and reporters tweeted that the site was administering doses to any Florida resident 18 and older.
But FEMA said the staff at the site was reminded Sunday to stick to state rules.
“It just shows you people want the vaccine and people are really anxious to get the vaccine,” Bahamonde said.
“But we do have to follow what the governor’s executive order is, because there’s a reason for that. So that’s what we were communicating to folks today.”
Before he was turned away Sunday, Liggoria said, he knew it was a long shot, “but I was going to try my chance.”
He said he didn’t begrudge the FEMA staffers who may have given out vaccines to noneligible people on Saturday.
“I understand why they did it. They’re seeing that there’s low demand and they have to do something in order for the vaccine not to go to waste,” he said.
Desantis’ office did not immediately respond to a request for comment.