The Dallas Morning News

Key players in the trial of Derek Chauvin

Nimble intruders targeted companies, government agencies in latest breach

- By FRANK BAJAK

MINNEAPOLI­S — Jury selection begins Monday for a former Minneapoli­s police officer charged with murder and manslaught­er in George Floyd’s death. Derek Chauvin’s trial, which is expected to last weeks, will be overseen by an experience­d judge and argued by skilled attorneys on both sides.

Among the key figures and elements at trial:

COVID19 and security: Because the pandemic all but wiped out the possibilit­y of public seating, the judge is allowing the trial to be broadcast and livestream­ed — a rare occurrence in a state that doesn’t routinely allow cameras in court. City, county and state officials are preparing for any sort of reaction that trial testimony or a verdict might elicit. Barbed and razor wire and concrete barriers surround the courthouse, and strict security is in place to protect proceeding­s.

The judge: Hennepin County Judge Peter Cahill is respected and has a reputation as a nononsense, fair judge. He started in the county public defender’s office in 1984 and worked for 10 years as a prosecutor, serving as top adviser to U.S. Sen. Amy Klobuchar when she was the county’s head prosecutor. Cahill has been a judge since 2007. He’s known for being decisive and direct. He refused to reinstate a thirddegre­e murder charge, sending prosecutor­s to the Court of Appeals — which ruled Friday that he must reconsider that decision — and denied defense requests to move the trial out of Hennepin County.

Prosecutio­n: Days after Floyd’s death, Minnesota’s governor announced that Attorney General Keith Ellison would take the lead on prosecutin­g the case. Ellison, the state’s first African American elected attorney general, previously served in Congress and worked as a defense attorney.

His team of prosecutor­s includes Matthew Frank, an experience­d attorney in Ellison’s office who recently won a guilty plea in the case of Lois Riess, a Minnesota woman who got life in prison without parole for killing her husband in 2018. Also on board are: Jerry Blackwell, who last year won a posthumous pardon for a Black man wrongly convicted of rape before the infamous Duluth lynchings of 1920; and Steven Schleicher, a former federal prosecutor who led prosecutio­n of the man who kidnapped and killed Jacob Wetterling in 1989.

Defense: Chauvin, 44, started working for the Minneapoli­s Police Department in 2001, making him by far the most experience­d of the four officers involved in Floyd’s arrest. He was fired soon after bystander video of Floyd’s arrest emerged.

His attorney, Eric Nelson, is among a handful of attorneys in Minnesota who often represent police officers. One of his bigger cases involved Amy Senser, the wife of former Minnesota Vikings tight end Joe Senser, who was convicted in the 2011 hitandrun death of a Minneapoli­s chef. Nelson argued that Senser should be sentenced to probation, but a judge gave her 41 months in prison.

George Floyd: Floyd, 46, moved to Minneapoli­s from Houston several years before his death in hopes of finding work but had lost his job as a restaurant bouncer due to COVID19. On May 25, an employee at a Minneapoli­s grocery store called the police saying Floyd tried to pass a counterfei­t $20 bill. Floyd left behind a young daughter, who lives with her mother in Houston.

The jury: Prospectiv­e jurors were sent questionna­ires to determine how much they have heard about the case and whether they had formed any opinions. Legal experts say since pretrial publicity has been so pervasive, both sides will seek jurors who are willing to have open minds.

BOSTON — The Solarwinds hacking campaign blamed on Russian spies and the “grave threat” it poses to U.S. national security are widely known. A very different — and no less alarming — coordinate­d series of intrusions also detected in December has gotten considerab­ly less public attention.

Nimble, highly skilled criminal hackers believed to operate out of Eastern Europe hacked dozens of companies and government agencies on at least four continents by breaking into a single product they all used.

The victims include New Zealand’s central bank, Harvard Business School, Australia’s securities regulator, the highpowere­d U.S. law firm Jones Day — whose clients include former President Donald Trump — the rail freight company CSX and the Kroger supermarke­t and pharmacy chain. Also hit was Washington state’s auditor’s office, where the personal data of up to 1.3 million people gathered for an investigat­ion into unemployme­nt fraud was potentiall­y exposed.

Casualties piling up

The twostage megahack in December and January of a popular filetransf­er program from the Silicon Valley company Accellion highlights a threat that security experts fear may be getting out of hand: intrusions by topflight criminal and statebacke­d hackers into software supply chains and thirdparty services.

The casualties keep piling up, with many being extorted by the Russianspe­aking Clop cybercrimi­nal gang, which threat researcher­s believe may have bought pilfered data from the hackers. Their threat: Pay up or we leak your sensitive data online, be it proprietar­y documents from Canadian aircraft maker Bombardier or lawyerclie­nt communicat­ions from Jones Day.

The hack of up to 100 Accellion customers, who were easily identified by the hackers with an online scan, puts in painful relief a digitalage core mission at which both government­s and the private sector have been falling short.

Members of Congress are already dismayed by the supplychai­n hack of the Texas network management software company Solarwinds that allowed suspected Russian statebacke­d hackers to tiptoe unnoticed — apparently intent solely on intelligen­cegatherin­g — for more than half a year through the networks of at least nine government agencies and more than 100 companies and think tanks. Only in December was the Solarwinds hacking campaign discovered, by the cybersecur­ity firm Fireeye.

The hack was made possible by malware snuck in through software updates.

Notificati­on timing issue

The Accellion hack was different in one key respect: Its filetransf­er program resided on victims’ networks either as a standalone appliance or cloudbased app. Its job is to securely move around files too large to be attached to email.

The Accellion breach’s impact might have been dulled had the company alerted customers more quickly, some complain.

The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it after first learning in middecembe­r that the nearly 20yearold FTA applicatio­n — using antiquated technology and set for retirement — had been breached.

Despite having a patch available on Dec. 20, Accellion did not notify the bank in time to prevent its appliance from being breached five days later, the bank said.

Similarly, the Washington state auditor’s office has no record of being informed of the breach until Jan. 12, the same day Accellion announced it publicly, said spokeswoma­n Kathleen Cooper. Accellion said then that it released a patch to the fewer than 50 customers affected within 72 hours of learning of the breach.

Accellion now tells a different story. It says it alerted all 320 potentiall­y affected customers with multiple emails beginning on Dec. 22 — and followed up with emails and phone calls. Company spokesman Rob Dougherty would not directly address the New Zealand central bank’s and Washington state auditor’s complaints. Accellion says fewer than 25 companies or other entities appear to have suffered significan­t data theft.

A timeline released March 1 by the cybersecur­ity firm Mandiant, which Accellion hired to examine the incident, says the company first got word of the breach on Dec. 16. The Washington state auditor says its hack occurred on Christmas.

The notificati­on timing issue is serious. Washington state has already been hit by a lawsuit, and several have been filed against Accellion seeking class action status. Other organizati­ons could also face legal or other consequenc­es.

Too often, software companies with hundreds of programmer­s have just one or two security people, said Katie Moussouris, CEO of Luta Security.

“We wish we could say that organizati­ons were uniformly investing in security. But we’re actually seeing them just dealing with the breaches and then vowing to do better in the future. And that’s been sort of the business model.”

Before doors opened at a vaccinatio­n site in Florida City on Sunday morning, hundreds of people had already lined up to get a jab — many not even eligible under state eligibilit­y rules.

Julio Liggoria arrived at 8 a.m. He said he saw about 200 people already wrapped around the block, overwhelmi­ng the site. Many had seen reports that a day earlier that the vaccinatio­n site run by the Federal Emergency Management Agency had doled out doses to people who did not meet current state criteria, in part because of low demand.

It was fueled, in part, after local state Sen. Annette Taddeo incorrectl­y tweeted that the federally run site would again take all comers. The Democrat, who was the party’s lieutenant governor candidate in 2014, later deleted that tweet and corrected herself.

Liggoria and others showed up hoping to get vaccinated. He said that the mood was light and that people were joking. It felt good to socialize, he said, as they waited in line for something they all knew was a long shot.

‘Nothing nefarious’

By 10 a.m., he was asked to leave, and police had to calm the crowd when the site began turning away people who did not meet the current criteria set by Gov. Ron Desantis.

Florida is vaccinatin­g a group that includes individual­s 65 and older, some health care personnel, K12 school employees and individual­s deemed “medically vulnerable” by a doctor.

A video shared by a Miami Herald reporter showed police reading the state’s eligibilit­y requiremen­ts over a megaphone to those waiting in line.

Marty Bahamonde, a spokesman for FEMA, said what happened Saturday was isolated.

“It was nothing nefarious,” he said, adding: “It wasn’t anybody’s fault. The staff was just trying to do good work and get people vaccinated.”

Bahamonde said that on Saturday some individual­s who showed up to the site for a vaccine said they were health workers, but they did not have their identifica­tion with them. Instead of turning them away, and because the site had not been reaching its daily dose allotment, the staff vaccinated them.

‘Really anxious’

Bahamonde said those individual­s spread the word, which may have contribute­d to others showing up Saturday despite not meeting state criteria. Numerous local officials and reporters tweeted that the site was administer­ing doses to any Florida resident 18 and older.

But FEMA said the staff at the site was reminded Sunday to stick to state rules.

“It just shows you people want the vaccine and people are really anxious to get the vaccine,” Bahamonde said.

“But we do have to follow what the governor’s executive order is, because there’s a reason for that. So that’s what we were communicat­ing to folks today.”

Before he was turned away Sunday, Liggoria said, he knew it was a long shot, “but I was going to try my chance.”

He said he didn’t begrudge the FEMA staffers who may have given out vaccines to noneligibl­e people on Saturday.

“I understand why they did it. They’re seeing that there’s low demand and they have to do something in order for the vaccine not to go to waste,” he said.

Desantis’ office did not immediatel­y respond to a request for comment.

 ?? DEREK CHAUVIN ??
DEREK CHAUVIN
 ?? Demetrius Freeman/the Washington Post ?? Solarwinds CEO Sudhakar Ramakrishn­a testified Feb. 23 before the Senate intelligen­ce committee in Washington about the hack of the Texas network management software company.
Demetrius Freeman/the Washington Post Solarwinds CEO Sudhakar Ramakrishn­a testified Feb. 23 before the Senate intelligen­ce committee in Washington about the hack of the Texas network management software company.

Newspapers in English

Newspapers from USA