Connect with us

Biz & IT

Charter has 230 infected employees after resisting work-at-home requests

Published

on

Enlarge / A Charter Spectrum vehicle.

More than 230 Charter employees have tested positive for COVID-19, and at least two have died, The New York Times reported today.

New York Attorney General Letitia James’ office has opened an inquiry into Charter’s labor practices and management of employees during the pandemic, a spokesperson for James confirmed to Ars today.

Charter has faced numerous complaints from employees about the company’s refusal to let them work from home during the pandemic. The cable company partially backed away from its strict rules on March 20, saying it would let up to 40 percent of call-center employees do remote work. But Charter’s slow reaction to the pandemic—while the similarly situated Comcast moved aggressively to get employees into work-at-home situations—may have contributed to the spread of coronavirus in the company.

“Of the [Charter] Spectrum employees who tested positive for COVID-19, roughly half worked in offices or call centers… at least two Spectrum field workers have died,” the Times reported, citing an anonymous source.

“Any worker who has tested positive for COVID-19 is given two weeks of paid sick leave,” a Charter spokesperson said, according to the Times. Charter has 95,000 employees in 41 states, including about 40,000 in call centers and offices, and 55,000 who “deal with customers face to face as field technicians or retail employees,” the Times wrote.

Charter has apparently expanded work-at-home rights since its March 20 announcement. A Charter spokesperson told Ars today that “the significant majority of our office and call-center employees are working from home.” Charter declined to provide details on the number of illnesses and deaths from COVID-19 at the company, and it declined to comment on the New York attorney general’s inquiry.

“Breeding ground for germs”

Charter CEO Tom Rutledge angered employees last month when he issued a memo telling them to keep coming to the office even if their jobs can be performed from home, because people “are more effective from the office.” In mid-March, we talked to several Charter employees who complained that they should be able to work at home instead of in call centers; one employee described a call center as “an absolute nightmare breeding ground for germs.” Several Charter office buildings were shut down temporarily to be disinfected after employees got sick. Charter also faced criticism last month for giving its cable technicians $25 restaurant gift cards instead of hazard pay for going into customer homes during the pandemic.

Charter yesterday announced that it won’t do any layoffs or furloughs “for at least the next 60 days.” Other previously announced concessions to workers included pay increases “for all hourly workers from $15 to $20 over the next two years with an immediate increase of $1.50 an hour for the frontline field and customer operations employees and an additional $1.50 starting March 2021.” Charter is also offering “three weeks of COVID-19-related flex time” and upgraded health plans “to waive costs for diagnostic testing services and telehealth visits for 90 days.”

“Employees may take those [three weeks of flex time] off, though salaried workers have been encouraged to use that time to work remotely,” the Times wrote.

A month-old petition on Change.org urging Rutledge to let more employees work remotely has received about 7,800 signatures. “There are a lot of us who are in the high-risk group due to old age and you are putting us and our families at risk of getting exposed to this virus,” the petition said.

Continue Reading

Biz & IT

A white supremacist website got hacked, airing all its dirty laundry

Published

on

Enlarge / Patriot Front members spray painting in Springfield, IL.

Unicornriot.ninja

Chat messages, images, and videos leaked from the server of a white supremicist group called the Patriot Front purport to show its leader and rank-and-file members conspiring in hate crimes, despite their claims that they were a legitimate political organization.

Patriot Front, or PF, formed in the aftermath of the 2017 Unite the Right rally, a demonstration in Charlottesville, Virginia, that resulted in one death and 35 injuries when a rally attendee rammed his car into a crowd of counter-protesters. PF founder Thomas Rousseau, started the group after an image posted online showed the now-convicted killer, James Alex Fields, Jr., posing with members of Vanguard America shortly before the attack. Vanguard America soon dissolved, and Rousseau rebranded it as PF with the goal of hiding any involvement in violent acts.

Since then, PF has strived to present itself as a group of patriots who are aligned with the ideals and values of the founders who defeated the tyranny of British colonists in the 18th century and paved the way for the United States to be born. In announcing the the formation of PF in 2017, Rousseau wrote:

The new name was carefully chosen, as it serves several purposes. It can help inspire sympathy among those more inclined to fence-sitting, and can be easily justified to our ideology [sic] and worldview. The original American patriots were nothing short of revolutionaries. The word patriot itself comes from the same root as paternal and patriarch. It means loyalty to something intrinsically based in blood.

Turbo cans and rubber roofing cement

But a published report and leaked data the report is based on present a starkly different picture. The chat messages, images, and videos purport to show Rousseau and other PF members discussing the defacing of numerous murals and monuments promoting Black Lives Matter, LGBTQ groups, and other social justice causes.

This chat, for instance, appears to show a PF member discussing the targeting of a civil rights mural in Detroit. When a member asks what the best way is to fully cover up a mural with paint, Rousseau is shown replying “It’s in the stencil guide. Turbo cans.” The stencil guide refers to these instructions provided to PF members showing how to effectively use spray paint and not get caught. The PF member also sent Rousseau pictures taken while scouting the mural.

When a different member discussed whether rubber roofing cement was suitable to covering a George Floyd memorial that had been treated with anti-graffiti clear coating, Rousseau allegedly responded: “Keep me posted as to your research and practice with this substance. Orders will be given out at the event.”

The data dump also appears to document the defacing of a monument in Olympia, Washington.

What it looked like before.
Enlarge / What it looked like before.

Unicorn.ninja

What it looked like after.
Enlarge / What it looked like after.

Unicorn.ninja

The leaked data purports to show a range of other illegal activities the group discussed. They include Rousseau informing members planning a rally in Washington DC that one participant will call 911 from a burner phone and make a false report to authorities.

“He will cite that there is a protest, he sees shields BUT NO WEAPONS, and everyone involved appears to be behaving peacefully, waving and handing out flyers, nonetheless he is a concerned citizen and suggests the police take a look into it to ensure everyone’s civil rights are safe,” Rousseau appeared to write. “He will add that it looks like we just arrived from the metro. This will soften the police up before our big visual contact on the bridge, and provide a little confusion and misinfo that’s within the realm of honest dialogue.”

Attempts to reach Rousseau or other PF members didn’t succeed.

Friday’s published report said that the leak comprised about 400 gigabytes of data and came from a self-hosted instance of RocketChat, an open source chat server that’s similar to Slack and Discord. It’s only the latest example of a hate group being hacked and its private discussions being dumped online. In 2019, the breach of the Iron March website revealed, among other things, that many of its members were members of the US Marines, Navy, Army, and military reserves.

Continue Reading

Biz & IT

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Published

on

Getty Images

Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system.

The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the WordPress.com hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected.

Unknowingly providing access to the attacker

In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and plugins were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on WordPress.org, the official developer site for the WordPress project, remained clean.

“Users who used software obtained directly from the AccessPress website unknowingly provided attackers with backdoor access, resulting in an unknown number of compromised websites,” Ben Martin, a researcher with Web security firm Sucuri, wrote in a separate analysis of the backdoor.

He said the tainted software contained a script named initial.php that was added to the main theme directory and then included in the main functions.php file. Initial.php, the analysis shows, acted as a dropper that used base64 encoding to camouflage code that downloaded a payload from wp-theme-connect[.]com and used it to install the backdoor as wp-includes/vars.php. Once it was installed, the dropper self-destructed in an attempt to keep the attack stealthy.

The Jetpack post said evidence indicates that the supply chain attack on AccessPress Themes was performed in September. Martin, however, said evidence suggests the backdoor itself is much older than that. Some of the infected websites had spam payloads dating back nearly three years. He said his best guess is that the people behind the backdoor were selling access to infected sites to people pushing web spam and malware.

He wrote, “With such a large opportunity at their fingertips, you’d think that the attackers would have prepared some exciting new payload or malware, but alas, it seems that the malware that we’ve found associated with this backdoor is more of the same: spam, and redirects to malware and scam sites.”

The Jetpack post provides full names and versions of the infected AccessPress software. Anyone running a WordPress site with this company’s offerings should carefully inspect their systems to ensure they’re not running a backdoored instance. Site owners may also want to consider installing a website firewall, many of which would have prevented the backdoor from working.

The attack is the latest example of a supply chain attack, which compromises the source of a legitimate piece of software rather than trying to infect individual users. The technique allows miscreants to infect large numbers of users, and it has the benefit of stealth, since the compromised malware originates from a trusted provider.

Attempts to contact AccessPress Themes for comment were unsuccessful.

Continue Reading

Biz & IT

Red Cross implores hackers not to leak data for 515k “highly vulnerable people”

Published

on

Getty Images

The Red Cross on Wednesday pleaded with the threat actors behind a cyberattack that stole the personal data of about 515,000 people who used a program that works to reunite family members separated by conflict, disaster or migration.

“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Robert Mardini, the director-general of the International Committee for the Red Cross, said in a release. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

Wednesday’s release said the personal data was obtained through the hack of a Switzerland-based subcontractor that stores data for the Red Cross. The data was compiled by at least 60 different Red Cross and Red Crescent National Societies worldwide. The ICRC said it has no “immediate indications as to who carried out this cyber-attack” and is so far unaware of any of the compromised information being leaked or shared publicly.

Those affected had used Restore Family Links, a service the Red Cross operates in cooperation with the Red Crescent to reunite families. On Wednesday, the site was down. The Internet Archive last updated it on December 27, raising the possibility of the breach occurring a few weeks ago.

The release provided few details about the attack. It’s not clear if it was done by profit-motivated ransomware criminals, nation-state hackers, or others. Over the past few years, a rash of ransomware breaches has hit healthcare providers, forcing them in many cases to reroute ambulances and cancel elective surgeries. In 2020, the ICRC helped lead a coalition that called on nations around the world to crack down on cyberattacks involving hospitals and healthcare providers.

Last September, the ICRC confirmed it was on the receiving end of a hack the previous April that compromised login credentials and other data that could be used to target agencies within the intergovernmental organization. The earliest known date the hackers obtained access to the UN’s systems, Bloomberg News reported, was April 5, and the hackers remained active through at least August. The breach came to light when private researchers noticed login credentials for sale on the dark web.

Continue Reading

Trending