Mayor Lori Lightfoot on Monday accused a hacker gang of demanding ransom — from the city and a private law firm hired to investigate a botched police raid — in exchange for keeping secret a massive cache of City Hall emails that are now getting widespread attention.
The ransom demands weren’t met and the emails were ultimately posted to the “dark web,” a shadowy portion of the internet that’s a haven for cybercriminals. Last month, Distributed Denial of Secrets, a nonprofit whistleblower group likened to WikiLeaks, republished the massive document dump, which lifts the veil on some of the inner workings of the Lightfoot administration.
On Monday, the mayor declined to answer questions about the content of the emails as she tried to walk a political tightrope on the issue.
She alternately questioned the legitimacy of the emails, claimed they were taken out of context and urged reporters to be “very, very cautious” before drawing any conclusions.
But she was equally determined not to “credit” the hackers as a “credible news source” when, she claims, the whole episode was part of an extortion plot.
“This entity that supposedly hacked these emails tried to get a ransom from Jones Day [law firm], which was not paid, and then, from the city, which we obviously didn’t pay,” the mayor said at an unrelated news conference on vaccination clinics at downtown office buildings.
“I would just be very, very cautious. I’ve seen this happen in other instances. I’ve seen it from my perspective as a lawyer representing clients. Oftentimes, what happens is, you get things either out of context or they’ve been manipulated to make a particular political statement. So, I’m not gonna be commenting on specific emails, things that may be extrapolated out.”
Lightfoot went on to say that there is “no way knowing whether or not these emails are, in fact, legitimate.” Even if they are legitimate and they trigger a stream of stories about how her administration operates and makes decisions, the mayor made it clear she would not be making additional comment.
“As somebody who has committed a federal crime of stealing emails, I don’t want to credit them as a credible news source. So I won’t be commenting on any specifics related to that,” Lightfoot said.
The Sun-Times on Monday reported Sunday that some of the hacked emails show how Lightfoot sat on recommendations to change how fatal shootings by police were probed to comply with state law. The current investigators, with the Civilian Office of Police Accountability, aren’t sworn law enforcement, as required.
The emails were posted online on April 19 by Distributed Denial of Secrets, or DDoSecrets, which has facilitated other recent high-profile data dumps. An unrelated hacker gang initially stole the files during a series of data breaches that swept up sensitive information from corporations, universities and government bodies.
Freddy Martinez, a local activist and member of DDoSecrets’ board, said his team discovered the files online and posted the voluminous collection of emails after realizing they contained information “the public should know.” DDoSecrets said the decision to publish the emails was a direct response to the fatal police shooting of 13-year-old Adam Toledo.
DDoSecrets said the emails were swiped from accounts belonging to Susan Lee, the former deputy mayor of public safety; Patrick Mullane, Lightfoot’s former deputy press secretary; Tamika Puckett, the city’s former chief risk officer; and Anjali Julka, the former Freedom of Information Act officer for the mayor’s office. But the cache apparently includes emails authored by a host of city officials, including Lightfoot.
Kristen Cabanban, a spokeswoman for the city’s Law Department, didn’t immediately raise concerns about the authenticity of the hacked files when she responded on April 21 to a Sun-Times inquiry about the data breach.
But on Friday, shortly before the city issued a news release about the hack, Cabanban said city agencies wouldn’t comment on the content of the emails.
Cabanban previously said city officials learned of the breach on Feb. 11 and immediately notified federal law enforcement.
The hacked files, which also include roughly 50,000 documents and nearly 750,000 images, were taken during recent data breaches targeting Accellion, a firewall vendor whose dated file-sharing network was compromised by organized cybercriminals.
Clop, the ransomware crew that claimed responsibility for the hack, has used the stolen data as a means for extortion, threatening to make information public while negotiating for huge payoffs to make it disappear. Security researchers believe the group is based somewhere in the former Soviet Union.
The emails from members of Lightfoot’s administration were taken when the hackers targeted Accellion and stole files from Jones Day. Jones Day didn’t respond to repeated requests about the breach.
Contributing: Tom Schuba