Off the Kuff Rotating Header Image

May 5th, 2023:

And here we go with the list of potential successors to Rep. Allred

Right on time.

Rep. Colin Allred

Contenders are emerging to replace outgoing U.S. Rep. Colin Allred, who announced Wednesday that he’s running for Senate against Republican incumbent Ted Cruz.

Allred, a former NFL player, is in his third term representing the 32nd Congressional District, which includes northern Dallas and parts of the northeast suburbs.

Off and running to pick up the seat is Brian Williams, a Dallas trauma surgeon who has advocated for gun control on Capitol Hill. He also served as chairman of what was then the Citizens Police Review Board.

“The country is in crisis,” Williams, a Democrat, told The Dallas Morning News. “As an Air Force veteran, and as a trauma surgeon, I’ve always answered the call when there’s a crisis.”

State Rep. Julie Johnson, D-Farmers Branch, also is expected to join the race after the Texas legislative session ends in May. A campaign team, including potential donors, is beginning to take shape for Johnson, though she has not made an official decision.

Johnson was elected to the Legislature in 2018.

“I have truly loved serving the people of Texas in the Legislature,” Johnson said in a statement. “I won’t be making any decisions until the legislative session ends, but I am strongly considering a run for Congress so I can continue to fight for working families here in Texas.”

Dallas City Council member Adam Bazaldua, who represents the South Dallas-anchored District 7, has also been mentioned as a possible contender. Bazaldua, however, is focused on reelection to the City Council. Saturday is Election Day.

See here for the background. I’m a fan of Rep. Johnson, who has been a good legislator after knocking off a truly terrible Republican incumbent. I don’t know anything about the other two but I’m sure they’re fine. There will be plenty of time to get this all sorted. Several other Democratic State Reps from the Dallas area were also name-checked in this story, along with one – Sen. Nathan Johnson – who stated he will not be running. The July finance reports will surely tell us something, and I will be tracking it.

House Committee on General Investigations has its hearing

And honestly, that’s about all we know.

Rep. Bryan Slaton

State Rep. Bryan Slaton, the Royse City Republican accused of having an inappropriate relationship with a staffer, declined Thursday to discuss his attendance at a closed-door hearing of a House investigative panel that has been looking into the matter.

Slaton did not answer questions from reporters as he left the room where a due-process hearing was taking place. He was absent from the House floor as the investigative panel was meeting in a separate part of the Capitol.


The committee has kept its investigation under wraps, declining to name the lawmaker being investigated and referring to the investigation only as “Matter B” in public hearings. The committee was also believed to be looking into allegations of an “abusive and hostile” work environment by state Rep. Jolanda Jones, D-Houston.

The committee had scheduled the due-process hearing for 2 p.m. Around 1:30 p.m., lawmakers on the House floor announced a separate meeting of the committee in a different room at 1:45 p.m., when members voted unanimously to issue a subpoena in “Matter B” directing a man “to provide all relevant testimony and information concerning the committee’s inquiry” and to authorize the issuing of “one or more subpoenas for a part or portion of any relevant testimony or information as necessary to avoid overburdening a witness or the committee.”

The Tribune has not confirmed the identity of the man subpoenaed.

The committee also voted to authorize a sergeant-at-arms or an agent to issue the subpoena on behalf of the committee.

As the committee wrapped up that meeting, Slaton entered a nearby room, where the second committee hearing would take place, through a back entrance.

The committee members then walked across the hall for their 2 p.m. due-process hearing and almost immediately went into executive session, ordering members of the public to leave. About an hour later, Slaton was seen exiting the room through the same door he’d entered.

Around 4 p.m., the committee adjourned without making any decisions. State Rep. Andrew Murr, a Republican from Junction who leads the committee, declined comment on Slaton’s involvement in the hearing.

See here for the previous update. One might infer that the committee demonstrated more interest in Rep. Slaton than in Rep. Jones, but it may just be a reflection of the nature of the evidence or the progress of the investigations so far. It’s laudable that the committee has been able to maintain discretion so far, but it’s also frustrating. I have to assume that eventually we’ll find out more.

City of Dallas hit by ransomware attack

A bad day for them.

The city of Dallas said Wednesday afternoon they found a number of their servers compromised with ransomware.

The city’s security monitoring tools notified the Security Operations Center of the ransomware attack, the city said, and it was then confirmed that a number of servers were compromised, impacting areas such as the Dallas Police Department website.

The city is actively working to isolate the ransomware and prevent it from spreading, officials said, and to remove it from infected servers and restore services.

Impact on delivery of services to citizens is limited at the moment, the city said, but officials are working to assess the complete impact.

If anyone is experiencing a problem with a particular city service, the city said they should call 311, or 911 if it is an emergency.

Dallas police said that 911 calls are not affected and that officers are continuing to be dispatched for service.

CNN adds a bit of detail.

There were reports of computer outages or connectivity issues at other Dallas government agencies on Wednesday afternoon.

A computer system that processes records for the Dallas Court and Detention Services Department has been down since 6 a.m. local time on Wednesday, according to a person who answered the phone at the department Wednesday afternoon but declined to give their full name.

“Our system went completely down so there’s not much we can see in terms of looking up people’s citations and traffic tickets,” the person said, adding they were unsure what caused the outage.


Federal officials are trying to shore up the defenses of state and local governments with federal money and a new program to warn organizations that might be vulnerable to hacking threats.

Quentin Rhoads-Herrera, a Dallas-based cybersecurity executive, told CNN that when he is hired to test the cybersecurity of state and local governments, “we commonly find their security posture to be weaker than that of the average corporate company.”

“This is not due to a lack of concern, but rather a lack of resources and manpower to address the ever-growing challenges of cybersecurity,” said Rhoads-Herrera, who is CEO of security firm Vector0.

Hold that thought for a minute. Bleeping Computer tells us more about the ransomware in question.

BleepingComputer has learned that the Royal Ransomware operation is behind the attack on the City of Dallas.

According to numerous sources, network printers on the City of Dallas’ network began printing out ransom notes this morning, with the IT department warning employees to retain any printed notes.

A photo of the ransom note shared with BleepingComputer allowed us to confirm that the Royal ransomware operation conducted the attack.

The Royal ransomware operation is believed to be an offshoot of the Conti cybercrime syndicate, rising to prominence after Conti shut down its operations.

When launched in January 2022, Royal utilized other ransomware operations’ encryptors, such as ALPHV/BlackCat, to avoid standing out. However, they later started using their own encryptor, Zeon, in attacks for the rest of the year.

Towards the end of 2022, the operation rebranded into Royal and quickly became one of the most active enterprise-targeting ransomware gangs.

While Royal is known to breach networks using vulnerabilities in Internet-exposed devices, they commonly use callback phishing attacks to gain initial access to corporate networks.

These callback phishing attacks impersonate food delivery and software providers in emails pretending to be subscription renewals.

However, instead of containing links to phishing sites, the emails contain phone numbers that the victim can contact to cancel the alleged subscription. In reality, these phone numbers connect to a service hired by the Royal threat actors.

When a victim calls the number, the threat actors use social engineering to convince the victim to install remote access software, allowing the threat actors access to the corporate network.

Like other ransomware gangs, Royal is known to steal data from networks before encrypting devices. This stolen data is then used as further leverage in extortion demands, with the threat actors warning that they will publicly leak data if a ransom is not paid.

At this time, it is unknown if data was stolen from the City of Dallas during the attack.

Does any of this sound familiar? It might, because just a few months ago the Dallas County Appraisal District was hit by the same ransomware. The wording on the ransom note – you can see an image of the one from Wednesday at the Bleeping Computer link – is basically identical. There are a variety of technical tools and strategies one can employ to defend against this sort of thing, but by far the strongest is a plan to train your staff to 1) be more aware of phishing techniques, which includes being extremely careful with links from any unexpected externally-sent email; 2) never calling numbers in emails like these, but contacting local IT/security support for assistance; and 3) never ever ever allowing any external entity to install any software on your computer. I hope every local and state government entity, which has already seen numerous similar incidents, is paying attention to this. It seems very likely we have not heard the last of the Royal Ransomware group in Texas. Also noted by Ginger in today’s Dispatches; she was the one who pointed me to that DCAD story originally.

Dispatches from Dallas, May 5 edition

This is a weekly feature produced by my friend Ginger. Let us know what you think.

This week in DFW-area news, some big stories: Colin Allred is running against Ted Cruz, the City of Dallas is under a ransomware attack, and of course, more Harlan Crow & Clarence Thomas news. Plus various election items, Greg Abbott’s dog-whistles about the Cleveland mass shooting, whether it’s worth it for a band to play SXSW, and an exhibit about Bass Reeves in Fort Worth.

Also: don’t forget to vote tomorrow in the May elections in your area, Texans! I voted early but if you didn’t, polls are open Saturday. Please read up on your local elections and vote, particularly in your school board elections. That’s one of the ways extremists funnel their people into politics and their cases into the legal system.

First, as you know, Colin Allred’s possible Senate run has been in the news for a while now. If you haven’t seen his opening pitch video yet, you should spend those three minutes. It’s both wholesome and a bit of a firecracker (not hard; Ted Cruz is an easy target). The announcement story in the DMN is nothing you haven’t already read, but Ted Cruz’s response is kind of funny (Archive link). We all know Cruz is full of ego, but I think most readers of this blog can think of good reasons why Allred might not spend time getting to know Cruz in person.

The Dallas Observer has a good roundup of local and state reaction. The real news from Dallas, though, will come in the reshuffle of candidates now that Allred’s seat (CD-32) is open. The DMN has some potentials on the Democratic side lined up (Archive link) and they’re collectively a good group. I hope to see a solid reshuffle upwards out of this and wish Allred and whoever wins the Dem nomination for CD-32 the best.

Note: I’m not in Allred’s district though I probably would be in a world where Dallas wasn’t gerrymandered so thoroughly. Instead I was in CD-5 (Lance Gooden of Terrell) until the recent reshuffle and now Beth Van Duyne of Denton and a bunch of other mid-DFW suburbs (CD-24) is my representative, even though I live in northeast Dallas. The only one of my electeds mentioned in the DMN’s potential shuffle is my state Senator, Nathan Johnson, who’s not running.

Next up, in Six Degrees of Clarence Thomas, ProPublica has dropped another bomb: Clarence Thomas Had a Child in Private School. Harlan Crow Paid the Tuition. The kid is Thomas’ grand-nephew whom he and his wife are raising. The one year we know the cost of for sure was $6,000/month. Propublica’s sources indicate that if Crow was paying for all four high school years of the young man’s education, the cost could have been more than $150,000. Thomas failed to report any of these gifts on his disclosure forms. Our only senators have weighed in (Archive link) and they just don’t care.

I’ve come to the conclusion that every time we talk about Thomas’ corruption I’m going to have to go all Cicero: Thomas must be impeached.

Related, in case you were wondering: Here’s how much Harlan Crow donated to Dallas elections this year (Archive link). My house is in council district 10 and I’m pleased to report that I knew better than to vote for the candidate Crow backed before I read this story. It’s interesting to see that in local races (District 1) Crow’s secret funding of Clarence Thomas is a campaign issue worth including on third-party attack mailers.

Also related, nationally: Graham falsely claims all nine justices signed Roberts’s letter expressing ethics hearing “concerns”. I was indignant when I initially read the news about Roberts’ letter but it turns out Lindsey Graham was just flat-out lying that the rest of the Court had signed on to the letter. Apparently there was a separate statement of the current standards of ethics. I think most of you will agree that the current standards are insufficient (as this TAP article describes), but as the linked newsletter explains, what the justices signed was a lot less upsetting than what Graham said they signed on to.

Last, but not least, in big stories, the City of Dallas is under a ransomware attack. Charles pointed me at this Bleeping Computer rundown which tells me where my tax dollars are going when they pay the ransom, and now the city has confirmed (Archive link) the identity of the ransomware.

My water bill was paid just before the attack hit, so I haven’t tried to use the billing interface (which is supposedly affected) but I can get into it. What I immediately noticed was that the library’s database was down, which probably means I don’t have to finish the book I’m reading that’s due by Saturday after all. Other areas that have seen some problems include city courts (closed) and DPD (significantly impacted per Chief Garcia), and the notes system that emergency dispatchers use with 911. Here’s the official city statement about the attack, which is updated daily but doesn’t say much. I hope next week’s dispatch includes news that the attack is over.

In other news, mostly election-related:

  • One for Charles: 8-Day Campaign Finance Reports for RISD. This comes from a new-to-me local blog that covers Richardson, the suburb nearest to my house (I’m zoned to RISD but live in Dallas city limits). I’ll be keeping an eye on Mr Steger’s work from here on in.
  • Christian activists are fighting to glorify God in a suburban Texas school district. This is Grapevine-Colleyville ISD, and the article is a good primer on the Christian nationalist push into local school districts and the Patriot Mobile funding connection. One piece of information that’s new to me in this article but doesn’t surprise me in the least is that Ted Cruz’s pastor father is involved in Patriot Mobile. One more reason to get Cruz out of the Senate.
  • Related: This first-person account of the ongoing problems in GCISD. “We’re all out here voting for Republicans and being told a leftist takeover is happening in our schools.” I found this via Frankin Strong’s substack, which I once again commend to your attention.
  • Also in education news, but not about the election: Dallas ISD Superintendent Declares ‘State of Emergency’ on School Pay. “The appeal comes from roughly a dozen districts in the North Texas area, including Mesquite, Richardson, Frisco and Plano ISDs.” These are the suburban districts that kids get out of DISD to attend, so they’re better off than DISD. All of our public schools need more money; please keep that in mind as you vote, and particularly in races where the candidates favor vouchers and other means of putting public money into private schools.
  • Nonpartisan no more? PACs and donors shift the scales on fundraising power in Fort Worth. Some interesting numbers and detail on PAC donations for folks following Tarrant County. It’s easy to be nonpartisan when most everyone is a member of the same party, but things don’t work that way in 2023 and certainly not in the last reddish urban area in Texas.
  • In stories I thought might take the lead in today’s Dispatches, the DMN had an editorial about our only governor’s recent foot-in-mouth handling of the recent mass shooting in Cleveland: Texas’ latest mass shooting is about guns, not immigration (Archive link). In addition to how bad he looks to Texans, Abbott is a national embarrassment with respect to immigration policy (WaPo) on top of his many other bad policy takes. We have to vote him out.
  • Noting here that the latest on Bryan Slaton having sex with an intern too young to drink, mentioned by Charles earlier this week, got no traction with local news in Dallas.
  • The Lege is really Charles’ beat but I wanted to note this piece from the DMN: Electric vehicle owners would pay $200 annual fees under Texas bill sent to Gov. Abbott (Archive link). We’re currently considering a new car at our house, and while an additional $200 a year will just be part of the cost consideration if we decide on an EV, it’s enough to make a difference for a lot of people.
  • The Dallas Observer asks an important question: Where Do Newer Acts Fit Into SXSW Today? The answer is that SXSW is and has always been about exposure. When we lived in Austin (2007-2018), we were regular SXSW music-goers. One year we fell in love with a band called Katzenjammer that was playing in the street (Sixth is closed to vehicle traffic during the festival). We got their list of gigs and saw them several times during the festival, the last time at the late, lamented Threadgill’s, where I was interviewed by Norwegian TV. David Byrne also saw them at SXSW and they were at Bonnaroo that summer on a stage Byrne curated. (They never hit it really big in the US, alas, and broke up in 2016.) It’s not the norm, but it does happen, so some bands feel it’s worth it to work for the exposure. I’m not a musician, so I don’t have a dog in that hunt, but I can see both sides.
  • Exhibit on legendary Black lawman Bass Reeves opens at Fort Worth museum. I didn’t know about the National Multicultural Western Heritage Museum in Fort Worth but I’m going to have to check this exhibit out.