Off the Kuff Rotating Header Image

May 10th, 2023:

Slaton expelled

A fitting end to his disgraceful tenure.

Bryan Slaton

The Texas House unanimously voted to expel Bryan Slaton on Tuesday, one day after the Royse City Republican submitted his resignation after an internal investigation determined that he had sex with a 19-year-old aide after getting her drunk.

After a solemn, sometimes angry and tearful recounting of Slaton’s “graphic” and “offensive” behavior, the House voted 147-0 for expulsion, making Slaton the first member of the Texas Legislature to be removed from office since 1927.

Support of two-thirds of the House was needed for expulsion.

Slaton’s nameplate was immediately removed from his desk and from the vote tally board at the front of the House chamber.


Ahead of the vote, members of the committee told the House that Slaton had not disputed the allegations and still had not expressed remorse or regret. They also said Slaton likely committed multiple crimes, including providing alcohol to a minor.

“This Texas House is not going to hear from multiple complainants about serious and alarming facts and then turn the other cheek or simply slap a member on the wrist,” Rep. Andrew Murr, a Junction Republican who leads the investigating committee, told the House.

“My heart breaks,” Murr said, his voice growing thick. “I suspect that yours does too.”

In a heartfelt speech, Rep. Ann Johnson, D-Houston, said Slaton had exhibited a “systematic pattern of manipulation” and questioned whether the aide was able to consent at the time of the encounter after Slaton supplied her with several large mixed drinks. And she excoriated Slaton, calling him the “type of man who steals innocence” and who was “not worthy of a position of trust.”


Although Slaton resigned Monday, unless expelled he was entitled to his House salary and per diem, Murr said. Until voters elect a replacement, Slaton also would have continued to sit on assigned committees and count toward establishing a working quorum of the House.

See here and here for the previous updates. I applaud this action, and the committee and its investigator, former Judge Catherine Evans. I hope that Slaton is forever viewed as a filthy predator, that the Travis County DA pursues criminal charges against him – as of last night when I drafted this, I didn’t see anything in the news to that effect, but there’s plenty of time for something to happen – and I hope that the five former members of his staff who refused to cooperate with the investigation never find employment in the Capitol again. I feel a strong urge to wash my hands right now. Good fucking riddance.

House to vote on doomed casino gambling bill

You do you, but remember that we’re living in Dan Patrick’s world, and he’s not going to let this happen.

Photo by Joel Kramer via Flickr creative commons

After weeks of uncertainty, legislation authorizing casino gambling in Texas was cleared to come to a vote of the full 150-member House this week despite the potential of a bleak reception in the Senate as the Republican-dominated 88th Legislature heads to a finish later this month.

A proposed constitutional amendment by Rep. Charlie Geren that would authorize as many as seven resort casinos in Texas – including two in the Fort Worth-Dallas area – was placed in the House lineup for a Wednesday vote, along with a measure backed by the state’s professional sports franchises that would allow sports betting in Texas.

Geren, a Fort Worth Republican and speaker pro tempore of the Texas House, acknowledged that the gambling legislation had been cleared for a House vote during a late-afternoon meeting of the House Calendars Committee on Monday but he declined further comment before Wednesday’s House session to vote on the measures.

“I’ve got a lot more on my mind besides that gambling bill right now,” Geren told Fort Worth Report.

The fate of gambling legislation this session has been the subject of a weeks-long guessing game among lawmakers and lobbyists, with Lt. Gov. Dan Patrick, the presiding officer of the 31-member Senate, showing resistance to authorizing gaming in Texas.

The gambling measures won approval in the House State Affairs Committee on April 3 but it’s been unclear if the House Calendars Committee, the legislative clearing house that approves bills for a vote of the full House membership, would want to force a House vote if gambling faces a dead end in the Senate.

A number of lawmakers interviewed as recently as this week said they had seen no signs of movement on the gambling front, and several said they believed the issue appeared dead for the session, a repeat of the same fate that has befallen other gambling measures in previous Legislatures.

Nevertheless, hordes of gambling lobbyists led by the Sands Corporation of Las Vegas have waged a fierce effort to overcome past defeats and push casinos and sports betting through the latest legislative session, which ends May 29.

I will admit, getting this to a floor vote is an accomplishment, since previous efforts all died without getting that far. Having a Patrick minion file a gambling expansion bill, albeit a more limited one, was an accomplishment. Getting Greg Abbott and Speaker Dade Phelan on the record in favor of expanded gambling was an accomplishment. You know what’s still missing? Dan Patrick’s support. He claims it’s a lack of support from the Senators themselves, but come on. We know who’s the dog and who’s the tail here.

Maybe I’m wrong and Dan Patrick will let this come to a vote in the Senate. It’s an interesting question whether the support would be there for it if Patrick weren’t bigfooting things. Until I hear the words come out of his oily little mouth, or he finally loses an election, I will continue to believe that no gambling expansion legislation will pass in Texas. I haven’t been wrong to do so yet.

Dallas ransomware update

As of the weekend, things still weren’t great.

A ransomware attack from a prolific group called Royal has caused outages for many of Dallas’ systems for the past three days.

Websites remained down and first responders continued to rely on emergency backup plans heading into the weekend. The city said 911 and 311 calls were still being answered and it doesn’t believe residents’ and vendors’ information has been leaked.

“Much progress has been made, but the recovery process is ongoing,” Dallas officials said in a Friday news release.

The breach comes just months after Royal targeted the Dallas Central Appraisal District, forcing them to pay $170,000.


Experts have described Royal as a sophisticated “gang” that gains access to victim networks through phishing about two-thirds of the time. They say it’s one of many “opportunistic” groups who encrypt data and threaten to publicly release it unless a ransom is paid.

Dallas first disclosed Wednesday that it was hit by a possible ransomware attack affecting 311 and municipal courts and significantly impacting police and fire operations. The next day, the city said Dallas’ Information and Technology Services department had “isolated the issue” and was gradually restoring service, prioritizing “public safety and resident-facing departments.”

The city repeated in the Friday evening news release that ITS and cybersecurity vendors were continuing to work “nonstop to swiftly isolate a virus and gradually restore service.” A timeline for when systems will be restored was unclear.

A city of Dallas spokesperson did not answer questions Friday about how the attack happened and if Royal made any demands, saying staff was “dedicated to operations” and was unavailable for interviews.

It’s not clear if the city will pay Royal, but experts said it’s not wise to do so as attackers can come back and may not decrypt all of the data.

“If you pay a ransom to one group or one gang, others might come back in a couple months,” said Jess Parnell, vice president of security operations of Virginia-based Centripetal Networks, a cybersecurity company.

See here for the background. Whether it’s a good idea to pay the attackers or not – they are known to negotiate, and there are services to broker deals when needed – is a decision based in part on how prepared your organization was for such a catastrophe. Good backups, and stopping the spread of the malware before it can infect too much, definitely help. We’ll see where Dallas is; it kind of sounds to me like they’re trying to recover on their own.

If they do decide to pay the ransom, it could be expensive.

“According to this government alert a few months ago, this group asked their victims for between one and ten million dollars in bitcoin,” said Kevin Collier, an NBC News reporter on cyber security issues.

Southern Methodist University cyber security expert Mitch Thornton agreed the ransom demand could be that large.

“It certainly is within the range of what I’ve heard from these ransoms,” Thornton said.

City officials have said the attack is from a group called Royal. In a statement late Friday, the city said city information technology employees and vendors have worked to contain the virus and restore service. The statement said progress has been made but recovery is ongoing.

Outside experts said the Royal ransomware has been evolving as defense efforts worked to stop it.

Training warns employees not to click on suspicious emails that could unleash ransomware.

Thornton said corrupt online ads can now be a culprit in a scheme called “malvertising.”

“There’s increasingly better screening in our email readers so these threat actors can get around that by placing these ads on web pages when you are browsing around,” he said. “I’m not saying that’s what happened here but there have been cases of the Royal ransomware being distributed through these malvertisments.”

“Ransomware is becoming really big amongst hackers because it works; because people really do pay the ransoms,” said Paul Bischoff with the cyber security website

His site published a list of $70 billion worth of U-S government ransomware payments reported between 2018 and 2022.

“Our estimates are probably a lot lower than what is really happening because people are not reporting it to the FBI,” Bischoff said.

The extortion threat could be public release of seized confidential information or stopping service delivery, which has occurred in Dallas.

“Ransomware actors are using multiple extortion types,” Thornton said.

There is definitely a risk of data that was exfiltrated being uploaded to a public forum or made available for sale. An investigation ought to give an idea of what data might have been taken, but you may not have the time to complete that before you have to pay or risk the data being published. Someone may have to make a tough decision soon.

That story has a list of Dallas city services that were affected by the attack and what your alternate options are. Bleeping Computer has more on this type of attack.

While it may seem counterintuitive to target a local government, Bill Siegel of ransomware incident response firm Coveware told BleepingComputer that approximately 35% of public sector cases they handled paid a ransom.

This includes local governments, schools, police, or other publicly funded entities.

“Historical, public sector victims pay ransoms in 35% of cases we have handled. That is 10 percentage points less that the broad, all industry average as of Q1 2023 (45%),” Siegel told BleepingComputer.

“I would add that the actual rate is likely even lower as public sector victims are much less likely to engage external IR help, especially if they are very small, so there are likely a large volume of incidents where the public sector victim just deals with the impact and does not even bother considering engaging the cyber criminal responsible.”

And as we’ve seen before, government sites, especially from smaller cities and counties and school districts, can be easier targets because they have fewer dedicated resources for IT and cybersecurity, which includes employee training to avoid being victimized by phishing. Of course, they also have less money to pay in ransom. The bad guys do know that going in.

Anyway. As I said, I sure hope other government entities in Texas are paying attention to this. If they’re not careful or just unlucky, they could be next.