Interesting speculation

This appeared on Facebook regarding the IT situation over at the ARRL:

This was reported by Chris NW6V 

 Mike Ritz, W7VO, ARRL 2nd Vice President, was at the WVDXC club meeting last night, having just attended an ARRL board meeting to discuss the outage. Mike reported those meetings are a weekly event until the matter is resolved.

Everything that was running on INTERNAL servers is down until further notice. That includes their VoIP phone system, their .org email addresses, and front ends for things like LOTW. Everything running on external servers - cloud servers etc. - including LOTW data, is believed unaffected. But, such data will not be available until the internal matters are resolved. Thus, "joe@arrl.org" doesn't work - because that was on their internal mail server. But "joe@arrl.net" does - because the relays didn't run internally. I checked, and NW6V@ARRL.NETworks.

Efforts to restore the internal systems is proceeding full-time. No time-line can be given. The nature of the problem cannot be discussed.

I believe Mike said - with air asterisks around his words - "We have been advised to say nothing." He responded similarly when asked if "the Feds" were investigating this.

Being that the ARRL is connected to Homeland Security through its disaster response functions, and that personal data (no credit cards) for many relatively important persons are stored in the systems (business, military, science, etc.) such an investigation could very well involve the FBI and Homeland Security.

I (Chris NW6V)  was an IT Director in mental healthcare for many years, so security was a big part of my responsibility. As a professional looking at it from the outside, this has all the earmarks of a hack - of sufficient severity that it needed to be reported as a CRIME. At which point, IT is required to lock everything down - every computer and device involved becomes EVIDENCE - until a full investigation by forensics experts - da cops - is conducted. Getting everything back up is NOT job 1. Once the "crime scene" is clear (yellow tape down), THEN the job of recovery can begin. If some kind of hack had wormed into the ARRL system, recovery of local system by restoring backups becomes problematic - it may be difficult to verify that backups contain no trace of the hack. In which case, recovery and restoration of services would be slow and very painful.

This fits what we know about the situation to a "T."

73 Chris NW6V

Interesting. If the ARRL was hacked by someone with some kind of revenge motive in mind, they may have bitten off way more than they could chew. I never thought of the possibility of Federal Government involvement in this due to ties and MOEs with Homeland Security.  If this was a hack, and it is determined to be a crime, the perpetrators could be facing some very serious Federal prison time if caught and prosecuted.

I hope this gets cleared up soon. The LOTW situation doesn't bother me so much, but any disruption to the VE process does. My Team's next session is a week from this coming Saturday - June 8th. I'd hate to have to tell my candidates that I have no idea as to when their results will be processed. And no sooner did I write this, than I discovered this bit of good news:

ARRL VEC Services Update During Systems Disruption

05/29/2024

ARRL previously reported that we are responding to a serious incident involving access to our network and headquarters-based systems. Several services have been affected, including those administered by the ARRL Volunteer Examiner Coordinator (ARRL VEC).

Exam Registrations and Materials. ARRL Volunteer Examiners (VEs) should continue to submit exam registrations and material requests. While we are unable to post new or revised exam session dates and details to the website, we can ship out exam materials. Please remember that most exam materials are available on our website (www.arrl.org/resources-for-ves).

Processing Applications to the FCC. We have resumed the processing of Amateur Radio License applications with the FCC. This includes applications for new and upgrade licenses, individual applications, and club license applications. Exam sessions will be submitted to the FCC in chronological order, from earliest test dates to the latest. Please allow additional time for our processing as the exam session backlog is cleared.

International Radio Permit and License Class Certificates. We are currently unable to create International Amateur Radio Permits, License Class Certificates, and Volunteer Examiner (VE) badges, certificates, and stickers. New ARRL VE applications and renewals are unable to be processed at this time.

ARRL Youth Licensing Grant Program | FCC Application Fee Reimbursement Information. ARRL is continuing to accept reimbursement forms to cover the one-time $35 application fee for new license candidates younger than 18-years of age for tests administered under the auspices of the ARRL VEC. Reimbursement checks may take longer than normal to be processed at this time.

ARRL VEC cannot be reached by telephone at this time. We appreciate your patience as ARRL continues to work on restoring access to affected systems and services.

This story will be updated with new developments.

Thank you ARRL VEC Department for the update!

72 de Larry W2LJ

QRP - When you care to send the very least!