from the you-are-not-serious-people dept
Late last year, eight major U.S. telecoms were the victim of a massive intrusion by Chinese hackers who managed to spy on public U.S. officials for more than a year. The “Salt Typhoon” hack was so severe, the intruders spent a year rooting around the ISP networks even after discovery. AT&T and Verizon, two of the compromised companies, apparently didn’t think it was worth informing subscribers this happened.
More recently, the U.S. federal court system (Both Case Management/Electronic Case Files and PACER) were also hacked, leveraging vulnerabilities that had been widely known since 2020. Thanks to that hack, multiple nation-state and criminal hacking groups — including those linked to Russian intelligence — stole vast troves of case data from at least a dozen district courts since at least July.
Senator Ron Wyden, one of a handful of U.S. Senators who operates in competent good faith on privacy and security, this week penned a letter to the Federal Judiciary effectively informing them their cybersecurity is a hot fucking mess with zero transparency:
“Yet, you continue to refuse to require the federal courts to meet mandatory cybersecurity requirements and allow them to routinely ignore basic cybersecurity best practices. Federal judicial technology and cybersecurity policy is set by a committee of judges whose membership you have kept hidden from the public and who presumably have no technology expertise. The case management system used by the federal courts has been hacked multiple times, in part because the system is insecure, antiquated and expensive to operate. While the judiciary has solicited advice from leading government experts on establishing a modern, secure and efficient case management system, the judiciary thus far has ignored that advice and has made no meaningful progress towards a replacement. These serious problems in the judiciary’s approach to cybersecurity have been able to fester for decades because the judiciary covers up its own negligence, has no inspector general and repeatedly stonewalls congressional oversight. This status quo cannot continue.”
Wyden urged Roberts to appoint an “independent, public, expert review” headed by the National Academy of Sciences to examine both intrusions, repeatedly pointing out that the the judiciary has failed to even publicly acknowledge any of the longstanding problems plaguing the systems. That seems… unlikely to happen at the hands of the secretive weird fucking zealots currently in charge.
Despite these sorts of repeated embarrassments, the second Trump administration keeps taking a hatchet to cybersecurity defenses and the regulators tasked with protection national security.
For example, the administration has effectively lobotomized the FCC, just as the agency was starting to try and hold telecoms accountable for lax security and privacy practices. Our dipshit authoritarian overlords also clumsily dismantled the Cyber Safety Review Board (CSRB), (responsible for investigating significant cybersecurity incidents). and randomly fired oodles of folks doing essential work at the Cybersecurity and Infrastructure Security Agency (CISA).
This is another lovely example of how the U.S. has steadily been consumed by incompetence and artifice. The press and government spent four straight years performatively freaking out about the privacy and security ramifications of a single app (TikTok), while our telecom networks were being historically compromised, and our court systems were plagued with cybersecurity vulnerabilities broadly known to exist since 2020.
And instead of transparently addressing these problems, passing a federal privacy law, empowering regulators and modernizing essential systems, we elevated a full-diapered former reality TV star manbaby who genuinely has zero understanding of how anything works. It’s worth repeating: if foreign adversaries were trying to destroy the U.S. from within, it’s hard to see how it would look any different.
Filed Under: cisa, csrb, cybersecurity, hacked, pacer, privacy, ron wyden, salt typhoon, security
