Gentlemen, Ms. Craigie and Ms. Altus


    I repeat my question of October 3, 2014:

    Have we considered bringing in outside security experts to review our implementation of security protocols and to make recommendations for improvements or additional methods to harden our data structure and servers?

    The answer then was:
                    We've already begun developing a list of possible actions/recommendations that we want to consider. That is on the list.
                    Our first priority is insuring we've eliminated the threat and any lingering vulnerabilities. Then we'll tackle the list going forward.

    It is obvious from today's news that we have not reached that item "on the list" and that we have not "eliminated ... any lingering vulnerabilities".

    I predicted we would be hit again — and soon — after the first attack. Good news — a vulnerable company/web site/server — travels very rapidly in the hacker community. Like burglars, hackers share information on more "dark" sites than can be imagined.

    This is NOT the last attack — more are coming — and the next one(s) may result in the destruction of all data on the servers, including the theft/erasure of all LoTW data. Yes, I know we have a backup (assuming the hackers do not gain access to the backup(s). Or a malicious hacker may substitute the website's landing page with pornography — or something even more offensive. It is obvious that hackers were able to take control of the LoTW server; what occurs next is up for grabs.

    While before 10.3.14, we may have been an obscure site/organization, we are not any longer. We have, unwillingly, been tossed into a varsity game and we were not, and clearly are not, ready for that level of play.

    My comments are not intended to be personal or derogatory of any member of the staff — we are an organization and the organization's leadership is ultimately responsible for events. The steward on Deck 12 is not cashiered for the USS ARRL running aground — the Captain is always the first to closely inspect the yardarm at sunrise.

    WE, the Board, in this instance, collectively are the Captain and we are responsible.

    The ARRL is not incompetent, but it needs assistance from security and IT professionals. It is not a sin or a disgrace to be unable to perform your own brain surgery; it is not a sin, a disgrace or a reflection on any individual that the ARRL needs the assistance of outside experts.
   
     We have competent people inside and outside the Board to assist in finding and vetting the needed professionals. Respectfully, we need to move immediately to obtain that help.

       I applaud CFO Shelley's decision (and those who concurred in his decision) to make a full disclosure to the Members. We have admitted we have a tumor; now we need to retain the brain surgeons.
   


73


-----------------------------------------------------

       John Robert Stratton       
                 
                        N5AUS                      



       Office telephone:    512-445-6262
       Cell:                         512-426-2028
                      PO Box 2232
            Austin, Texas 78768-2232


-----------------------------------------------------



On 10/20/14, 3:05 PM, Shelley, Barry, N1VXY wrote:

All:

 

The following news item is going to be posted on the ARRL web site and the LoTW User Group:

 

On Sunday afternoon, it was discovered that the Logbook of the World server at ARRL HQ was involved in a denial of service attack which disrupted operations. The ARRL IT Department identified the source and is continuing work on eliminating the threat. There may be intermittent disruptions of the Logbook while the ultimate solution is being implemented. We apologize for any inconvenience.

 

For the information of the Board only, the IT Department was able to determine that the LoTW server was compromised from servers in Bejing and was being used in a denial of service attack against servers located in Hong Kong. The attack disrupted not only LoTW functions but slowed our overall network which impacted e-mail traffic as well.

 

The LoTW server and the firewall facing out to the Internet are both current with software and patches so we’ve been unable to determine at this point exactly the source of the intrusion. The server is housed in the virtual array at HQ and we’ve taken that server offline and are creating a new LoTW server in the array to hopefully eliminate the attack. Once we turn that on, LoTW services will be restored and we will closely monitor the outgoing traffic on the network. In addition, we will be replacing the firewall with a Cisco product by Wednesday. To do so earlier would disrupt internal connections to the Internet from HQ and take down other services such as e-mail for about 48 hours which was deemed unacceptable.

 

We will send out another notification when we are back to normal operations.

 

73,

 

Barry J. Shelley, N1VXY

Chief Financial Officer

ARRL, Inc.

The National Association for Amateur Radio

 

(860) 594-0212

www.arrl.org

 

 

 

 



_______________________________________________
arrl-odv mailing list
arrl-odv@reflector.arrl.org
http://reflector.arrl.org/mailman/listinfo/arrl-odv