Let's discuss this one because there's a large number of implications here.
There have been complaints about lotw and some of the other systems that are hosted at newington, and the complaints have been going on for quite some time. A couple of decades anyway. Now of course we have this massive outage going on and very little in the way of explanation from the league.
The usual ARRL cheerleading squad tries rather desperately to separate these issues but I don't think you really can.
If you think about it, I mean really think it through... both those
subjects are the same thing, Both (in my view well justified) complaints and the current outage, are indicative of long
unaddressed system design flaws only half of which were visible to the
average user until recently. That being the extremely clunky interface on LOTW.
As the ever increasing down time in this incident makes clear however, one of
the things that has been needed in LOTW for a long time is better system
security. Not the laughable "we will mail you a certificate" security ,
but router, firewall and IP port security, which it is becoming
increasingly clear was insufficient to the task.
This is more than just speculation. Consider the systems that went down.
The phone system is out, that's obviously going through IP routers, the
education system was down, the VEC system was down, access to in-house
radios, also IP controlled, was also down... LOTW of course, and we're not sure what
else. Yet we are told that the data on all these systems is safe. So, if
the data on the individual computer systems is safe as they say, (and
to be clear I have no doubt it is) what's left?
The firewall and IP routing system.
For all of those systems to go out at once the only thing that makes any
sense at all is that it was their in-house router(s) that got hacked
and the cretans managed to have gotten through the firewall to do that.
The attack came in from outside Newington on the internet.
Let's be clear on this, this is very high level stuff. Very specialized.
Not for the faint of heart and certainly not for, you should pardon the
pun, amateurs.
People tend to complain about what they see, not what they can't. The
complaints about what end users see on LOTW are valid, IMV.
But...
Even the people that were making such complaints made the assumption
that firewall and IP port security wasn't a problem. The league had that
covered. Obviously, that was a bad assumption.
Let's add one more piece to the puzzle.An ad, placed by the league looking for it help. The ad apparently was placed prior to the outage. The question immediately arises are they bringing additional people in to take care of some of the problems in LOTW, or is this intended as replacement staffing?
This raises the possibility of an insider sabotaging the place using inside knowledge to do so. Speculation, certainly but it fits the available facts rather nicely. Maybe we will find out what the story is eventually or maybe we won't. The league has been keeping its cards very close to its vest on this one.
More as I find.
.
No comments:
Post a Comment