Pennsylvania Courts website targeted in cyberattack
PITTSBURGH (KDKA) - A portion of the Pennsylvania Courts online system has fallen victim to a cyberattack.
Pennsylvania Chief Justice Debra Todd announced that the system had been compromised, saying that portions of the website are unavailable as a result.
The attack is called a denial of service cyberattack.
"In football parlance, they've just blitzed the system and overwhelmed it. And it's one of the many attacks that have become too frequent. It happened in Ohio, Kansas, and Ohio. It's happened in Australia," said Dave Hickton, former U.S. Attorney for Western Pennsylvania.
Hickton is the founder of Pitt Cyber at the University of Pittsburgh.
"Effectively, we've just lost use of the system," he said. "That can be a prelude to bigger problems, but it's an infrastructure attack against our court system so should be taken very seriously."
According to the U.S. Cybersecurity and Infrastructure Security Agency, a denial of service cyberattack happens when malicious actors flood the host network with traffic until it crashes or can't respond, preventing access for legitimate users.
The cyberattack was identified late Sunday.
The attack is currently affecting court website services including PACFile, the use of online docket sheets, PAePay, and the Guardianship Tracking System.
The courts released a statement saying the following, in part:
"At this time, there is no indication that any court data was compromised, and our courts will remain open and accessible to the public."
Numerous law enforcement agencies, including the Court Technology Team, the U.S. Department of Homeland Security, and the FBI are investigating the attack.
Hickton says the court system in Atlanta was hacked and held for ransom, ultimately paid by taxpayers. No evidence of that here yet.
Randy Rose with the Center for Internet Security said in correcting the problem, security experts have to be careful not to open up the system to additional risks.
"Sometimes the systems could actually be in fact available, but incumbent on the cyber security professionals to make sure there's no further risk by opening that system up and not opening citizens up to any potential risk," Rose said.
Rose added that it's possible for hackers to use our personal computer systems in their cyber attacks on others.
KDKA-TV's Jon Delano: "Are you saying, unbeknownst to ourselves, our computer systems might be used as part of the D-DOS attack on a court system or any other municipal system?"
Rose: "That's correct. Yes, you can actually be infected by something, by botnet malware."
You might never notice it, except your computer is running a little slower while it joins in blitzing a larger system.\
Delano: "What can we do to protect ourselves?"
Hickton: "By changing your password regularly, by having dual-factor authentication and by being careful not to click on any attachment you receive unless you call the sender."
In an update at 5:30 p.m. on Monday, Todd said, "portions of the website including PACFile, GTS, web dockets and court summaries, and PAePay have been restored."