Lack of security protections in PACER system made it vulnerable to hacking

An organization called the Free Law Project has identified a serious vulnerability in PACER, the federal courts’ online filing system. The bug permits cross-site forgery, essentially a method of capturing another user’s account information, and utilizing that information to access documents. The original account owner would be charged, but might not know it until the account statement arrives weeks later. PACER fees, which are currently 10 cents per page with a maximum of $3.00 per document, can quickly add up.

Early stories also stated that another vulnerability would allow hackers to file documents through other people’s account, compromising the integrity of the entire justice system.  PACER administrators, however, have denied that fraudulent filing was possible.  The cross-site forgery issue has apparently also been addressed.

For those interested in the specific technical details of the bug, the Free Law Project has posted what it shared with the courts here.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s