An organization called the Free Law Project has identified a serious vulnerability in PACER, the federal courts’ online filing system. The bug permits cross-site forgery, essentially a method of capturing another user’s account information, and utilizing that information to access documents. The original account owner would be charged, but might not know it until the account statement arrives weeks later. PACER fees, which are currently 10 cents per page with a maximum of $3.00 per document, can quickly add up.
Early stories also stated that another vulnerability would allow hackers to file documents through other people’s account, compromising the integrity of the entire justice system. PACER administrators, however, have denied that fraudulent filing was possible. The cross-site forgery issue has apparently also been addressed.
For those interested in the specific technical details of the bug, the Free Law Project has posted what it shared with the courts here.