The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World.
ARRL is the national association for amateur radio in the United States, representing amateur radio interests to government regulatory bodies, providing technical advice, and promoting events and educational programs for enthusiasts around the country.
On Thursday, the ARRL announced that it suffered a cyberattack that disrupted its network and systems, including various online services hosted by the organization.
"We are in the process of responding to a serious incident involving access to our network and headquarters-based systems. Several services, such as Logbook of The World and the ARRL Learning Center, are affected," explained ARRL in a press release.
Amateur radio enthusiasts use three-letter codes that start with the letter Q, which are called "Q" signals, and they act as abbreviations for commonly used phrases in ham radio.
For example, the code QSO is shorthand for "I can communicate with _________ direct," and is used to denote a direct conversation between two stations. At the same time, QSL means "I am acknowledging receipt," meaning that contact is confirmed.
Logbook of The World (LoTW) is an online database that allows amateur radio enthusiasts to submit electronic logs of successful contacts (QSO) and confirmations (QSL) between other users worldwide. Enthusiasts can use these logs of successful communication on LoTW towards operator awards.
In a Friday update, the ARRL took steps to allay members' concerns about the security of their data, confirming that they do not store credit card information or collect social security numbers.
However, the organization confirmed that its member database contains some private information, including names, addresses, and call signs. While they do not specifically state email addresses are stored in the database, one is required to become a member of the organization.
It is unknown if the organization suffered a ransomware attack or another cybersecurity incident.
BleepingComputer contacted the ARRL with further questions, but a reply was not immediately received.
Comments
CrazyRadioGuy - 1 month ago
"The American Radio Relay League (ARRL) warns it suffered a cyberattack"
The ARRL stated no such thing.
"On Thursday, the ARRL announced that it suffered a cyberattack"
No, they did not state this.
This article is worthless.
EndangeredPootisBird - 1 month ago
Maybe you should actually read their press release:
"We are in the process of responding to a serious incident involving access to our network and headquarters-based systems. Several services, such as Logbook of The World® and the ARRL Learning Center, are affected. Please know that restoring access is our highest priority, and we are expeditiously working with outside industry experts to address the issue. We appreciate your patience"
CrazyRadioGuy - 1 month ago
"Maybe you should actually read their press release:"
I did. Maybe you should. Nothing in it said anything about a cyberattack, contrary to what the author so blatantly and incorrectly claims.
No1gr8 - 1 month ago
I think it's an excellent article, and it's needed to keep things honest. Many people getting billed automatically wonder how that's happening if they don't store credit card info. I assume a third-party vendor handles membership, but who knows what information they have if their headquarters-based systems are compromised? The way they responded to members' questions shows it was not a technical glitch, or they could've said it was and stopped the rumors. Maybe the hackers will reach out to Bleeping Computer, and we'll discover the real story.
ki4rwl - 1 month ago
I agree that this is an excellent article. I posted this article on the Alabama Section Facebook page, and was rebuked for "spreading speculation/misinformation". But that's the problem: WE DON'T HAVE ANY INFORMATION from the ARRL; give us some actual information so we DON'T have to speculate! As a VE (Volunteer Examiner) associated with the ARRL, my main concern is the information from all the exam sessions over the many years (some of which includes SSNs). Was it stored electronically on some of their systems? Were those systems potentially compromised? Also, did they gain access to their FCC interfaces (where they submit licensing info to the FCC)? The ARRL is not being very forthcoming with ANY information, which is very concerning to me. While what they're saying about names, addresses, and callsigns is openly available on the FCC database, I'm worried there's more to this story than the ARRL is letting on.
CrazyRadioGuy - 1 month ago
"I posted this article on the Alabama Section Facebook page, and was rebuked for "spreading speculation/misinformation". "
As you rightly should have been. If I were a Section Manager and someone posted that in our section group/page, I would have rebuked them to.
"But that's the problem: WE DON'T HAVE ANY INFORMATION from the ARRL"
Which doesn't make spreading rumors and speculation right.
Instead, simply state the facts as we know them. LotW is down and the Learning Center is down, but just about everything else is up and fine.
CrazyRadioGuy - 1 month ago
"The way they responded to members' questions shows it was not a technical glitch"
No, it shows that they were answering specific questions and that is all. Any other conclusion is purely an assumption by the reader.
No1gr8 - 1 month ago
"The way they responded to members' questions shows it was not a technical glitch."
No, it shows that they were answering specific questions and that is all. Any other conclusion is purely an assumption by the reader.
Question: Some members have asked whether their personal information has been compromised in some way.
The answer is yes or no. It is not a list of what they have, and then downplay that by saying it's already publicly available. Name and address are personal information. Has personal information been compromised in some way? Yes or no. I do agree to an extent, but no company has had this happen and a month later said it was a bad cable.
NoneRain - 1 month ago
https://www.arrl.org/news/arrl-systems-service-disruption
Are you reading the same thing as me, and concluding that unauthorized access to networks and systems, following a disruption, is not a cyberattack? For real?
CrazyRadioGuy - 1 month ago
"https://www.arrl.org/news/arrl-systems-service-disruption
Are you reading the same thing as me, and concluding that unauthorized access to networks and systems, following a disruption, is not a cyberattack? For real?"
Yes, I am reading the same release as you, except I am not adding words or trying to read between the lines. For example, the release says "involving access", not " unauthorized access ". Involving access can simply mean that people cannot access the systems, not necessarily that there was unauthorized access.
At no point did the ARRL say anything about this being a cyberattack. Yet the author of this article repeatedly claimed the ARRL stated they had been the victim of a cyberattack.
Therefore, the author is simply lying and is fabricating things based on his own assumptions.
IOW, a horrible and even irresponsible article, one for which he could actually be sued.
ProfTheory - 1 month ago
Too often when organizations have their systems compromised they don't want to be up front about it to avoid getting egg on their face. The problem is is that when the facts come out it's more like the brown emoji on their face. Think of what happened to LastPass!
burtfisher - 1 month ago
From Perplexity:
Based on the search results provided, there is no direct evidence or confirmation from the American Radio Relay League (ARRL) about a cyberattack taking their Logbook of the World system offline.
The Bleeping Computer article [1] mentions "American Radio Relay League cyberattack takes Logbook of the World offline" in the introduction, but the article itself does not provide any details or quotes from ARRL about a cyberattack being the cause. The only relevant quote is about CISA's advisory on the Chinese hacking group Volt Typhoon, which does not specifically mention ARRL or Logbook of the World.
The other search results [2][3][4][5] do not contain any information about a cyberattack on ARRL or their systems. The This Week in Amateur Radio article [5] simply states that the Logbook of the World system is offline, without mentioning the cause.
Therefore, based on the provided search results, there is no evidence to support Bleeping Computer's claim that a cyberattack took ARRL's Logbook of the World offline. The website appears to have made that assertion without any confirmed information from ARRL itself about the nature or cause of the system being offline.[1]
Citations:
[1] https: //www.bleepingcomputer.com/news/security/chinese-hackers-hid-in-us-infrastructure-network-for-5-years/
[2] https: //www.bleepingcomputer.com/news/security/mitre-says-state-hackers-breached-its-network-via-ivanti-zero-days/
[3] https: //www.securityweek.com/cyberattack-causes-trains-stop-denmark/
[4] https: //www.scmagazine.com/news/sisense-customers-told-to-reset-credentials-amid-supply-chain-attack-fears
[5] https://twiar.net/?cat=219
NoneRain - 1 month ago
Dude....
https://www.arrl.org/news/arrl-systems-service-disruption
"We are in the process of responding to a serious incident involving access to our network and headquarters-based systems."
Serious incident involving access (and disruption) to their network and systems, posted on their official website. The following update is regarding compromise of personal information.
The article is correct in its statements.
CrazyRadioGuy - 1 month ago
Great dismantling of this horrible article!
powerspork - 1 month ago
"Some members have asked whether their personal information has been compromised in some way. ARRL does not store credit card information anywhere on our systems, and we do not collect social security numbers. Our member database only contains publicly available information like name, address, and call sign along with ARRL specific data like email preferences and membership dates."
Well that is one way to not answer the question. Their infrastructure is still down 5 days after the incident. This indicates they were either encrypted and recovering from scratch, or they are massively incompetent and completely unprepared a system failure. If you don't even have backups or a DR plan, you probably don't have proper security or logging to detect a breach anyways.
Also, since names, addresses, and emails are "public information", ARRL leadership should publish theirs for us.
NYgnat - 1 month ago
If you really want to do your due diligence and you actually have the tQSL program for LoTW, please open it and do a check for updates and lo and behold you will get a port 443 error. Go look up the meaning of that if you do not already know what it is. Don't take my word for it. Gonna be a few weeks before that is fixed by my experience dealing with that kind of "failure to prevent this from happening" issue. LOL. The other "tell" is check the fact that most if not all of the ARRL pages are NOT https:// that load. Re-evaluate any conspiracy theories. It's a VERY simple oversight that someone's head is ultimately gonna roll.
SamOldMan - 1 month ago
Seems like a stretch to conclude "someone's head will roll" because of a port 443 error. We all know the web address is an https connection but there are a bunch of reasons this error could showing. I suspect the error message is generated by YOUR web browser having nothing to do with the league's server except that it isn't answering.
ki4rwl - 1 month ago
For all of you who were saying it WASN'T a cyber attack, that the article was wrong.... how would you like your crow cooked?
"ARRL Systems Service Disruption
06/04/2024
Updated 6/4/2024
On or around May 12, 2024, ARRL was the victim of a sophisticated network attack by a malicious international cyber group. ARRL immediately involved the FBI and engaged with third party experts to investigate.
This serious incident was extensive and categorized by the FBI as “unique,” compromising network devices, servers, cloud-based systems, and PCs.
ARRL management quickly established an incident response team. This has led to an extensive effort to contain and remediate the networks, restore servers, and staff are beginning the testing of applications and interfaces to ensure proper operation.
Thank you for your patience and understanding as our staff continue to work through this with an outstanding team of experts to restore full functionality to our systems and services.
We will continue to update members as advised and to the extent we are able.
This story will be updated with new developments."
https://www.arrl.org/news/arrl-systems-service-disruption
CrazyRadioGuy - 1 month ago
<p>Who said that it wasn't? The issue was that the author's claims about what the ARRL said were false. The ARRL did not state the things that the author claimed. IOW, the author lwas iin error.</p>
sorrynotsorry - 4 weeks ago
"Who said that it wasn't?
The issue was that the author's claims about what the ARRL said were false. The ARRL did not state the things that the author claimed. IOW, the author lied. "
You must suffer from some serious cognitive dissonance, you can scroll up on the first comment to see who did. Hint for those suffering from the same state of congruence : You.