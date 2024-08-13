Advertisement
Opinion

Editorial: A ransomware attack closed L.A. courts for two days. The public deserves a full accounting

A view of a courthouse with a white facade, official seals and two U.S. flags flying outside
The Los Angeles Superior Court was shut down for several days in July by a ransomware attack.
(Myung J. Chun / Los Angeles Times)
By The Times Editorial Board
Share via

The Los Angeles Superior Court has an enormous data and online system that for years remained too vulnerable to hackers. The court began stepping up its monitoring, defenses and response operations less than two years ago, and it belatedly brought on a cybersecurity officer — a standard move for any large organization, public or private — this year.

Six weeks later, the court was hit by a ransomware attack that infected its computer system with damaging software, forcing it to temporarily close. The new security systems spotted the breach early on Friday, July 19, and court personnel who began their workdays early found ransom notes on their devices before 7 a.m. that day. The court remained unavailable to the public until the following Tuesday, and even then, it operated at severely diminished capacity for several more days.

Los Angeles Superior Court on Temple St. in Los Angeles.

California

L.A. County Superior Court hit by ransomware attack

The Los Angeles County Superior Court was hit with a ransomware attack that officials say does not appear related to the faulty CrowdStrike update that sparked a global technology outage.

July 19, 2024

The effect of the July hack was enormous. The L.A. Superior Court is the largest local trial court system in the nation and perhaps the world and, on any given day, conducts hearings and issues orders that directly affect the liberty, familial relationships and pocketbooks of thousands of people. The attack briefly postponed trials and other essential courtroom work, including issuing time-sensitive domestic violence restraining orders and ordering jail releases.

Advertisement

Public-facing operations are now back online, and a criminal investigation is underway. As soon as it concludes, the court owes the public a full accounting of the scope of the attack and any ransom paid to the hackers. Unlike private businesses that often suppress accounts of cyberattacks to avoid embarrassment and lawsuits, the court is a public entity and any amount it may have paid is public money. Any security breach was a failure of an institution accountable to the public.

WESTWOOD, CA - AUGUST 17:Royce Hall on the UCLA campus on Tuesday, Aug. 17, 2021 in Westwood, CA. University of California President Michael V. Drake is pledging "transformational change" to bring more equity and transparency to campus policing, unveiling a plan to post more police data, create independent accountability boards, step up anti-bias training and potentially reallocate some duties and budget dollars from police to community safety specialists.(Francine Orr / Los Angeles Times)

California

UCLA confirms it was hit by wide-ranging cyberattack but offers few details

A group known as CL0P Ransomware Gang is suspected of being behind cyberattacks that hit at least 145 victims, using a vulnerability in a file-transfer software system.

June 29, 2023

Things could have gone much worse for the court and the 10 million Los Angeles County residents and numerous businesses and other entities that it serves. Other courts and agencies had their systems down much longer after similar attacks.

Apart from federal intelligence, security and military operations, public agencies and offices generally lag behind private corporations in tech matters.

Advertisement
Alberto Carvalho, Superintendent, Los Angeles Unified School District, the nation's second-largest school district, comments on an external cyberattack on the LAUSD information systems during the Labor Day weekend, at a news conference in Los Angeles Tuesday, Sept. 6, 2022. Despite the ransomware attack, schools in the nation's second-largest district opened as usual Tuesday morning. (AP Photo/Damian Dovarganes)

California

LAUSD investigates claims that student and teacher data are for sale on the dark web

A post on the dark web offering some 24 million student and teacher records from LAUSD data for $1,000 has prompted an investigation by the district.

June 7, 2024

And among public entities, local courts are often furthest behind, in part because of inadequate funding (the bulk of Superior Court funding is provided by the state budget), and in part because courtroom culture relies so heavily on independence, precedent and tradition. For decades, judges who began their legal careers before the internet or electronic data networks steered their courts away from automation and resented efforts to impose uniform rules for electronic case management.

That was especially true in the Los Angeles Superior Court. But things have slowly changed, and the court now manages one of the nation’s largest cyber operations. As the swift response to the July ransomware attack demonstrates, it has begun to catch up on cybersecurity as well.

There are good reasons for the public to be patient with the court and the FBI as they continue their investigation. This was not a simple stickup and may well have involved foreign actors looking for more than financial rewards.

Advertisement
LOS ANGELES, CA - FEBRUARY 08: U.S. Rep. Karen Bass said that as mayor she would move 250 Los Angeles police officers out of desk jobs and into patrols, while ensuring that the department returns to its authorized strength of 9,700 officers. Photographed at the Los Angeles Police Department Headquarters on Tuesday, Feb. 8, 2022. (Myung J. Chun / Los Angeles Times)

California

LAPD website goes offline; officials give no cause but say it’s ‘not ransomware’

The website for the Los Angeles Police Department was down Friday.

May 3, 2024

First, it’s important to remember that crimes of this sort and this magnitude are usually well-planned to impose maximum disruption, and not only because bigger disruption is calculated to produce a bigger ransom payment.

Ransomware perpetrators are often described as pirates, invoking images of freelance criminal mariners who might attack any ship sailing under any flag if the vessel carries treasure that the brigands might plunder. Many are more like real-life privateers such as Sir Francis Drake, Sir Henry Morgan and others who sailed and robbed with the authority of their governments in order to harass their national adversaries.

California

Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.

What first arose as a server outage was identified Saturday as a malware attack, which appears to have originated from outside the United States and hobbled computer systems and delayed weekend deliveries of the Los Angeles Times and other newspapers across the country.

Dec. 29, 2018

In today’s world of online piracy, privateer hackers often operate with the tacit approval or even at the behest of foreign governments, particularly Russia (although Iran, China, North Korea and pre-invasion Ukraine are also implicated).

The cyberattack on the Los Angeles Superior Court was an attempt to extort money, but there’s a good chance that it was also a bid to undermine confidence in the justice system, and to explore and exploit vulnerabilities in data systems and in public attitudes. In other words, it may well have been one of numerous assaults on behalf of foreign adversaries. As in more open warfare, defense against such attacks ideally includes a measure of public understanding about court delays and other inconveniences.

LOS ANGELES, CA - AUGUST 18: Apartments are seen at the Mar Vista Gardens public housing complex where some residents are worried about a possible change in mail delivery that would stop bringing letters to residents' doors, instead bring them to centralized banks of mailboxes in the complex on Tuesday, Aug. 18, 2020 in Los Angeles, CA. (Dania Maxwell / Los Angeles Times)

California

Hackers target L.A.’s Housing Authority in a suspected ransomware attack

The cyberattack surfaced Dec. 31 when individuals who deploy the malware known as LockBit published screenshots representing data they claim to have seized.

Jan. 3, 2023

The same is true of similar assaults on other public agencies, including 2022 attacks on the Los Angeles Unified School District and the Housing Authority of the City of Los Angeles.

But again, that patience must have limits. The court owes the public, at the earliest opportunity that does not compromise the investigation, a full report on what lasting damage was done, what lapses were responsible and what steps are being taken (and what further public investment is needed) to strengthen the court‘s defenses against future attacks.

More to Read

OpinionEditorialsCrime & Courts
The Times Editorial Board

The Los Angeles Times’ editorial board determines the positions of The Times as an institution. It operates separately from the newsroom. You can read more about the board’s mission and its members at About The Times Editorial Board.

More From the Los Angeles Times

Advertisement