The Los Angeles Superior Court has so much data and online systems that for years it has remained vulnerable to hackers. The court began ramping up its monitoring, defense and response operations less than two years ago, and delayed bringing in a cybersecurity officer — a standard measure for large organizations, public or private — this year.
Six weeks later, the court was hit by a ransomware attack that infected computer systems with destructive software, forcing it to temporarily close. A new security system discovered the breach on Friday, July 19, and court personnel who started their work day early found the ransom note on the device just before 7 a.m. The court remains unavailable to the public until next Tuesday, and then operates at a reduced capacity for a few more days.
The effect of the July hack was enormous. The LA Superior Court is the largest local court system in the country and possibly the world and, on any given day, conducts hearings and issues orders that directly affect the freedom, family relationships and pocketbooks of thousands of people. The attack quickly delayed trials and other important courtroom work, including issuing time-sensitive domestic violence restraining orders and ordering jail releases.
The public-facing operation is now back online, and a criminal investigation is underway. As soon as it is done, the court owes the public the scope of the attack and the ransom paid to the hackers. Unlike private businesses that often shrink their cyber attack accounts to avoid embarrassment and lawsuits, courts are public entities and any amount paid is public money. Any breach of security is a failure of an institution accountable to the public.
Things could be worse for the courts and the 10 million residents of Los Angeles County and the many other businesses and entities they serve. Courts and other agencies have systems down longer after similar attacks.
Aside from federal intelligence, security and military operations, public agencies and offices generally lag behind private companies in terms of technology.
And among public entities, local courts are often the most distant, partly because of inadequate funding (a large part of the Supreme Court’s funding is provided by the state budget), and partly because the culture of the courtroom relies heavily on independence, precedent and tradition. For decades, judges who began their legal careers before the internet or electronic data networks distanced the courts from automation and resented efforts to adopt uniform rules for electronic case management.
This is especially true in Los Angeles Superior Court. But things have slowly changed, and the court is now managing one of the largest cyber operations in the country. As the rapid response to the July ransomware attack demonstrates, it has also begun to catch up with cybersecurity.
There are good reasons for the public to be patient with the courts and the FBI as they continue their investigation. This is not a simple stickup and may involve foreign actors seeking more than financial rewards.
First, it is important to remember that crimes of this nature and magnitude are usually well planned to cause maximum disruption, and not simply because greater disruption is calculated to generate greater ransom payments.
Ransomware perpetrators are often described as pirates, invoking the image of free-lance criminal sailors who can attack any ship sailing under any flag if the ship is carrying treasure that the brigands can loot. Many are more like real personalities such as Sir Francis Drake, Sir Henry Morgan and others who sailed and plundered with the authority of the government to harass national enemies.
In today’s world of online piracy, private hackers often act with the tacit approval or even at the behest of foreign governments, especially Russia (although pre-invasion Iran, China, North Korea and Ukraine were also affected).
The cyberattack on the Los Angeles Superior Court is an attempt to sell money, but there is a good possibility that it is also an attempt to undermine trust in the justice system, and to explore and exploit vulnerabilities in data systems and public attitudes. In other words, it could be one of many attacks on behalf of a foreign enemy. As in more open warfare, the defense against such an attack would ideally include a measure of public understanding of judicial delay and other inconveniences.
Similar strikes have taken place at other public agencies, including the 2022 strikes at the Los Angeles Unified School District and the Los Angeles City Housing Authority.
But then again, patience has its limits. The public debt court, at the earliest opportunity that is not compromised to be investigated, a full report on whether the permanent damage has been done, whether the lapses were responsible and what steps were taken (and what more public investment is needed) to strengthen the court’s defense against future attacks.
