The Los Angeles Superior Court has a massive data and internet system that for years was too vulnerable to hackers. The court began ramping up its surveillance, defense and response operations less than two years ago, and this year belatedly added a cybersecurity officer — a standard move for any large organization, public or private.
Six weeks later, the court suffered a ransomware attack that infected its computer system with malicious software, forcing it to temporarily close. New security systems detected the breach early on Friday, July 19, and court staff, who started their workday early, found ransom notes on their devices before 7 a.m. that day. The court remained inaccessible to the public until the following Tuesday, and even then, it operated at greatly reduced capacity for several more days.
The impact of the July attack was enormous. The Los Angeles Superior Court is the largest local trial court system in the country and perhaps the world, and on any given day it holds hearings and issues orders that directly affect the liberty, family relationships and pocketbooks of thousands of people. The attack briefly postponed trials and other essential court work, including issuing urgent domestic violence restraining orders and ordering releases from prison.
Public-facing operations are now back online and a criminal investigation is underway. As soon as it is concluded, the court owes the public a full report of the scope of the attack and any ransom paid to the hackers. Unlike private companies that often hide reports of cyberattacks to avoid embarrassment and lawsuits, the court is a public entity and any amount it was able to pay is public money. Any security breach was a failure of an institution accountable to the public.
Things could have been much worse for the court and the 10 million residents of Los Angeles County and numerous businesses and other entities it serves. Other courts and agencies had their systems out of service for much longer after similar attacks.
Aside from federal military, security and intelligence operations, government agencies and offices generally lag behind private corporations when it comes to technology.
And among public entities, local courts often lag behind, partly because of insufficient funding (most High Court funding comes from the state budget) and partly because court culture relies heavily on independence, precedent, and tradition. For decades, judges who began their legal careers before the Internet or electronic data networks steered their courts away from automation and resented efforts to impose uniform rules for electronic case management.
This was especially true at the Los Angeles Superior Court. But things have slowly changed, and the court now runs one of the largest cyber operations in the country. As evidenced by the quick response to the July ransomware attack, it has also begun to catch up on cybersecurity.
There are good reasons for the public to be patient with the court and the FBI as they continue their investigation. This was no simple heist and may have involved foreign actors seeking more than financial rewards.
First, it is important to remember that crimes of this type and magnitude are often well planned to cause maximum disruption, and not just because a larger disruption is calculated to yield a larger ransom payment.
Ransomware authors are often described as pirates, conjuring images of freelance criminal sailors who might attack any ship sailing under any flag if the vessel is carrying treasure that the bandits could plunder. Many are more like real-life privateers, such as Sir Francis Drake, Sir Henry Morgan and others who sailed and robbed with the authority of their governments to harass their domestic adversaries.
In today's world of online piracy, private hackers often operate with the tacit approval or even at the behest of foreign governments, particularly Russia (although Iran, China, North Korea, and pre-invasion Ukraine are also implicated).
The cyberattack on the Los Angeles Superior Court was an attempt at extortion, but it may well have also been an attempt to undermine confidence in the judicial system and to explore and exploit vulnerabilities in data systems and public attitudes. In other words, it may well have been one of many attacks on behalf of foreign adversaries. As in more open warfare, defense against such attacks ideally includes a measure of public understanding about judicial delays and other inconveniences.
The same is true of similar attacks on other public agencies, including the 2022 attacks on the Los Angeles Unified School District and the Los Angeles City Housing Authority.
But, again, that patience must have limits. The court owes the public, as soon as possible and without compromising the investigation, a full report on what lasting harm has been done, what wrongs have been responsible, and what steps are being taken (and what additional public investment is needed) to strengthen the court’s defences against future attacks.
