Missouri governor Mike Parson threatens to prosecute reporter who found website security flaw

Politician accused of dodging blame and having ‘fundamental misunderstanding’ of how internet works

Jon Sharman
Friday 15 October 2021 11:59
Comments
Missouri governor threatens reporter with 'hacking' prosecution

Missouri’s governor has accused a news reporter of hacking a state web page and threatened to prosecute him, after the journalist warned that teachers’ private data was publicly accessible in the site’s source code.

Tens of thousands of social security numbers were visible as plain text within the HTML structure of an application that allowed users to review educators’ credentials, according to a St Louis Post-Dispatch report.

The newspaper alerted Missouri officials after discovering the vulnerability and waited until it had been addressed before publishing its story on Thursday.

In response to the embarrassing coverage, Missouri’s Republican governor Mike Parson called the Post-Dispatch reporter a “hacker” and ordered prosecutors to investigate.

He tweeted: “A hacker is someone who gains unauthorised access to information or content. This individual did not have permission to do what they did. They had no authorisation to convert and decode the code.”

After his comments were widely criticised, Mr Parson insisted the “hack” was “more than a simple ‘right-click’”. However, any web user can inspect a site’s source code with a few mouse clicks. This is a standard feature of browser software.

Making clear he intended to shoot the messenger, Mr Parson said in a press conference the Post-Dispatch reporter was “not a victim”.

He added: “They were acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet. We will not let this crime against Missouri teachers go unpunished.”

Criticism was even levelled by figures within Mr Parson’s own party. Tony Lovasco, a GOP state senator, tweeted that the governor’s office “has a fundamental misunderstanding of both web technology and industry standard procedures for reporting security vulnerabilities”.

The Post-Dispatch’s president and publisher, Ian Caso, stood by the story and the reporter, who he said “did everything right”. A lawyer for the paper said the reporter involved had acted responsibly and that there had been “no breach of any firewall or security and certainly no malicious intent”, meaning he had not broken the law.

And a spokesperson for the AFT St Louis, Local 420 teachers’ union said it was “concerned over the attempt to deflect responsibility and politicise what is very obviously a security breach by the state”.

Additional reporting by Associated Press

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in