A St. Louis Post-Expedition A reporter who viewed the HTML source code of a website for the Missouri Department of Elementary and Secondary Education is now subject to prosecution for computer forgery, Missouri Gov. Mike Parson said.
All web browsers have a “view source” menu item that allows you to view the HTML code of the web page it displays.
The reporter discovered that the website’s source code contained the educators’ social security numbers. The reporter alerted the state to social security numbers. After the state removes the numbers from the web page, the Post-shipment reported the vulnerability.
Shortly thereafter, Governor Parson, “who has often interfered with the media over reports he does not like, announced a criminal investigation into the journalist and the Post-shipment. “
“If someone picks your lock on your house – for some reason it’s not a good lock, it’s a cheap lock or whatever problem you might have – they are not allowed to ‘come into your house and take everything that is yours, “Parson said in a statement.
A commentator on the Post-shipment history offers a more appropriate analogy:
A better analogy would be if you walk down the street in front of a neighbor’s house and notice their front door wide open with no one around. You can see a purse and car keys near the door. You phone this neighbor and tell him his door is open and his purse and keys are easily visible from the street. Would Parson consider this break-in?
[A] The state cybersecurity specialist informed Sandra Karsten, director of the Department of Public Security, that an FBI agent said the incident “is not a true network intrusion.”
Instead, the specialist wrote, the FBI agent said the state database was “misconfigured,” which “allowed the use of open source tools to query data that was not should not be public “.
“These documents show that there has been no intrusion into the network,” said St. Louis Post-Dispatch president and editor Ian Caso this month. “As DESE initially admitted, the reporter should have been thanked for the responsible manner in which he handled the matter and not reprimanded or investigated as a hacker.”