Jason Parker (security researcher)
An editor has nominated this article for deletion. You are welcome to participate in the deletion discussion, which will decide whether or not to retain it. |
 | A major contributor to this article appears to have a close connection with its subject. (September 2024) |
Jason Parker | |
|---|---|
| Occupation | Cybersecurity Researcher |
| Years active | 2023–present |
| Organization | Jeltz |
| Known for | Cybersecurity discoveries |
| Website | https://ꩰ.com/@north |
Jason Parker is an American cybersecurity researcher known for uncovering dozens of critical vulnerabilities in government and legal software systems. Their work has exposed significant security flaws in court record systems, records request platforms, and voting systems, leading to increased awareness and remediation of these issues.
Career
[edit]Parker began their career as a software developer[1] before transitioning to cybersecurity research in 2023. They've focused on uncovering vulnerabilities within systems that manage sensitive public records and legal documents, particularly those used by government agencies and courts across the United States.
Notable Discoveries
[edit]Parker has discovered dozens of critical vulnerabilities across many software platforms used by courts, government agencies, and law enforcement nationwide. These systemic security flaws have included weak permission controls, poor validation of user inputs, and flawed authentication processes, potentially allowing unauthorized access to sensitive data.
U.S. Court Record Systems
[edit]In late 2023, Parker began discovering[2][3][4][5] vulnerabilities in various court record systems used across the United States, which exposed sealed, restricted, and confidential court filings to the public.
Parker has also discovered critical vulnerabilities in several electronic court filing platforms[6][7], allowing unauthorized users to access sensitive court documents and administrative functions by manipulating filing identifiers and user permissions.
Records Requests Platforms
[edit]In 2024, Parker identified[8] numerous vulnerabilities in widely used public records request platforms employed by state and local governments. The flaws could have permitted users to take control of other users' accounts and gain unauthorized access to sensitive information, including personal identification and medical records. These issues were patched after Parker reported them to the vendors, having the Cybersecurity and Infrastructure Security Agency assist with coordination.
Voting System Involvement
[edit]In August 2024, Parker discovered a critical flaw in Georgia's voter registration cancellation portal. The flaw allowed individuals to submit a voter cancellation request without proper identity verification, using publicly available information. State officials quickly fixed the vulnerability after media outlets, including ProPublica and Atlanta News First, alerted the state to the issue.[9][10]
Parker's discovery added to the list of vulnerabilities[11] found in Georgia's new voter registration system, leading to increased scrutiny of the platform.
Impact
[edit]Parker's work has brought significant attention to systemic security issues within government and legal systems, emphasizing the importance of robust cybersecurity measures. Their discoveries have led to increased scrutiny of these systems and prompted organizations to implement stronger security protocols. Following Parker's disclosures, many systems were updated without fanfare to address the security flaws; however, some entities, such as Florida's Lee County, threatened legal action against Parker.[12]
Through their advocacy, Parker emphasizes the importance of robust cybersecurity measures in public infrastructure. They advocate for comprehensive security overhauls that include implementing strict permission controls, validating user inputs, and conducting regular security audits and penetration testing. Parker also highlights the necessity of adopting secure development practices, such as Secure by design principles, to ensure that security is integrated throughout the Software development lifecycle.
Parker's efforts have contributed to a broader dialogue on the need for improved cybersecurity in government systems. By collaborating with vendors and agencies to address vulnerabilities, they have played a role in enhancing the security posture of critical public services. Their work underscores the potential consequences of neglecting security measures, including the compromise of sensitive data and erosion of public trust.
References
[edit]- ^ Zurier, Steve (2024-10-01). "Over two dozen critical bugs found in voter registration, court systems". SC Media. Retrieved 2024-10-08.
- ^ Lowrey, Brandon (2023-11-30). "Software Flaws Exposed Sealed Court Docs, Researcher Says". Law360. Retrieved 2024-05-05.
- ^ "Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems". Cybersecurity and Infrastructure Security Agency. 2023-11-30. Retrieved 2024-05-05.
- ^ "Sarasota Clerk and Comptroller Confirms No Breach of Private Information Obtained Via ClerkNet". Sarasota County Clerk and Comptroller. 2023-11-30. Retrieved 2024-05-06.
- ^ Baker-White, Emily (2024-06-18). "Massive Court Breach Exposed Confidential Court Testimony, Medical And Psychiatric Records". Forbes. Retrieved 2024-09-15.
- ^ Goodin, Dan (2024-09-30). "Court Data Exposed by Vulnerabilities in Software Used by US Government: Researcher". Ars Technica. Retrieved 2024-10-08.
- ^ Kovacs, Eduard (2024-10-03). "Systems used by courts and governments across the US riddled with vulnerabilities". SecurityWeek. Retrieved 2024-10-08.
- ^ DiMolfetta, David (2024-03-07). "Flaws in public records management tool could let hackers nab sensitive data linked to requests". Nextgov/FCW. Retrieved 2024-05-05.
- ^ Clark, Doug Bock (2024-08-05). "A Terrible Vulnerability: Cybersecurity Researcher Discovers Yet Another Flaw in Georgia's Voter Cancellation Portal". ProPublica. Retrieved 2024-09-14.
- ^ Keefe, Brendan (2024-08-05). "Security flaw allowed anyone to request cancellation of Georgia voter registrations". Atlanta News First. Retrieved 2024-09-14.
- ^ Clark, Doug Bock (2024-08-03). "Marjorie Taylor Greene's and Brad Raffensperger's Voter Registrations Targeted in Georgia's New Online Portal". ProPublica. Retrieved 2024-09-14.
- ^ Whittaker, Zack (2023-11-30). "Security flaws in court record systems used in five US states exposed sensitive legal documents". TechCrunch. Retrieved 2024-05-05.