Missouri Gov. Mike Parson Jeff Roberson/AP
Missouri Governor Jay Nixon is asking for criminal charges against a Missouri reporter who exposed social security numbers online.
A government website contained the SSNs for over 100,000 teachers, which was discovered by the reporter.
Gov. Mike Parson called the reporter "hacker" and demanded an inquiry - something cyber experts claim makes no sense.
Missouri Gov. Mike Parson demands a criminal investigation of a journalist who exposed social security numbers on a state site. This is a response that cybersecurity experts claim makes no sense.
Josh Renaud, a St. Louis Post-Dispatch journalist published Wednesday's story in which he revealed that the state's education website had exposed the SSNs for over 100,000 teachers and administrators. Renaud only had to open "inspect element" in order to see the source code of the page. Anyone can do this with just two mouse clicks.
Renaud disclosed the state's exposure on Tuesday. He waited until the issue was resolved before publishing his story. This is a well-known best practice in cybersecurity reporting.
Parson called for a criminal investigation into Renaud's report after the story was posted.
Parson stated that "we will not allow this crime against Missouri teachers to go unpunished." They were trying to sell headlines to their news outlet and embarrass the state by compromising teachers' personal information.
Parson's comments have been met with widespread outrage and bewilderment by cybersecurity experts. They claim Renaud disclosed the data responsibly and that using a browser's "inspect" tool doesn't constitute hacking.
Rachel Tobac, CEO of SocialProof Security, tweeted that "hitting F12 in a web browser is not hacking." Fix your website. Matt Blaze, another cybersecurity researcher, warned Parson to fix his website.
Continue the story
Jen Easterly, Cybersecurity and Infrastructure Security Agency director, tweeted that the agency relies upon researchers who "find and responsibly disclosure vulnerabilities". This message was taken to refer to Parson's comments. Insider was able to reach a spokesperson for CISA, but they declined to comment on Easterly's tweet.
Parson's exaggerated claims, Renaud is unlikely to be charged with any criminal offenses. TechCrunch reported that a Supreme Court decision has found that to violate federal anti-hacking law, one must obtain information from a computer they are not allowed to access. This means that information on public websites is unlikely to be considered to be off-limits.
Ian Caso, St. Louis Post-Dispatch Publisher, stated in a statement that Renaud "did everything right."
Caso stated that "It is regrettable that the governor chose to shift blame onto journalists who discovered the problem with the website."
Business Insider has the original article.
