Jason Parker (security researcher)
A major contributor to this article appears to have a close connection with its subject. (September 2024) |
Jason Parker is a cybersecurity researcher known for identifying and disclosing vulnerabilities in various software, particularly those related to government technology. Parker's cybersecurity work primarily focuses on court, public records request, and voting systems, where they have exposed significant security flaws that could potentially compromise sensitive and confidential information and elections.
Jason Parker | |
|---|---|
| Occupation | Cybersecurity Researcher |
| Years active | 2023–present |
| Organization | Jeltz |
| Known for | Cybersecurity discoveries |
| Website | https://ꩰ.com/@north |
Vulnerabilities
editU.S. Court Record Systems
editIn late 2023, Parker discovered[1][2][3][4][5] several vulnerabilities in court record systems from Tyler Technologies, Catalis, and Henschen & Associates, which are used across Florida, Georgia, Ohio, and several other states. These vulnerabilities exposed sealed, restricted, and confidential court filings to the public, using only a web browser for access. The disclosures led to mixed responses, with some systems quickly remedied and others, such as Florida’s Lee County, threatening legal action against Parker.
Records Requests Systems
editIn January 2024, Parker uncovered[6] significant vulnerabilities in the GovQA platform by Granicus, which is used by numerous state and local governments to manage public records requests. The vulnerabilities could have allowed unauthorized access to sensitive information, including IDs and medical records. These were patched after Parker reported them to Granicus and the Cybersecurity and Infrastructure Security Agency.
U.S. Court Electronic Filing Systems
editIn April 2024, Parker began investigating vulnerabilities in electronic court filing platforms. Their first significant discovery[7] was in multiple versions of EZ-Filing, a system developed by Catalis, which permitted users to access sensitive information, including sealed court documents and personal data. When there was no response from Catalis regarding the reported vulnerabilities, Parker contacted PSG Equity, a major financier of the company, underscoring challenges in vendor responsiveness in cybersecurity, where issues may only be addressed when facing potential financial implications.
Voting System Involvement
editIn August 2024, Parker identified a critical flaw in Georgia’s voter registration and cancellation portal. The vulnerability allowed anyone to submit a voter cancellation request using publicly available information, such as name, date of birth, and county of residence, bypassing security measures like driver’s license verification. This discovery led to the Secretary of State’s office quickly patching the vulnerability after media outlets, including ProPublica and Atlanta News First, alerted the state to the issue.[8][9]
Parker’s discovery added to the list of vulnerabilities[10] found in Georgia’s election systems. Following the disclosure, officials updated the platform’s security and added error messages to prevent incomplete voter cancellation requests from being processed.
References
edit- ^ Whittaker, Zack (2023-11-30). "Security flaws in court record systems used in five US states exposed sensitive legal documents". TechCrunch. Retrieved 2024-05-05.
- ^ Lowrey, Brandon (2023-11-30). "Software Flaws Exposed Sealed Court Docs, Researcher Says". Law360. Retrieved 2024-05-05.
- ^ "Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems". Cybersecurity and Infrastructure Security Agency. 2023-11-30. Retrieved 2024-05-05.
- ^ "Sarasota Clerk and Comptroller Confirms No Breach of Private Information Obtained Via ClerkNet". Sarasota County Clerk and Comptroller. 2023-11-30. Retrieved 2024-05-06.
- ^ Baker-White, Emily. "Massive Court Breach Exposed Confidential Court Testimony, Medical And Psychiatric Records". Forbes. Retrieved 2024-09-15.
- ^ DiMolfetta, David (2024-03-07). "Flaws in public records management tool could let hackers nab sensitive data linked to requests". Nextgov/FCW. Retrieved 2024-05-05.
- ^ Lowrey, Brandon (2024-05-07). "Cybersecurity Flaws Uncovered In 3 States' E-Filing Systems". Law360. Retrieved 2024-05-08.
- ^ Clark, Doug Bock (2024-08-05). "A Terrible Vulnerability: Cybersecurity Researcher Discovers Yet Another Flaw in Georgia's Voter Cancellation Portal". ProPublica. Retrieved 2024-09-14.
- ^ Keefe, Brendan (2024-08-05). "Security flaw allowed anyone to request cancellation of Georgia voter registrations". Atlanta News First. Retrieved 2024-09-14.
- ^ Clark, Doug Bock. "Marjorie Taylor Greene's and Brad Raffensperger's Voter Registrations Targeted in Georgia's New Online Portal". ProPublica. Retrieved 2024-09-14.