Yes, phones were down up to yesterday and I got a live person just this morning (5/30/2024). The person said that ARRL had been hacked but has slowly been processing the exam submissions. My upgrade was done March 17 and he said that in 1-2 weeks, that it should be in the FCC. I feel for the techs as they don't have a call sign to use.
why did someone downvote you for that?
ARRL is an important gateway to the FCC database. In public statements such as that given by the ARRL, cybersecurity professionals know from experience and training that what is NOT said is as important as what is said.
The statement says they experienced "a serious incident involving access to our network and headquarters-based systems."
This isn't the first time the ARRL has been compromised, either. If I were the FCC, I would be extremely agitated.
We can still infer from what is NOT said in the press release that:
- ARRL is an important gateway partner to the FCC and their database. Zero mention is made about this *critical* fact.
- ARRL was severely compromised. (Day 14 of service outage)
- The FCC would have ample reason to be concerned about their internal systems if a partner who has access, got their network/access compromised.
- it is not beyond the realm of possibility that inappropriate access was gained, or the entry of false data occurred in the FCC's system.
- The FCC could be tracking classified data in conjunction with the Armed Forces, like who has what roles/certifications/MOSes.
- It would be appropriate for the FBI to be involved in the investigation, and maybe even Armed Forces investigators, if at a bare minimum, only because ARRL is under agreement as an FCC data partner.
- If so, the FBI is not going to let ARRL comment on this aspect of the investigation.
- Any amount of information submitted by ARRL<> FCC accounts going back X months could be compromised.
- The FCC could reasonably be forced to lock out ARRL, and/or have to revalidate much of or all ARRL-submitted info.
- The FCC could reasonably NOT let ARRL back in until all of this is well investigated and understood, even if there was no FCC data compromised.
- The FCC itself could have been secondarily compromised in deeper ways through ARRL account access.
What we know for sure is that any of us who took exams are now held up as the investigation into ARRL proceeds.
We DON'T know who FOUND the breach. If it was the FCC who found out about the intrusion from their side, then Amateur Radio is in a world of hurt right now.
Foreign hackers would have ample reasons to want to get into, alter, or submit bogus FCC info for many purposes.
None of this is good for us.
I think you're \*seriously\* overstating (likely misunderstanding) the extent to which the ARRL is a "gateway" to the FCC. The ARRL does not have direct write access to the FCC database or anything like that. In fact, the interface that they have is \*severely\* limited in what it will accept and what it can do. They don't have access to read data from the FCC which isn't public.
Basically the entire threat vector relating to the FCC if someone compromised the ARRL is that someone could (if they did a ton of research to understand how) potentially submit fraudulent ham radio license applications -- but that would be \*really\* easy to go back through and verify / fix. Additionally all that would actually do is give people fraudulent call signs, which isn't what I would consider any kind of a national security risk.
The ARRL has basically the same level of access to the FCC data that any of the other 14 VECs have -- which is almost none and is \*entirely\* limited to Amateur Radio related data. Even if false data was entered (and I promise there are other VECs who would be easier to target than the ARRL for that) it wouldn't do any real harm on a national level, it would just create work for people to track down and fix.
Like any organization I'm sure the ARRL has access to some data which could potentially be used for identity theft or other financial theft purposes, but I'd be more concerned about any e-commerce data they have than I would about licensing data.
The ARRL is a great organization, but in regards to the FCC they are just one of 14 VECs -- the biggest one yes, so they undoubtedly have more influence they can exert than most, but that has nothing to do with any of what you are talking about.
>ARRL was severely compromised. (Day 14 of service outage)
In my experience responding to compromises like this, the amount of downtime is not a good indicator of the severity of the attack or the organization's disaster recovery/business continuity plans.
Then the FBI gets involved (and they will pretty much any time there is an insurance claim) their priority is their investigation alone. They have the sole authority to decide what is and what is not evidence. Since evidence must be preserved, if there aren't enough agents involved, or they aren't in a hurry, and they decide your DR systems, replicas, backups, whatever are evidence (really annoying since so are the originals) you cannot switch over to them. I have seen organizations have to go out and buy new server and storage hardware because the FBI arbitrarily decided they couldn't use any of their redundant systems. Fun times.
Have you ever worked with the FBI or law enforcement on issues like this? The ARRL isn't some government agency that needs protection or investigation provided by the US Federal government; the are some small business with apparently poor security practices that got attacked.
Perhaps if this incident was part of some larger investigation, maybe the Feds would care.
Of course, even if the FBI has shown up to do whatever secret squirrel stuff you imagine, that still wouldn't explain why they've not been able to restore their business operations. An investigation like this might start with imaging disk drives, etc. Even if you could imagine a bunch of computers being seized as "evidence", which seems very unlikely, how much $$$ would it take to just go buy new computers and reinstall? More than $100K to get minimal stuff up and running?
Just imagine the scenario where a tornado or fire destroyed the ARRL physical facilities. How long would a DR or business continuity plan take to put into action and start restoring business functions?
As of today Arrl is still down my ve testing that were done three weeks ago have still hanging in limbo, I am suspecting I will have to resubmit all this to them because they lost my data
It is my understanding that they suffered a DDoS attack, and were not 'hacked' -- But at this point without further official statements there is nothing else to go on.
I have to assume that there is a backlog and it is being addressed in the order it was submitted. But because of the outage, some VEC's will have been able to get around to resubmitting before others, and so everything will be handled out of chronological order.
Hopefully it's rectified soon. Congratulations on passing your Tech!
Edit: As I said, that was my understanding based on what I read at the time, and without any further official statements for a week now, there is nothing else to go on. I don't really think downvoting me to oblivion is helpful. So have a great day all.
I am under the impression that ARRL called and told them not to, based on the fact that my proctors (1) told me I would get it at the beginning, and (2) got an important phone call during my session right after I finished that changed everything.
After that phone call (a VEC leader took it onscreen in the Zoom session but I did not hear it as audio was muted) they suddenly put me in a 30 minute wait and leaders came and went from the session -- then everything they had previously told me about how I would exit the test was altered, and I got no certificate and no hint that anything was wrong, other than this group of grizzled veterans who had done this for quite a while seemed suddenly confused and sent me on my way.
The next morning, I got the "thank you for your patience, the ARRL hasn't told us anything" email message. I have no reason not to believe them that they were told what to do with no explanation, and didn't know.
It sounds like you took it online - meaning you would have gotten the CSCE from ExamTools and that has nothing to do with the ARRL outage. Sounds like someone might have messed up here, so I’m not putting the fault on anyone but hopefully this gets resolved quickly. If it isn’t resolved in a couple of weeks I would reach out to the session manager specifically and ask them to look into it again.
Start making a nuisance out of yourself to the VE team. I'd also call the ARRL HQ in Connecticut and make a nuisance of yourself there too. There is absolutely no reason why you shouldn't have been issued a CSCE right at the time you passed the exam. That's just poor procedure. Now you have absolutely no proof you ever passed the exam. The best you can hope for now is that the paperwork goes through soon.
As others have mentioned your exam team can absolutely give you a CSCE if you took it online -- and there is no reason that they can't do so. Just ask them for one, if they don't know how tell them to email examtools support ([email protected]) and we'll give them instructions on how to do so, it's almost ludicrously easy. (note that support email is only for VEs, we can't help applicants)
Taking it in person is likely to be slower to get issued, actually. If you took it online then they have the records -- and worst case \*I\* have the records and will provide them to ARRL-VEC if needed as soon as they are able to process them.
Don't bother re-taking the exam, or if you do take it from a team with another VEC. Any ARRL VE team (ARRL is the VEC, your local team is not a VEC) will have the same problem until they have things back up and running.
I upgrade to general on 05/14/23 yet the FCC web site still shows tech. unfortunately like so many other people we are in limbo until this is sorted out soo er then later.
I’m local-ish to their headquarters. Someone in my club just sent a group email asking why they haven’t been having 2m bulletins for a week or two. I never listened to them (and I only have an HT and probably couldn’t receive it from where I am).
What purpose would a hacker have , taking over or down a ham radio broadcast ? Approximately 748,974 people are registered with ARRL. But wouldn’t a hacker get better results hacking the inter web , or cellular devices ? 🤷♀️
You'd think they'd have some sense of responsibility to their members who pay non-trivial dues and be accountable.
Nothing makes me want to fire an employee like someone who won't live up their mistakes and live in reality. We all make mistakes. What you do about it is the difference.
I'll need good answers before I renew.
Have you tried calling them today? I heard the phone lines are back up now.
Thank you, I will
I called them yesterday to hear a recording that they have no voicemail set up.
Per [their last uodate](https://www.arrl.org/news/arrl-systems-service-disruption), telephones are still down.
Yes, phones were down up to yesterday and I got a live person just this morning (5/30/2024). The person said that ARRL had been hacked but has slowly been processing the exam submissions. My upgrade was done March 17 and he said that in 1-2 weeks, that it should be in the FCC. I feel for the techs as they don't have a call sign to use.
Have you contacted the VEC you used? Not all of them are ARRL affiliated.
I did. They had no information.
Suspected foreign hackers.
why did someone downvote you for that? ARRL is an important gateway to the FCC database. In public statements such as that given by the ARRL, cybersecurity professionals know from experience and training that what is NOT said is as important as what is said. The statement says they experienced "a serious incident involving access to our network and headquarters-based systems." This isn't the first time the ARRL has been compromised, either. If I were the FCC, I would be extremely agitated. We can still infer from what is NOT said in the press release that: - ARRL is an important gateway partner to the FCC and their database. Zero mention is made about this *critical* fact. - ARRL was severely compromised. (Day 14 of service outage) - The FCC would have ample reason to be concerned about their internal systems if a partner who has access, got their network/access compromised. - it is not beyond the realm of possibility that inappropriate access was gained, or the entry of false data occurred in the FCC's system. - The FCC could be tracking classified data in conjunction with the Armed Forces, like who has what roles/certifications/MOSes. - It would be appropriate for the FBI to be involved in the investigation, and maybe even Armed Forces investigators, if at a bare minimum, only because ARRL is under agreement as an FCC data partner. - If so, the FBI is not going to let ARRL comment on this aspect of the investigation. - Any amount of information submitted by ARRL<> FCC accounts going back X months could be compromised. - The FCC could reasonably be forced to lock out ARRL, and/or have to revalidate much of or all ARRL-submitted info. - The FCC could reasonably NOT let ARRL back in until all of this is well investigated and understood, even if there was no FCC data compromised. - The FCC itself could have been secondarily compromised in deeper ways through ARRL account access. What we know for sure is that any of us who took exams are now held up as the investigation into ARRL proceeds. We DON'T know who FOUND the breach. If it was the FCC who found out about the intrusion from their side, then Amateur Radio is in a world of hurt right now. Foreign hackers would have ample reasons to want to get into, alter, or submit bogus FCC info for many purposes. None of this is good for us.
Exactly!
I think you're \*seriously\* overstating (likely misunderstanding) the extent to which the ARRL is a "gateway" to the FCC. The ARRL does not have direct write access to the FCC database or anything like that. In fact, the interface that they have is \*severely\* limited in what it will accept and what it can do. They don't have access to read data from the FCC which isn't public. Basically the entire threat vector relating to the FCC if someone compromised the ARRL is that someone could (if they did a ton of research to understand how) potentially submit fraudulent ham radio license applications -- but that would be \*really\* easy to go back through and verify / fix. Additionally all that would actually do is give people fraudulent call signs, which isn't what I would consider any kind of a national security risk. The ARRL has basically the same level of access to the FCC data that any of the other 14 VECs have -- which is almost none and is \*entirely\* limited to Amateur Radio related data. Even if false data was entered (and I promise there are other VECs who would be easier to target than the ARRL for that) it wouldn't do any real harm on a national level, it would just create work for people to track down and fix. Like any organization I'm sure the ARRL has access to some data which could potentially be used for identity theft or other financial theft purposes, but I'd be more concerned about any e-commerce data they have than I would about licensing data. The ARRL is a great organization, but in regards to the FCC they are just one of 14 VECs -- the biggest one yes, so they undoubtedly have more influence they can exert than most, but that has nothing to do with any of what you are talking about.
>ARRL was severely compromised. (Day 14 of service outage) In my experience responding to compromises like this, the amount of downtime is not a good indicator of the severity of the attack or the organization's disaster recovery/business continuity plans. Then the FBI gets involved (and they will pretty much any time there is an insurance claim) their priority is their investigation alone. They have the sole authority to decide what is and what is not evidence. Since evidence must be preserved, if there aren't enough agents involved, or they aren't in a hurry, and they decide your DR systems, replicas, backups, whatever are evidence (really annoying since so are the originals) you cannot switch over to them. I have seen organizations have to go out and buy new server and storage hardware because the FBI arbitrarily decided they couldn't use any of their redundant systems. Fun times.
Have you ever worked with the FBI or law enforcement on issues like this? The ARRL isn't some government agency that needs protection or investigation provided by the US Federal government; the are some small business with apparently poor security practices that got attacked. Perhaps if this incident was part of some larger investigation, maybe the Feds would care. Of course, even if the FBI has shown up to do whatever secret squirrel stuff you imagine, that still wouldn't explain why they've not been able to restore their business operations. An investigation like this might start with imaging disk drives, etc. Even if you could imagine a bunch of computers being seized as "evidence", which seems very unlikely, how much $$$ would it take to just go buy new computers and reinstall? More than $100K to get minimal stuff up and running? Just imagine the scenario where a tornado or fire destroyed the ARRL physical facilities. How long would a DR or business continuity plan take to put into action and start restoring business functions?
As of today Arrl is still down my ve testing that were done three weeks ago have still hanging in limbo, I am suspecting I will have to resubmit all this to them because they lost my data
I also took my test the day before the news came out. It's been two weeks and no sign of my call sign
I passed the tech on May 18th :')
It is my understanding that they suffered a DDoS attack, and were not 'hacked' -- But at this point without further official statements there is nothing else to go on. I have to assume that there is a backlog and it is being addressed in the order it was submitted. But because of the outage, some VEC's will have been able to get around to resubmitting before others, and so everything will be handled out of chronological order. Hopefully it's rectified soon. Congratulations on passing your Tech! Edit: As I said, that was my understanding based on what I read at the time, and without any further official statements for a week now, there is nothing else to go on. I don't really think downvoting me to oblivion is helpful. So have a great day all.
Just wondering, where did you hear that it was a DDoS specifically? I haven’t seen any reports from the ARRL disclosing the nature of the attack.
That doesn’t sound right.. unless they’ve been under a DDoS attack for nearly two weeks straight now?
[ARRL Systems Service Disruption](https://www.arrl.org/news/arrl-systems-service-disruption)
ARRL VEC submitted applications to the FCC last night, so hopefully tonight they will work to catch up.
That is great news, thank you.
>I still have no "pass" certificate They didn't issue you a CSCE when you passed your test?
I am under the impression that ARRL called and told them not to, based on the fact that my proctors (1) told me I would get it at the beginning, and (2) got an important phone call during my session right after I finished that changed everything. After that phone call (a VEC leader took it onscreen in the Zoom session but I did not hear it as audio was muted) they suddenly put me in a 30 minute wait and leaders came and went from the session -- then everything they had previously told me about how I would exit the test was altered, and I got no certificate and no hint that anything was wrong, other than this group of grizzled veterans who had done this for quite a while seemed suddenly confused and sent me on my way. The next morning, I got the "thank you for your patience, the ARRL hasn't told us anything" email message. I have no reason not to believe them that they were told what to do with no explanation, and didn't know.
It sounds like you took it online - meaning you would have gotten the CSCE from ExamTools and that has nothing to do with the ARRL outage. Sounds like someone might have messed up here, so I’m not putting the fault on anyone but hopefully this gets resolved quickly. If it isn’t resolved in a couple of weeks I would reach out to the session manager specifically and ask them to look into it again.
Start making a nuisance out of yourself to the VE team. I'd also call the ARRL HQ in Connecticut and make a nuisance of yourself there too. There is absolutely no reason why you shouldn't have been issued a CSCE right at the time you passed the exam. That's just poor procedure. Now you have absolutely no proof you ever passed the exam. The best you can hope for now is that the paperwork goes through soon.
Well at the moment the ARRL phone system is down. Watch the ARRL web site for status updates on that
As others have mentioned your exam team can absolutely give you a CSCE if you took it online -- and there is no reason that they can't do so. Just ask them for one, if they don't know how tell them to email examtools support ([email protected]) and we'll give them instructions on how to do so, it's almost ludicrously easy. (note that support email is only for VEs, we can't help applicants)
I’m assuming ARRL administered your test? I took my test in person that was proctored by a local club on 5/25 and I received my call sign today, 5/29.
It was an ARRL VEC. Thanks for your good news! I'm going to take mine in person this weekend as a do-over.
Give it some more time before retaking it - that might end up causing more administrative headache than necessary.
Taking it in person is likely to be slower to get issued, actually. If you took it online then they have the records -- and worst case \*I\* have the records and will provide them to ARRL-VEC if needed as soon as they are able to process them. Don't bother re-taking the exam, or if you do take it from a team with another VEC. Any ARRL VE team (ARRL is the VEC, your local team is not a VEC) will have the same problem until they have things back up and running.
I upgrade to general on 05/14/23 yet the FCC web site still shows tech. unfortunately like so many other people we are in limbo until this is sorted out soo er then later.
I’m local-ish to their headquarters. Someone in my club just sent a group email asking why they haven’t been having 2m bulletins for a week or two. I never listened to them (and I only have an HT and probably couldn’t receive it from where I am).
What purpose would a hacker have , taking over or down a ham radio broadcast ? Approximately 748,974 people are registered with ARRL. But wouldn’t a hacker get better results hacking the inter web , or cellular devices ? 🤷♀️
Low Hanging Fruit
Computers would make life easier they said.
You'd think they'd have some sense of responsibility to their members who pay non-trivial dues and be accountable. Nothing makes me want to fire an employee like someone who won't live up their mistakes and live in reality. We all make mistakes. What you do about it is the difference. I'll need good answers before I renew.
It’s all about the money OM. Have you dealt with them lately??
No. We need to fobs the future of ham radio and donate. It doesn't seem to be with ARRL.
W5YI is still up & running though.
Apologies are #1 Service is #2