About this episode
Foundations of Amateur Radio
Just over a year ago, the ARRL, the American Radio Relay League, the peak body for amateur radio in the United States and one of the oldest of such organisations, experienced an incident.
During the weeks following, the ARRL was tight-lipped about the extent of the incident and most amateurs only really noticed that services were off-line or slow to respond. After months of delay and disinformation, the ARRL finally revealed that it was the subject of a ransomware attack and that it had paid a million dollar ransom. It went on to blame the authorities for its silence.
Mind you, it didn't tell me personally, it made public statements on its website. Similarly when I specifically contacted the ARRL to discover what information of mine it held, and what the status of that information was, the ARRL responded that I should refer to its public statements. It continued to state that my information was not compromised, since it only lived in LoTW, the Logbook of The World, the system it uses to coordinate the verification of amateur radio contacts, which are used to distribute awards like the DXCC and Worked All whatever.
Imagine my surprise when I received an email this week, sent from "memberlist@arrl.org" to my non-amateur radio email address. I confirmed with several amateurs that they too received this email. Informative, to a point, but likely well beyond anything intended by its author, it stated that LoTW was being updated with associated down time, incidentally, inexplicably, coinciding with the 2025 ARRL Field day, and it "will be fully migrated to the cloud". It went on to solicit donations. It made no reference whatsoever to the ransomware attack.
There's a lot hidden in that email.
Although the attack last year was linked to the outage associated with LoTW, the ARRL has continued to claim that the LoTW data was not impacted by the ransomware attack, but the email reveals that the system is being migrated to the cloud, in other words, right now, it's not in the cloud. Which begs the question, where is the server infrastructure for LoTW today, and more importantly, where was it a year ago when its systems were compromised?
From a public post by Dave AA6YQ, dated the 2nd of February 2021, in response to a message about a January LoTW committee meeting, we know that the LoTW server "now employs the current version of an SAP database engine". A month before that, Dave wrote another informative email that indicated that 105 thousand callsigns submitted logs to LoTW in the last 1,826 days or the five years between 2016 and 2021. There were logs from 21 thousand callsigns in the week prior to that January post. In all, according to Dave, there were 153,246 callsigns who submitted contacts to LoTW.
The LoTW committee meeting minutes are no longer available from the ARRL website, but I have a copy. The document states that there were 1.2 billion contacts entered into LoTW, big number right?
