Republican Missouri Gov. Mike Parson has become the subject of widespread criticism for accusing a journalist of hacking after the journalist pointed out a data vulnerability on the state government’s website.
On Thursday, a St. Louis Post-Dispatch reporter wrote that over 100,000 educators’ Social Security numbers (SSN) were easily viewable through the HTML source code on a website run by the state’s education department. The reporter notified the government, giving them time to address the vulnerability and scan other government-run websites for similar issues before publishing the story.
Not long after the article was published, Parson accused the reporter of being a “hacker” without evidence and promised to seek criminal prosecution. “This administration is standing up against any and all perpetrators who attempt to steal personal information and harm Missourians,” Parson said at a press conference.
Parson continued to imply that the Post-Dispatch journalist had some sort of ulterior motive, claiming the reporter was “acting against the state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet.” Ironically, his threats to the journalist are bringing far more attention to the story than it would have gotten otherwise.
As many reporters and people familiar with basic computer functions have pointed out, the journalist didn’t participate in anything close to resembling hacking. Rather, he accessed information that is public on every webpage: the source code, which can be accessed easily via the “view source” functionality. By pointing out the flaw in the website, he likely helped avert disaster for the state’s educators’ by protecting their personal information — not vice versa, as Parson erroneously claimed.
This type of data vulnerability is a well-known mistake, a cybersecurity professor at the University of Missouri-St. Louis told the Post-Dispatch. The professor added that it was “mind boggling” to see it still happening on a government website, even though this type of cybersecurity error has been around for at least a decade.
Lawmakers and journalist organizations were dismayed at the governor’s direct attack on a member of the press.
“Let’s make this clear: It was [Governor Parson] who failed to secure teachers’ SSNs. There’s no ‘hacking’ here. There’s an effort to criminalize journalists,” wrote Rep. Cori Bush, a Democrat from Missouri. “Shame on you, Governor.”
“Using journalists as political scapegoats by casting routine research as ‘hacking’ is a poor attempt to divert public attention from the government’s own security failing,” Katherine Jacobsen, the U.S program coordinator at the Committee to Protect Journalists (CPJ) told The Washington Post, adding that Parson’s threats were “absurd.”
Though many people pointed out the simplicity of the data vulnerability to the governor after his threats on Thursday, Parson only doubled down on his statements in tweets later that day. “We want to be clear, this DESE hack was more than a simple ‘right click,’” he lied. “This data was not freely available, and by the actors own admission, the data had to be taken through eight separate steps in order to generate a SSN.”
Parson’s statements are easily debunked; according to the original article, “the newspaper found that teachers’ Social Security numbers were contained in the HTML source code of the pages involved.” Not only is it unclear what “steps” Parson is talking about, the source code of websites is freely available — one can even view it on a smartphone browser.
Though Parson’s motivations are undetermined, the threats are part of disturbing and ongoing attempts by Republicans to discredit the media at large, years after Donald Trump coined the term “fake news.”
“Trump’s most effective ploy has been to destroy the credibility of the press,” CPJ wrote in a 2020 report.
During his presidency, Trump reportedly asked then-Federal Bureau of Investigations Director James Comey to prosecute journalists who reported on leaks. He also repeatedly attacked the media for portraying him in a negative light and embarrassing his administration.
We’re not backing down in the face of Trump’s threats.
As Donald Trump is inaugurated a second time, independent media organizations are faced with urgent mandates: Tell the truth more loudly than ever before. Do that work even as our standard modes of distribution (such as social media platforms) are being manipulated and curtailed by forces of fascist repression and ruthless capitalism. Do that work even as journalism and journalists face targeted attacks, including from the government itself. And do that work in community, never forgetting that we’re not shouting into a faceless void – we’re reaching out to real people amid a life-threatening political climate.
Our task is formidable, and it requires us to ground ourselves in our principles, remind ourselves of our utility, dig in and commit.
As a dizzying number of corporate news organizations – either through need or greed – rush to implement new ways to further monetize their content, and others acquiesce to Trump’s wishes, now is a time for movement media-makers to double down on community-first models.
At Truthout, we are reaffirming our commitments on this front: We won’t run ads or have a paywall because we believe that everyone should have access to information, and that access should exist without barriers and free of distractions from craven corporate interests. We recognize the implications for democracy when information-seekers click a link only to find the article trapped behind a paywall or buried on a page with dozens of invasive ads. The laws of capitalism dictate an unending increase in monetization, and much of the media simply follows those laws. Truthout and many of our peers are dedicating ourselves to following other paths – a commitment which feels vital in a moment when corporations are evermore overtly embedded in government.
Over 80 percent of Truthout‘s funding comes from small individual donations from our community of readers, and the remaining 20 percent comes from a handful of social justice-oriented foundations. Over a third of our total budget is supported by recurring monthly donors, many of whom give because they want to help us keep Truthout barrier-free for everyone.
You can help by giving today. Whether you can make a small monthly donation or a larger gift, Truthout only works with your support.