https://www.bleepingcomputer.com/news/security/arrl-finally-confirms-ransomware-gang-stole-data-in-cyberattack/

So a couple months later they admit they were hacked.  Nice.

I wonder if they paid the ransom? If they did the I'd bet dues will go up next year.

Just checked. No issues via QRZ for me.

I'm no expert, but that looks like a TQSL error, doesn't it? Maybe you need to renew your TQSL certificate?

Here's how to do that: https://lotw.arrl.org/lotw-help/renewing/?lang=en

I get the same message and my TQSL cert is good.


TQSL software reports:

TQSL Version 2.4 [v2.4]
Error: There are no valid callsign certificates for callsign XXXX in entity UNITED STATES OF AMERICA.
Signing aborted.
No records to upload
Final Status: TQSL Error (4)
-----
Nothing is changed in your log immediately following an upload to ensure that LoTW first properly processes your data.  After you download the records that you uploaded to LoTW,  AC Log will then mark them appropriately as sent in your log with an L in the Sent Confirmed By field to indicate LoTW.  Please wait for LoTW to process your data (usually just a short time, but it can take up to a day or more following popular contests).  Then do a Download (typically All Since) to update your records.


ETA> SO This hasn't worked since I got a new cert in 2023. Not sure what I did wrong


ETA2. I never loaded my TQSL cert on my new shack computer. Just did that and it works.

It's offline again.

Noticed that earlier this evening.

They never really got everything back up and running fully, after the hacking problem. I am told by a source I believe to be reliable that they have been relying on workarounds. No idea what happened this time, yet.

I hope somebody at the ARRL didn't fall for the extended warranty email scam (again).

ARRL service status

Here we go again. Wonder how many times insurance will pay a ransom in a 6 month period. 😂

It's operational again.

Not even close to being fixed for good. I have said for years, the outdated systems were evidence on it’s face of fiscal mismanagement ( at best). This cluster fuck might be the kick ARRL needs to become of more actual service to the future of ham radio.

Screen shot from email drama,

Attached File

Pretty wild. I emailed my VECC documents off about 3 weeks before the hack came. Doubt I will ever get my credentials back. Guess I will go the W5YI route.

You can't fix stupid.

What a steaming pile of dung that organization is.

HOLY SHIT



pretty much called it on page one….


Attached File

I really want to believe some crazed old man burned them to the ground for stopping his QRZ subscription.

There are COUNTLESS dangerously talented people in ham radio 100% capable of doing this.

I know when they took my money at Hamvention 2023, they KNEW they were cancelling the subscriptions but told nobody paying to renew membership. Dog Shit,

The younger generation of Ham Radio is stocked full of talented software engineers, and IT professionals, but none of them will be brought in.

The old guard is damaging this hobby and this will be the front and center demonstration. The only thing worse than the government is “not for profits” with good ol boy systems,

I refuse to use LOTW.  QRZ.com and paper log for me.

WOW

We knew they were incompetent but, daaaamn, that's an epic level of incompetence, maybe even legendary. The Mother Of All Dumpster Fires. The only things missing are some pirated software licenses and porn.

I became de facto CTO for a small business that was about the size of the ARRL before I left. I was employee #16. I found a total lack of accounting systems, total lack of security, total lack of back-ups, no disaster plan and, best of all, 5 figures worth of illegal software. They were trusting some "kid" to run everything. He quit precipitously when I discovered the pirated software (i.e. before he could be fired). A company that small has better things to do than run an entire IT plant. That's why there are contract IT companies. If only ARRL had a competent one on contract...

Watch the video. It is astounding how poorly the organization was / is run. Although I could only get through the first half, it is so pathetic I stopped watching.

The ransom was for 5 million.They hired a professional negotiator to negotiator with the ransomeware criminals to 1 million and then paid 1 million $.

They got most of the data back except for the finance part of the organization. Still don't have that back.

LOTW software was a about decade past the latest service date, and it was run on Windows 98 ( not a typo )
They apparently got the data back but lost the code so it is being recreated. He didn't say what they are using right now but the issues they still have with LOTW apparently has to do with a temp fix that has problems. they thought they had backups, but when they went to access them, nothing was there. They blame it on the pirates, but there was no trace of backups ever being their. Of course they had no IT director in the 2 years prior to the attack.

I hope I got these details right, but I didn't write any of it down. I just could not watch it anymore it was so pathetic. The guy doing the video apparently thinks he knows what he is talking about but clearly doesn't by the way he makes no sense on the IT details.

IMO it looks like the entire organization culture is all about holding onto jobs and power with power moves in still in play. People that think they are good at what they do but clearly are not, infact IMO the guy giving the video appears clueless while claiming to know what he is talking about.

I guess anytime there is big money the organization gets corrupt and full of people whose primary focus is getting paid that money. They should all be fired. ARRL looks to be the NRA of ham radio, taking dues money and living the good life while the job of the organization dies around them. I will never give them a dime.

ETA: The claim on the video is that FoxPro ( LOTW software ) will not run on anything newer than Windows 98. In fact if you go to the Foxpro website, it says Foxpro runs on a windoze up to Window 10. But it is an update, not the same version that runs on Windoze 98, so  it looks like they could have kept it updated but chose not to either by choice or incompetence. Of course an organization that is mostly online that doesn't have an IT Director for 2 years seems to confirm incompetence by choice.

Per the above two posts:

LoTW's SLA was/is worth the paper it's written on.

And their operating model isn't unique to industry. Not by a long stretch. Difference being, when you run afoul of PCI, GDPR et al you're going to get smacked hard and made to remediate the issues.

This is a best-effort noncommercial service and no such punishment is forthcoming.

The ARRL lost me recently when they went woke and made a ballyhoo about hiring some LGBTQRSTUV of some sort and started virtue signaling about it.

I have nothing against anyone as such but the ARRL is supposed to stay out of religion and politics entirely.

The person they hired may/may not have been the product of a meritocracy and I hope they were. My problem starts when they start virtue signaling.

They should have defended the person by saying "So and So was hired strictly on merit and anything else is not open to further discussion." and left it at that.

Edited my QRZ page . . .