The Illinois State Police Firearm Services Bureau implements the Land of Lincoln’s gun control licensing schemes for the state’s residents. Their website, ispfsb.com, was hacked in recent days and gun owner data was compromised. Even a major software upgrade this past weekend has not solved the problem.
The now-crippled website won’t accept new applications for residents seeking to exercise their right to own or even handle firearms or ammunition. What’s more, it doesn’t seem to work for existing gun owners to make changes either.
The Illinois State Police have reportedly told some gun dealers that hackers breached their security protocols. The gun dealers sharing this information with me wished to remain anonymous out of fear of retribution from the Governor’s office.
What’s more, according to those inside the ISP, an unspecified amount of gun owners’ personal data was reportedly downloaded by the hackers.
This past weekend, the website was shut down completely for an upgrade to remedy the security vulnerabilities that the hackers exploited.
Now, while the website is back online, it has only limited functionality. Among the security upgrades is a two-form authentication where the website will send out a text message to the user’s smartphone to confirm their identity.
However, that’s problematic for older folks who don’t have smartphones. No worries though…dealers have found that they can use the same smartphone to process multiple applicants who don’t have those magical glowing boxes in their pockets.
As for new applicants, the Firearm Services Bureau website won’t accept their applications for FOID cards, which are required in Illinois to handle, use, or purchase firearms or ammunition. So because the state of Illinois failed to ensure their computer systems are safe and secure, the ability of residents without FOID cards to exercise their Second Amendment rights has effectively been suspended.
Even for existing FOID cardholders, such as myself, the website isn’t allowing any updates of personal information. My effort to update a now-defunct email address was rejected.
This isn’t the state’s first run-in with hackers. In late April, hackers tied up the Illinois Attorney General’s office mail and document servers with ransomware. The AG’s office chose not to pay the ransom and it’s been nothing but a hot mess there since.
Many staff members needed to get new email addresses. Their work documents and old emails remain encrypted and unavailable to this day. It’s cost the Illinois Attorney General Kwame Raoul and his merry band of lawyers and staff millions because of a failure of their IT staff there to maintain proper backups and security.
The Illinois State Police’s Public Information Officer hasn’t returned our request for comment or details of this latest hack of state computers. We will update this story if and when they release any information to us.
UPDATE:
The Illinois State Police Chief Public Information Officer sent this to me Thursday evening. In it, they claim a very limited breach of data and that they have have notified the relevant individuals.
Illinois State Police Strengthen FOID Cybersecurity Measures in Response to Identify Theft Attempts
The Illinois State Police have added additional online security requirements to the FOID online application system to deter and disrupt cyber security threats and identify theft. Specifically, the ISP is restricting the use and access of personal information that FOID card applicants submit in their online FOID account that could match Illinois resident personal identification information unlawfully obtained from any number of previous cyber breaches. This personal information did not come from ISP systems and servers.
Thousands of cyber breaches, unrelated to ISP systems and servers, have occurred nationally and globally which did or could impact Illinois residents. Government sites are routinely the target of identity theft and other cyber threats. The FOID website software vendor, working with ISP, recently determined unauthorized persons were attempting to use this type of previously unlawfully obtained personal information to match with and access existing FOID online account information to add further detail to their existing stolen data.
An investigation by the software vendor with ISP determined no FOID card has been fraudulently issued, nor has any unauthorized user attempted to complete the process to obtain a FOID card, nor was any ISP database breached. There is no known ransomware attack or cyberattack on ISP systems at this time.
The software vendor determined that using previously stolen personal data to access existing accounts, unauthorized users may or may not have accessed additional “auto populated” personal identifiers unique to that account and card such as the last four of a social security number. 2067 FOID card holders, less than .0008 % of total card holders, were possibly impacted by these attempts. In accordance with state law and out of an abundance of caution, all affected persons were sent notice and issued a new card at no cost.
Just as when credit card information is unlawfully used, the potential unauthorized access was identified, the current card cancelled and a new one immediately issued to the affected FOID card owner.
Out of necessity, some of the online account parameters put in place for ease of use and convenience years ago have been appropriately modified and tightened to prevent unauthorized users from attempting to further expand the extent of the identify fraud.
We appreciate the patience of the public, but these additional security measures are necessary to protect personal data as a wave of cyber security threats reverberate around the world. No online system is completely impenetrable, and upgrades to all states systems must and will continue, but we remain vigilant. ISP treats information and personal data security very seriously. While the ISP does not yet know the source of the personal information used in the unauthorized access of accounts, and while there are countless unlawful uses of personal information acquired illegally online around the world every day, the ISP continues to investigate with our federal partners and to monitor the FOID system to ensure the highest level of security for personal information. ISP values the protection of your personal information and continues to take all reasonable efforts to protect your confidentiality and security.
The site is currently up and accepting applications.
Yay! Let’s all hail the complete and utter incompetence of government!
A serious question: why are y’all still living in Illinois??
Indeed. There are other places in this country which actually respect their citizens Rights, and don’t throw up every imaginable roadblock to prevent us from exercising our Rights. I reside in one of them.
Because wanting to leave and being able to leave are to entirely different things.
I hear you, dude! This state would be a ghost town statewide if all of those the state has screwed over made them whole again. I’d have been gone two years ago except for that.
Even some government jobs I’ve had would have the IT staff first raked over the hot coals before getting fired and kicked to the curb.
It turns out that the ISP FOID website was NOT breached.
An investigation by a vendor with ISP determined no FOID card has been fraudulently issued and no ISP database breached.
2,067 FOID card holders, less than .0008 % of total card holders, were possibly impacted by these breach attempts.
In accordance with state law and out of an abundance of caution, all affected persons were sent notice and issued a new card at no cost.
If you are one of the 2067 FOID holders who may have been affected, You will get a notice in the mail next week and a new FOID will be issued.
what a bunch of horseshit…glad I don’t live there…
“However, that’s problematic for older folks who don’t have smartphones.”
I was following this article quite well until this sentence.
No one should be required to have a smart phone, computer or any other device to exercise a basic right.
How about two step authentication to vote by mail?
Agreed
Plenty of older folks – my father included — don’t own smart phones. Not mentioned: lots of people can’t afford them. They shouldn’t be victimized by this either.
They assume everyone has a smartphone. It’s that very narrow thinking that I’m questioning.
in the real world a lot of people don’t want to own these damn things…
My dad has had a cell phone for years, but it’s never on, and he doesn’t worry about keeping it near him at all times like most people. He also still reads newspapers, the paper ones haha.
“Plenty of older folks – my father included — don’t own smart phones.”
My dad got his first smartphone this year (iPhone 11), and he’s adapting to it at age 87 as well as can be expected…
If you can afford a gun, you can probably afford a prepay smart phone which start at 1/10th the cost of a budget handgun. The poorest slum cities in the world are full of smart phones.
Are you intentionally dense?
There isn’t a justification for forcing any citizen to spend money on a gadget to exercise a Constitutional right. I flatly don’t care what they cost.
I didn’t say it was justification. I was responding to Zim. Reading is fundamental.
The issue isn’t the cost, it’s the technical competence. My mother can barely use her TV remote; my unified remote leaves my own wife befuddled.
Even ten years ago, when I had a pre-paid flip phone I could make and receive texts. My sister has an I-Phone and can’t (refuses to) make texts. I know that not all of US seniors have cell phones but that’s mostly choice.
The more smartphones that are among the populace, the dumber the populace is.
Not everyone wants to be a zombie, walking aimlessly with a pacifier in our hands.
Sounds so much like an inside job, too coincidental to the B.S. and the crap the state police have been trying to to pull off that it’s just hard to believe that it’s not connected to the state dems and police state. As soon as I read the story my alarm bells in my head just started banging loudly out of control. Just saying. It wouldn’t surprise me if bloombooger or other known name gun control org was the mastermind behind it. Just saying.
Those are really two different things.
I wouldn’t put it past Bloomie & Co to really appreciate something like this happening, but even if they were, I doubt it would ever be traceable back to them. The Hillary effect, if nothing else.
Re it being an inside job … having seen the effectiveness of some government agencies in general at IT, and having lived in Illinois so have first-hand experience of that specific state’s agencies … it would not at all surprise me if this was the result of incompetence and not active malice. If being the husband of the hiring manager’s wife’s sister is the primary qualification, say, and not your IT skills, you would expect things like this to happen.
Never put to conspiracy to what can be explained by laziness or stupidity.
And bets they kept the backups connected to the live system so they got infected too?
Maybe. Occam’s Razor (the simplest answer is nearly always the correct one) can be argued too, and yet when the routine incompetence only ever seems to benefit one side, well… it becomes more and more difficult every day to put it down to normal and expected government stupidity
I had a very similar thought. This whole thing simply screams “inside job”
Unspecified. Meaning every single FIOD holder in the state. Not accepting new applications? To the government of Illinois this is a blessing. How many weeks or even months before that’s fixed? If it is? I mean they could just not do anything, keep the system down indefinitely and BAM! A complete and total end to all gun sales in the state of Illinois and a complete and total end of new applications and gun owners as well.
It’s in the states best interest to keep it down. After all it stops all new FOID applications and all sales.
After all the state courts are not going do anything about the FOID system and SCOTUS won’t step in either.
The State can violate your rights with impunity, and your only recourse is a court battle, that enriches lawyers, and is maybe resolved years and years later.
With willful intent the government system is broken, possibly without major reforms, irrevocably.
I wouldn’t be surprised if Illinois did this on purpose, they are backed up a year in processing FOIDs.
The reason why is because the governor took 30 million dollars out of the IL state firearm fund.
That money was seeded into the fund when the Firearm Concealed Carry Act was passed in 2013.
It was to insure timely issuance of a License to carry a concealed firearm or FOID.
The governor raided this fund to try and balance his budget and fired a bunch of employees.
That website sucked in 2014 and now it’s been hacked? Do you believe in the tooth fairy?
Was the sever running on Windows XP with an old unpatched version of IIS and MS SQL server?
When will Americans REPLACE government?
When (if) life becomes intolerable for a significant percentage of people.
It already happened. You’re being ruled by unelected bureaucrats who just happen to have ties to powerful corporations. I’m sure they’re looking out for you.
OMG.
“dealers have found that they can use the same” phone number.
This is a security violation in and of itself. (Yes, I’m in IT.)
That was my reaction….what good is two factor if you can just put in any old phone number!
Holy cow! What a bunch of clueless incompetent fools, who do they think they are, the federal government?!?
They are far worse, they are a deep blue state.
Had to re-read that a couple times…..2FA for different people on same device/phone number?
allrightythen.
Sure, we believe them!😉
Oh great…got a suspicious text this morning from an 815 area code #. Verifying something about identity. Of course I deleted it. Got my FOID renewal in May. Wife’s is up in December. I hate ILLinoyed! And his royal billionaire “fixed” FOID lol.
Time to move, brother. I know it’s hard, but got with you feet.
Same text I got tonight from the SOS saying my drivers license info was incomplete.
Been getting them off and on since the bad times started. Usually about unemployment verification. Laughable since my work load actually increased last year .
Just the other day, Illinois enacted a UBC law. Today the system gets hacked and taken down. Query: If one has a FOID card, can one still process a purchase, or is the entire industry in molasses mode?
They could get rid of this mess by expediting the appeal on the case holding that the FOID system is unconstitutional–affirming that would make all of this go away.
Are background checks still being processed?
Not to worry…A staff of caring Gun Control professionals are working tirelessly to track down and arrest the hackers. Once the hackers are apprehended they will be asked to fix the problem as all other efforts have failed and it appears that trend will continue and may never end. In the meantime The Second Amendment is stuck beneath the wheels of the bus.
This is a small sample of what comes along with Gun Control. Wait until the slave shacks, nooses, burning crosses, concentration camps, gas chambers and swastikas show up. You ain’t seen nothing yet. Sieg Heil Sieg Heil Sieg Heil.
Just two weeks after this: https://wsjd.fm/new-blog-1/2020/7/22/federal-lawsuit-threatens-illinois-foid-card
It is literally taking a year to get a FOID card to exercise a Right.
This makes that a convenient excuse for the delays.
“At the time, Illinois State Police said: “In 2015 and 2018, $13.2 million was swept from the Firearms Service Fund into the general fund during the budget crisis”.
Got mine in two weeks soup to nuts…jwm hilarious comment coming from someone living in Californiastan!
Yours was a renewal plus you are full of shit.
It takes longer then two weeks from processing, printing and mailing.
They print cards once a week and the mail in Illinois is a sick joke.
You have contradicted yourself so many times that I don’t believe a word you write.
To me you are another nutcase or troll like Miner49 or dacian.”
“Oh great…got a suspicious text this morning from an 815 area code #.”
Did you read it? If you did I thought you couldn’t see because of cataracts.
If you can read then why the paranoia? It’s a text, that’s all.
2 weeks goofball. I had surgery for cataracts last week but have glasses that work on my better right eye. I have NEVER contradicted myself whoever the hell you are. I don’t answer unsolicited texts or follow links to Nigerian princes dumazz…I’ve been here for nearly 8 troll.
2 weeks Scotty…been here forever. You not so much. Back to mommy’s basement trollboy.
True because you write a lot and have nothing of substance to say.
I do this and that, my guess is you are just a lonely old troll who probably lives in assisted living. Do you realize how much you contradict yourself?
Nine years and most of it is BS, some is very racist BS.
Former water walker Biden please tell us all about your “suspicious” text. Better yet tell us about your 47 year old son who committed a B&E but it was all a misunderstanding. If smells funny then it usually is.
Yes you have been here forever, spouting nonsense.
Golly scottyboy you’re quite the troll. You get a lot wrong. Happily married to a beautiful black woman for 32 years. She doesn’t think I’m raciss oh clueless one. Did you scan hundreds of articles to get my profile troll??
There you go again. Nobody cares if your “wife” is black. The fact that you continually point it out makes you a racist.
To answer your question: No I just read the website comments for three weeks after reading it for years. You have mentioned your wife is black roughly 5-7 times and brought up your son committing a B&E while he was drunk so it was supposedly excusable. On this website about 90% of the people would have put a bullet between your sons eyes and who cares what color your wife is?
You also made some derogatory remarka about the doctors who were supposed to do your cataract surgery but I don’t feel like looking it up. I scanned nothing, I just read your racist nonsense since mid-July.
You think you are high and mighty but in reality you are just a sad old racist who is probably senile. “I got my FOID card in two weeks”.
With FTIP checks on new purchases, renewals are running at the 2-3 month mark. New FOIDs are running at almost a year. Illinois makes a lot more off of taxes on purchase then the $11 for a renewal so they get bumped back.
Maybe it was a bus pass that came in two weeks but a FOID? Total BS.
2 weeks slick. I don’t really take this site seriously as it’s mostly about click’s especially since RF left. I’m not high & mighty but my LORD & savior JESUS CHRIST IS. You come across as some kind of oppressed loser trolling the biggest gun blog in the earth.
The biggest gun blog on earth? You might want to look at The High Road, The Firing Line or AR15.com. It’s almost 7:30 so I’ll let you go, it’s probably pudding time at your retirement home. I hope it’s not chocolate or you’ll hate it.
You can keep the JESUS CHRIST nonsense for someone else.
WWJD if he knew you were a racist liar on a daily basis?
FOID system is a violation of basic civil and human rights. Don’t hold your breath waiting for the aclu to step in and help.
Gee since their system is all screwed up maybe they need to go back to having the paper forms that you had to fill out like they used to.
I really am wondering if the left has the right idea about ending civil immunity since they won’t have to pay a thing probably if there’s ID theft with this data.
My bet is that there was an advanced persistent threat within the .gov computers of Illinois that was never fully cleaned out. Then again this would be a great way to “clear” the backlog, just make it all disappear and force everyone re-apply.
This would be timed to give the hackers maximum press, embarrass the state the most and in turn provide the most leverage for them to get paid.
The lawsuit over FOID needs to get leaned on hard now. Depending on what data was destroyed this could make the entire FOID system unenforceable at this moment. The ISP needs to make a clear statement on this.
Never understood why, if I have a FOID card, I still have to wait days to be able to purchase a firearm. The purpose of the card is to verify that I am approved to own one, so why the wait?
“The now-crippled website won’t accept new applications … [and] doesn’t seem to work for existing gun owners to make changes either.”
Remember boys and girls, the courts have stated that you must comply with laws even if your local government fails to provide the very means that they require you to use to follow the law.
Have you tried internet explorer? Have you tried IE6 as many government sites globally list that as the “recommended browser”.
Is there a stated time limit on a purchase check like the feds three business days crap ?
I’ve never had any wait(knock on troll)in perhaps 25 checks. Usual 3 day wait now even rifle’s & shotguns. Thanks rino Rauner.
In Illinois you have to wait until the check comes back to the dealer. Took my brother in law 3 weeks at the height last year. My last purchase a few weeks ago came back same day. Of course I had to wait 72hrs to take my purchase home so I could cool off or something even with a ccw. Illinois is one of those places that lack common sense.
This is a feature, not a bug. I have two guns delayed for background checks. Wanna bet they run out the 30 days on the background check and I have to reapply. There is nothing that can force Illinois to follow the law. The republican party does not exist here. ISRA just passed a new more draconian gun control law that allows ISP to seize your guns if your FOID expires, and makes it a felony if you do not register your face to face purchase with ISP for $25.
Curses! Foid again.
Won’t be long before you walk in any local gunm shop and hear ” Sorry our system is down.”
Petronella and the Janjilons: “You’ll have to jump
on this fast moving fairy tale thriller to find out what happens…”
Teacher, USA
* *
“…the story was well done, Petronella a good strong female lead.
“A fun and exciting tale of mischief and the resulting
troubles, of problem solving and the result of working toward a goal.”
Bookseller, USA
Remember when we successfully sued Philly for hamstringing their ability to get pistols?
The same thing should happen here.
Why was there no 2FA?
Why were previously stolen accounts not disabled or removed?
Why is PII directly accessible via internet connected databases?
Those are the questions that come to mind immediately.
Bend over and spread ’em, the state stands ready to”serve” you.
They want a ransom something. Give in, give them Gov Porkie Pricktakur, Madman Madigan and any other political hack, lock, stock and barrel and get the systems back up and running.
I’ve lost track of all the companies I’ve dealt with that have had data breaches or security failures and exposed my personal information. Wells Fargo, two major health insurance companies and one dental insurance company, Equifax, some company I paid to scrub all my info off of people finder websites (worked great but they were hacked less than 2 years later), Wegmans grocery store (gave them contact info for a rewards card) and I think a couple others I can’t think of at the moment. Every company and agency is probably vulnerable. It’s just a matter of someone deciding to target them.
Thought we read right here in TTAG that Courts ruled Ilinois FOID card system was unconstitutional????
1. There no reason for F.O.I.D. To buy a Long Guns Or Hand Guns, Too. Do you agree? Sir Or Mam? The Public is Agents that too. It is Illegal For a State to Do that too. This Should Stopped Immorally too. The People is agents that too. Cities Townships, Towns too! Do not Approved it too! It Should Stopped!
1. There no reason for F.O.I.D. To buy a Long Guns Or Hand Guns, Too. Do you agree? Sir Or Mam? The Public is Agents that too. It is Illegal For a State to Do that too. This Should Stopped .
1. There 08/16/ 2021A.D There is in the U.S.A is 470,000,000 Long Guns & Hand Guns too In The U.S.A.!!! There Is Semiautos hand guns & too. 156,666,666.6666667 total too. There is, 78,333,333. 33333333 Revolvers hand Guns too! New Used relic too.
1. The Number Of Long Guns is Shotgun’s is New Used Relic . 227,166,666.6666667 total too! In the U.S too. The Total of Rifles is 454,333,333.3333333 Is Total of Rifles New Used Relic too! In the U.S.
1. 08/16/2021 A.D. Date is official too. By the B.A.T.F.E.A. Report too! Is official national count of Guns too. There is Total of overall of, 470,000,000 is total count too. Long Guns is 2/3s too. And 1/3 Hand Guns too! is Overall tool!
1. The Shooters Industries Of Gun Mgs. 3,000,000 to 4,000,000 Rifles & Semiauto “Magics Pistils too. in one Year too! The Production of Shoot Guns & Revolvers is in one Year too. is 500,000 to 1,000,000 per year too. The Solution is The Shooters industries of Gun mugs. Will Are Willing to Make a deal is to Cut Gun Production off by (090) % cut off too! To Reduce Gun Crime too. The Real Deal is To mfg. Guns Up Certain Limit of percentage too! Is up to (010)( %) the Cap limit to mgs Guns too! Large Clips feeding Devices too! Mugs will Accepted by all 50 States too> Do you Agree? Sir Or Man? The Public will Agree those Terms too! We like to here from you! Or write to Us !!!
So, this is just one of the many nightmares that keeps gun owners up at night over what the liberals want. Any data base can be hacked and so this could happen with any registry we know liberals would love to have. I wonder if this would be grounds for a lawsuit to show the dangers of Illinois gun laws to get them declared unconstitutional.
Comments are closed.