The Pacer court document service used by more than a million journalists and lawyers has raked in more than $1 billion since it was established in 1995, but a new report questions whether its administrators have put enough of that windfall into securing the system. Hanging in the balance is the reliability of a service that's crucial for the smooth functioning of the entire US federal court system.
Until Wednesday, Pacer suffered from a vulnerability that made it possible for hackers to charge download and search-query fees to other users, as long as those users visited a booby-trapped webpage while logged in to a Pacer website. Officials with the non-profit known as the Free Law Project also speculate that the same flaw—known as a cross-site request forgery—may also have allowed hackers to file court documents on behalf of unsuspecting attorneys who happened to be logged in to Pacer. If the speculation is correct, the flaw had the potential to severely disrupt or complicate ongoing court cases. Pacer administrators, however, have told Free Law the fraudulent filing hack wasn't possible.
Even if the hypothesis is wrong, the flaw still made it possible for hackers to cause Pacer users to be billed for services they never requested. The users would have a hard time figuring out why they were being charged for downloads and searches they never made. Even when the users changed passwords, their accounts could still rack up fraudulent charges whenever they were simultaneously logged in to the hacked or malicious site and one of the Pacer sites.