John Sim Is Already in Thousands of Networks. Is He in Yours?

Written By Stephen Hale, M.Div, M.A.

A real-world attack on church networks

A few weeks ago, church administrators and small business owners across multiple countries opened their network consoles to find something strange: a new Super Administrator had been added to their system overnight. This was a name they did not recognize: John Sim.

Same name. Same week. Thousands of networks.

‍ ‍

This Wasn't Targeted. That's the Whole Point.

‍ ‍

In April, I wrote about a shift I was seeing in the threat landscape for community churches. The core idea was this:

No one is attacking just your church. Hackers are attacking thousands of organizations at once. What used to be done somewhat manually is now automated by artificial intelligence.

‍John Sim is the proof.

‍Here's what happened: Ubiquiti (the company that makes the UniFi network hardware) published a security bulletin disclosing a critical vulnerability in their system. This was the the kind of flaw that, left unpatched, allows an attacker to add themselves as an administrator to your network without a password, , and without your knowldege.

Within four to five days, attackers had written AI-empowered tools to scan the entire internet for any unpatched UniFi device. Every device, around the world, in hours.

They weren't looking for your church specifically. They were looking for any open door. And when they found one, they walked in and introduced themselves as John Sim.

‍ ‍

The Bot Already Knocked on Your Door This Week

The attack is not a question of if. It is happening to tens of thousands of organizations right now, many of them churches.

The organizations that woke up to find John Sim in their systems weren't specifically targeted. They were simply the ones whose door was unlocked when the bot arrived.

‍ ‍

What Protects You From John Sim

‍The answer, in this case, is almost embarrassingly simple.

‍Ubiquiti released a patch for this vulnerability. Organizations running current firmware — devices with automatic updates enabled — were protected before most people even knew the vulnerability existed. The patch was already installed. When the automated scan arrived, it found a locked door and moved on.

That's it. That's the whole defense for this particular attack.

However, this real-world story also reveals a bigger truth: one of the biggest threats of this early period of the AI age of hackers is simply the old attacks amplified. The old attacks are now faster (hours after exploits are discovered), and amplified (because AI allows them to be done by machines instead of humans).

‍We are already seeing churches attacked, not just businesses. This will only increase, rapidly. ‍

What This Means for Your Church

If you manage your own network, or if you're relying on a volunteer or a part-time person to "handle the tech stuff," here is the question you need to ask this week:

Are automatic firmware updates enabled on every piece of network hardware in your building?

Everything. Every device that touches your network.

‍If you don't know the answer, that's your answer.

‍Here's what to check:

‍ ‍

  • UniFi hardware: If Capital Hope Media installed your LAN, you probably have Unifi hardware (and we already did this for you). If you’re managing your own: Log into your UniFi Network console. Under Settings → System, confirm "Automatic Updates" is enabled. While you’re there, see who is a Super-Admin. Look for John Sim.

  • Other routers and access points: Log into the admin interface (usually at 192.168.1.1 or printed on the device label) and look for firmware or update settings.

  • If you don't have access to these settings: Find out who does. Today.

‍ ‍

The Bigger Lesson

That's the whole defense for this particular attack. Auto-updates were on. The patch was installed. John Sim found a locked door and moved on.

But here's what this story actually reveals about the world your church is operating in right now. John Sim isn't a new kind of threat. Unauthorized network access has existed for decades. What's new is the scale and speed. A vulnerability that once required a skilled human attacker to exploit manually — hours of focused effort, one target at a time — was automated into a bot that knocked on thousands of doors simultaneously, within days of the flaw being publicly announced.

This is the early AI age of hacking. And the primary weapon isn't some exotic new attack. It's the old attacks, amplified. Faster. Cheaper. Relentless. And increasingly, requiring no human involvement at all once the script is running. We are already seeing churches attacked.

We are seeing bookkeepers receiving phone calls from their pastor's voice — except it isn't their pastor. We see bank accounts drained through intercepted text codes. Staff credentials are sold on the dark web after a forgotten login on an obscure website gets breached.

These aren't predictions. They're happening now, to community churches like yours, and the pace is accelerating. Which means the defense can't be a single thing.

Keeping firmware current protects you from John Sim. But it doesn't protect your bookkeeper from a deepfake voice call.


Here is the short collection of tools I suggest your church seriously consider:

Endpoint protection — intelligent software like CrowdStrike's Falcon Go that monitors your devices for suspicious behavior in real time — catches threats that slip past the perimeter. It’s sort of like Anti-Virus, but for AI. (Call me if you want to talk about the difference, it’s really important)

Password management closes the door on credential attacks. Your church needs a password manager, both to maintain custody of church passwords, and also to enforce truly random passwords. HopeLuther@n2024! won’t work anymore.

An enforced Church IT Policy, including things like enforced Multi-factor authentication. That means a stolen password alone isn't enough to get in. And clear human policies. For example, "We never authorize a wire transfer based on a phone call, no matter who is asking.” This protects against attacks that bypass technology entirely by targeting people. No single layer stops everything. But together, these defenses create a system where every attack has to defeat multiple locked doors, not just one. That's the standard your church needs to be building toward. Not because you're a target. But because the bots don't ask whether you're worth targeting. They just keep knocking.

Want to know how your church's current security posture stacks up? We offer a complimentary IT infrastructure review — no pressure, no jargon. Schedule a conversation here.

‍ ‍

Sources:

‍ ‍

Stephen Hale, M.Div, M.A.

Stephen has a rich history in both Audio/Video/Tech, as well as nonprofit faith-based communications, and pastoral ministry. By bringing these three skillsets together, Stephen is uniquely able to help faith-based organizations solve the problems they face. For over two decades he has helped churches and nonprofits communicate more effectively with their communities and audiences. Learn more about him at www.CapitalHopeMedia.com/about

https://www.CapitalHopeMedia.com/about
Next

Stewardship in the Digital Age: A Security Roadmap for Local Churches