Scientology: Institutional Structure

The Qilin Ransomware Attack on St. Hill: Chuck Beatty’s Description of Scientology’s Data Architecture in the 1990’s and Early 2000’s

By on ( Leave a comment )

The One and Only Chuck Beatty

Chuck Beatty worked in INCOMM (Scientology’s computer operations) from 1990-1995, with additional time at ASI through 2002. He held high security clearance and worked in inner computer rooms. His testimony provides detailed information about Scientology’s data architecture and security practices as they existed in the 1990s and early 2000s.

Chuck provided extensive information about Scientology’s computer systems in the comment section of our previous post: Scientologist John Coale and Qilin’s Ransomware Attack on Scientology St. Hill

We asked if Scientologist John Coale, who serves as the US Envoy to Belarus and Ukraine, had his files exfiltrated by Qilin in the St. Hill ransomware attack of December 2025. We also asked if the FSB was behind the attack.

From Chuck Beatty’s comments: 

Scientology’s INCOMM Architecture (circa 1990s-2002)

Tiered Data Security Model

Tier System Location Access
Most Sensitive Standalone OSA Int computers HGB basement or floors 10/12, possibly Moxon law offices Air-gapped, physical access only
Very Sensitive “Chug” / RTC Pers & Ethics server Int Base only Standalone, specific stations only
Sensitive Regular INCOMM network LA, Int, CST, OSA staff Connected network
Operational Org-level systems (St. Hill, etc.) Local facilities Connected to INCOMM


Key Systems Described

OSA Int Standalone Computers

  • Located in HGB (Hollywood Guaranty Building) basement or floors 10/12
  • Handling the most sensitive intelligence files
  • Per Dan Garvin (former OSA Int staff), Brian Mills ran these highest-sensitivity computers
  • Completely air-gapped from network

“Chug” System / RTC Personnel & Ethics Server

  • Located at Int Base only
  • Accessible only from specific stations
  • Contains summary “out quals” (disqualifying information) on all Scientologists
  • Fewer than 10 people had full access
  • Used by authorized HR personnel to check qualifications of staff

Miscavige’s Personal System

  • Standalone computer for COB’s exclusive use
  • Beatty personally set up one such system and delivered it from ASI to INCOMM Int
  • Contained “COB ASI” traffic from LRH to Miscavige

Regular INCOMM Network

  • Connects LA, Int Base, CST/Archives
  • OSA’s regular staff computers are on the LA network
  • Org-level systems (like St. Hill UK) connect to this network

Key Insight

The most compromising material on top Scientologists (celebrities, senior officials) was kept on air-gapped standalone systems that couldn’t be reached via network intrusion—at least as of 2002.

Is “Standalone” Still Meaningful Protection in 2025?

Why Air-Gapping Still Matters

  • True air-gapped systems cannot be reached via network-based attacks
  • Ransomware that spreads through connected networks can’t jump to physically isolated systems
  • This remains the gold standard for protecting the most sensitive data
  • If a system has no network connection, remote attackers can’t reach it. Period.

Why It May Not Provide the Protection Assumed

1. 23 Years of Operational Drift

Organizations rarely maintain strict air-gap discipline over decades. Common failure modes:

  • “Just this once” connections for updates or data transfers
  • Staff connecting USB drives between systems
  • Cloud backup services added for disaster recovery
  • Remote access added during COVID for operational continuity
  • New staff who don’t understand the original security rationale
  • Staff turnover eroding institutional knowledge

Question: Has Scientology maintained rigorous air-gap discipline since 2002? Unknown.

2. The UK Is Not the US

Chuck describes US architecture. But the Qilin breach hit St. Hill UK—a separate facility with its own systems.

Questions:

  • Does St. Hill UK have its own standalone systems, or does it rely on network connections to US systems?
  • When UK members do OT levels, where are their PC folders stored?
  • If a US member (like Coale) did services at St. Hill, would those session records be on UK systems?

3. Air-Gap Bypass Techniques Exist

Even true air-gapped systems can be compromised via:

  • USB attacks — Stuxnet famously jumped air gaps this way
  • Supply chain compromise — infected hardware/software before installation
  • Insider threat — someone with physical access
  • Social engineering — tricking someone into connecting systems

If Qilin or an associated actor had an insider or physical access vector, standalone protections wouldn’t help.

4. The Backup Question

Chuck mentions that backup drives might be kept at Moxon law offices (Scientology’s outside counsel).

This is significant. Law firms are frequent ransomware targets—often with weaker security than their clients assume. If sensitive Scientology backups sit at a law firm, that’s a potential attack surface that bypasses all internal air-gapping.

5. Technology Evolution Since 2002

  • Cloud adoption has become ubiquitous, potentially replacing isolated systems with centralized services
  • Remote access infrastructure is now standard practice, which could undermine the isolation model
  • Systems increasingly integrate with each other for operational efficiency, eroding the original air-gap philosophy

What Data Lives Where?

The Coale Tier Question

Chuck’s testimony suggests a key question: What tier is John Coale?

  • If he’s treated as “top celebrity level” → his most sensitive files might be on standalone systems, potentially unreachable
  • If he’s treated as “high-profile member but not Tom Cruise” → his data might be on connected INCOMM systems

The Freewinds Connection

Coale and Van Susteren have done OT 8 on the Freewinds. Chuck’s ex-wife ran Freewinds public clearance files at OSA Int. Those clearance files—which would document any “out quals” (disqualifying information)—existed somewhere in the system.

Personnel Files vs. PC Folders

  • The “Chug” system has personnel summaries including “out quals”
  • But where are the actual PC folders (the detailed session transcripts)?
  • Those may be on different systems, possibly not standalone
  • Digitized versions of old paper files have been in the system for decades—where does that data currently reside?

Assessment: What Was Likely Accessible from St. Hill?

Likely Accessible from St. Hill Breach

  • UK member PC folders
  • UK operational/financial records
  • Communications between UK and US headquarters
  • Possibly European member databases
  • IAS transaction records routed through UK

Possibly Inaccessible (if air-gap discipline held)

  • OSA Int’s most sensitive intelligence files
  • Top celebrity PC folders
  • The “Chug”/RTC personnel database
  • Miscavige’s personal files

Unknown

  • Where John Coale’s specific records live
  • Whether he did any services at UK facilities (which would create UK-stored records)
  • Whether the 1990s air-gap architecture survived 23 years of technology change
  • What is actually at Moxon’s offices and whether it is secure

Core Issues for Investigation

A. Determining what tiers of information would have been accessible from St. Hill’s systems

B. Whether UK operations maintained separate infrastructure, a common cloud, or an interlinked system

C. If Qilin bribed or blackmailed a Scientology vendor

D. Did Qilin use social engineering on Sea Org members?

E. Did a Russian or Eastern European Sea Org member blow St. Hill right after the Qilin Ransomware attack?

D. If the FSB was behind the St. Hill hackformidable FSB resources deployed in London were readily available, potentially including satellites and decryption capabilities

Potential Sources for Further Information

Chuck Beatty recommends contacting Dan Garvin (former OSA Int staff) for details on:

  • OSA Int’s most sensitive files handling
  • Current status of standalone computer operations
  • Who currently holds the role Brian Mills formerly held

Top INCOMM Int personnel who might have current knowledge (if still in the organization):

  • James Perry
  • Paul Wilmshurst
  • John Dunn
  • Pat Buglewicz
  • Rog Kernbach (possibly still INCOMM Int computer room boss)

Conclusion

Chuck Beatty’s testimony supports a nuanced conclusion rather than either “they got everything” or “the sensitive stuff is safe.”

The key question is: What tier of data was accessible to Qilin from St. Hill?

If UK systems connected to the broader INCOMM network but not to the air-gapped standalone systems, the breach may have captured extensive UK/European member data while leaving the most sensitive US files untouched.

Or the architecture may have degraded over two decades. Organizations rarely maintain strict air-gap discipline indefinitely.

The critical unknowns are:

  1. Whether 1990s security architecture remains intact
  2. What the UK’s relationship is to US standalone systems
  3. Where John Coale’s specific records reside
  4. Whether any backups of sensitive data exist on accessible systems
  5. If USB sticks circulated within INCOMM 
  6. If updates and patches were done as required

Source: Chuck Beatty, INCOMM staff 1990-1992, ASI computer operations 1992-1995.

Categories: Scientology: Institutional Structure

Tagged as: , , , , , ,

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.