Hackers find school districts’ weak spots

One Illinois school district with about 12,000 students faces 8 million cyberattack attempts in just a month.

District leaders know that they can’t prevent every data breach, but they say it’s important to strengthen security measures in order to respond more quickly to emergencies, which seem to pop up routinely nowadays.

Township High School District 214 in Arlington Heights, Ill., has started to receive in-depth firewall data about how many hackers have tried to game the system. According to a recent report from February, millions of data breach attempts were detected.

“There are a lot of scripts that run automatically, or bots that run out on the Internet, that automatically search out networks for holes to come into school districts,” said Keith Bockwoldt, director of technology services for the district.

Securing computer networks, building response plans, and educating users are among the top issues that school technology directors face in an increasingly virtual world, they said during an event organized by the Consortium for School Networking on Tuesday.

Hackers are getting more adept and creative at how to steal sensitive information and throw schools into disarray, whether it’s shutting down the network during testing or swindling teachers of their salaries – literally.

Last year, seven employees who worked at Denver Public Schools in Colorado were unknowingly trapped in a phishing email scam, and provided their school username and password after receiving an email that contained the district’s logo and a link to a phishing website – which looked exactly like the employee online self-service system. Their payroll checks, in total worth $26,000, were rerouted to a fake bank account.

Officials said the scam, which had been sent to 162 school employee email addresses, alerted them to the weak security protocols they had in place.

“We found, when we understood what had happened, that we didn’t have a clear data incident response plan in place to monitor our response,” said Sharyn Guhman, chief information officer of DPS.

Guhman said her IT team had noticed the phishing emails when they were sent out to employees, and figured out where they came from, but they decided to wait to do anything. That decision led to chaos when employees reported that their monthly paychecks weren’t deposited into their bank accounts as usual. When the school district and the police tracked the fake bank account, it had been shut down and the money had been moved.

Guhman said that school districts should make sure their IT teams create clear data incident response plans and educate teachers and staff. “The most robust central systems will be insufficient if your users aren’t informed,” she said.

Bockwoldt said his team noticed that “a huge amount” of IP addresses from Asia kept coming in after the school day. It resulted in the whole network going down.

The hackers’ goal was to send random data and connect to the district’s server, which exceeded the server’s capacity and made it collapse. In this situation, if users install malware from emails, social media or websites, the computer can become infected and controlled by hackers without users’ knowledge.

“What they tried to do is to build this network through malicious malware and get out of there,” Bockwoldt said.

Bockwoldt and his team consulted with their Internet service provider and blocked the strange IP addresses.

“It’s really important for districts to make sure that their computers are patched, and that there is no malware on their network,” Bockwoldt said.

The school district now pays about $40,000 a year to its service provider to monitor the traffic and mitigate threats. They get weekly reports to see what service providers have done to prevent further damage to the school district.

“Yes, that’s a little bit of money to pay,” he said. “However, it’s not impacting the instruction and it works well. We have to be vigilant and constantly stay on top of it.”

Risks can even come internally, from students.

At Loudoun County Public Schools in Virginia, a student launched a Denial of Service attack to one of the district’s three network hubs, which severely degraded the network performance of 17 schools while students were taking state exams.

“What we found here was that we did not have good controls and processes in place, to protect against that type of security vulnerability within our district,” said Rich Contartesi, assistant superintendent for technology services at LCPS.

“That is something that our security coordinator has been working through with our system’s team to ensure that those types of events will not happen again,” he added.

Editor’s note: This article previously stated that Township High School District 214 has 2,000 students. That is incorrect, it has 12,000 students.

Corinne Lestch contributed to this report.

Reach the reporter at yizhu.wang@edscoop.com and follow her on Twitter @yizhuevy.