Vulnerability in Florida Schools Found after Hack Attack

Image via Alamy Stock Photo

Image via Alamy Stock Photo

Two months before the US presidential election, international hackers slipped into the computer networks of at least four Florida school district networks in hopes of stealing personal data from hundreds of thousands of students.

They infected the systems with malware that turned off the logs recording who accessed the systems. For three months, the hackers probed the systems and mapped them out to test their defenses. At one point, they even posted photos of the terrorist group ISIS to the school’s front webpage.

It turns out they weren’t just looking for social security numbers, they were also searching for a way to slip into other sensitive governments systems, including state voting.

Luckily, the hackers from Morocco never found one or managed to get their hands on personal data. Unfortunately, the attempted hacking exposed vulnerabilities in Florida’s school district networks. Amid the national obsession with the alleged Russian hackingduring the U.S. election and the constant stream of headlines on corporate data breaches, like the ones at Target and Chipotle, experts say the dangers of cyber attacks targeting school districts are being overlooked.

How the Vulnerability was Found

The largest motivation for the Florida attackers was Social Security numbers.

The attacks began with an email message containing an image that, once clicked, activated a code that sent malware into the system.

The malware went undetected for several months as the hackers conducted reconnaissance

Then in November, a photo of someone who appeared to be one of the hackers dressed as an ISIS fighter went up on a school district website. It stayed there for about 24 hours. The following month, the same photo flickered onto another school district’s website.

When the school districts finally contacted a company for help, what they found was troubling.

The hackers had been able to turn off the logs recording who entered certain computer systems and what they did while logged on. That made it difficult for the analysts to know, with total certainty, what the hackers had done. It was a sophisticated maneuver that Sanchez and his team had never seen before.

The schools contacted the FBI and re-engineered the malware so it was no longer a threat. The analysts found no evidence that any data had been taken. 

State Voting Systems at Risk

As the analysts conducted their investigation, they found that Social Security numbers were not the only thing the hackers appeared to be after.

On a site hackers use to brag about their exploits, the hackers said they were trying to get into voting systems hosted by Diebold voting platforms. They wanted to bring down what they thought were state voting systems.

But in this case, the hackers did not appear to be Russian. Instead, analysts identified them as a Morocco-based group called MoRo. They said there is no evidence the hackers had any connection to the Moroccan government.

The Moroccan hackers were far from the only ones trying to access election systems last fall. Russian hackers tried to break into the computer systems of at least five Florida county elections offices days before the 2016 presidential election.

By the time the Moroccan hackers posted online about voting systems, in December, the election had come and gone. The hackers never found what they were looking for. But their message was clear. If they wanted to, the hackers could get into school district systems. And once they get into one government network, cybersecurity experts say, it’s easier for hackers to find a backdoor into others.

For example, a hacker could steal the log-in information for a system administrator who also has access to other government networks, or use that person’s email account to send emails infected with malware to government employees at other agencies, tricking the recipient into believing the sender also works for the government.

Overall, this attack showed that some schools are at risk even if they have defenses up. It is always important to do sweeps of the network frequently in order to make sure everything is going smoothly. Learning from other school systems is a great way to start.

(Story via Miami Herald)

Content Filtering on School Networks Now Required

Are Cyberattacks at Schools Being Overlooked?