As if the omnipresent specter of school shootings wasn’t enough, another threat to student safety has emerged in the form of cyber attacks. Although the horrific gun violence that plagues many of the nation’s schools attracts headlines and, understandably, provokes outrage across the nation, our students now face other more stealthy criminals who target entire school districts around the country with a few strokes of a keyboard.
With Facebook’s Cambridge Analytica scandal shining a spotlight on big data companies and privacy concerns, the hacking of student data garners little attention by comparison. Unfortunately for parents and students, however, cyber hackers view the troves of data maintained by schools districts and education departments as an opportunity ripe for exploitation.
Indeed, the New York State Department of Education recently came under fire for neglecting to shore up its computer systems a full year after recommendations were made. A July 2017 audit by the State of New York declared that the department’s carelessness could expose student data to predatory cyber attacks.
While the department maintains that no one has yet breached any of their systems, the agency admitted that one of its vendors, an online testing service called Questar Assessment suffered from a data hack into the records of students who took state tests online. Clearly, contract vendors that do business with education departments such as test prep groups need to be on guard for these attacks as well.
Furthermore, the department’s inadequate response justifies the fears of parents and concerned educators that sensitive data such as medical records or text scores could be hijacked.
Vulnerability of School Districts
Since hackers are known for targeting schools with substandard computer security, any foot dragging on the part of education departments is cause for alarm. For example, the Fulton County School System in Georgia fell victim to cyber theft in August of 2017 when scammers rerouted employees’ electronic paychecks onto money cards they owned.
The school district figured something was wrong when $75,000 didn’t make it to their employees’ bank accounts. Unfortunately, reversing those transactions recovered less than 5% of the total. Although districts have insurance to cover such losses, the payday theft illustrates the type of damage school systems suffer if they don’t take forceful steps to guard their data.
The Dark Overlord
While payday hacks are becoming more commonplace, one of the more pernicious attacks in 2017 was led by a group billing itself as the “Dark Overlord.” Although the name sounds like something straight out of the latest version of Halo, their crimes are real, and their reach is far greater than any video game.
The group first achieved infamy as the culprits of a Netflix hack in which they released new episodes of “Orange is the New Black” after the company balked at their ransom demands. Subsequently, they turned their efforts toward breaking into school systems in three different states. A breach into the Columbia Falls School District in Montana included threats to release student data if they didn’t hand over $75,000 worth of Bitcoin.
One of the cyber group’s chilling messages read, “With the student directory from JCSD we released, any child predator can now easily acquire new targets and even plan based on grade level.” The hackers continued by sending horrifying texts to students saying, "splatter kids' blood in the hallways” while alluding to the Sandy Hook Elementary School massacre.
While none of these threats have led to any documented violence, the trauma of these vicious messages upon the psyche of parents and children around the county cannot be overstated. For this reason, the United States Department of Education stresses that schools need to be more vigilant about security audits in order to combat these attacks. Furthermore, they also need to extend training to both staff and students on how to protect their data and how to respond to such intrusions.
In practice, these crimes expose the gap between many schools’ lack of resources for securing data and the vast stockpile of sensitive data that hackers find valuable. Unfortunately, these attacks will continue to grow as long as cyber extortionists sense there is money to be gained from their detestable schemes.