Cyberthreats Become Disruption in Connecticut Schools - NBC Connecticut

Cyberthreats Become Disruption in Connecticut Schools

    processing...

    NEWSLETTERS

    Cyberthreats Become Disruption in Connecticut Schools

    Connecticut school districts are increasingly becoming the target of cyber criminals and these attacks can become a major disruption in classrooms.

    (Published Wednesday, Feb. 7, 2018)

    Connecticut school districts are increasingly becoming the target of cybercriminals and these attacks can become a major disruption in classrooms.

    Over the last several months, federal law enforcement officers are seeing a significant increase in cyberattacks aimed at local schools. These threats brought classroom learning to a standstill at some schools across the state.

    "You can't get to your lesson plans. You can't do grading. You can't keep in communication," Holly Matthews, of Avon, who is an educator in another town, said. "It's unfortunate that our society has come to this." 

    "It's disturbing and it's concerning," Jill Garrity, a parent from Simsbury and former elementary school teacher, said. "It's disturbing to think that it could interfere with the advancements that education has made in terms of technology."

    Avon Public Schools administrators sent parents an alert in December, notifying them that cyberattacks had shut down internet access across the district. That presented a problem because classrooms are now so dependent on technology. Many schools incorporate tablets, laptops, apps and Smart Boards into daily lesson plans.

    "It seems like the objective is to really halt our productivity and to interrupt our instructional process and just make us come to a screeching halt," Dr. JeanAnn Paddyfote, the interim superintendent for Avon Public Schools, said.

    Paddyfote said no personal data was compromised but another similar cyberattack occurred in early January.

    The district's IT team strengthened firewalls, a security tool designed to keep cyberintruders out of school computer systems, in the wake of the 'DDoS' or 'Distributed Denial of Service' attacks, in which someone attempts to overwhelm a school computer server with more data than it can handle.

    "When it's crippled, it really hampers our ability to do our work well," Paddyfote said of the incidents.

    The NBC Connecticut Troubleshooters uncovered other instances of cyberthreats impacting Connecticut school districts over the past two years.

    In Wallingford, the district was targeted by phishing e-mails urging staffers to release W-2 tax information and other personnel records. None was ever handed over, the district said. Email viruses, which spread spam to and from all employee email contacts, were also reported.

    Phishing attempts were also reported by Milford Public Schools.

    In Middletown last summer, the school district was dealing with ransomware, which threatens to publish personal data unless a ransom is paid. The district said no ransom was paid and that the affected server was decommissioned without any loss of data.

    'DDoS' attacks, like what was reported in Avon, knocked out internet access in Meriden at least four different times over several months, according to the school district.

    "There seems like there's just more and more of it - and there is," said Vanessa Richards, Assistant U.S. Attorney in the District of Connecticut who also serves as the Computer Hacking and Intellectual Property (CHIP) Coordinator for the U.S. Attorney's Office.

    Richards said her office has received an increase in reports of school cyberthreats since summer 2017.

    "Oftentimes they're targeting a school for the personal identifying information of the employees or the students," Richards said when asked why someone would target a school.

    Some of these attacks have more serious consequences than just a disruption, like a scam that targeted employees of Glastonbury’s school district last year. Special agents from the FBI said that last year an email appearing to be from a school official requested W-2 information for the 1,600 employees in the school system. Agents said a district employee believed it was real and handed the personal data over. Daniel Adekunle Ojo, a 33-year old citizen of Nigeria in the U.S. on an expired visa, has since been arrested in that phishing scheme case.

    Ojo was charged with conspiracy to commit wire fraud, an offense that carries a maximum term of imprisonment of 20 years, and aggravated identity theft, an offense that carries a mandatory consecutive term of imprisonment of at least two years, according to the U.S. Attorney's Office. The Troubleshooters requested an update from the U.S. Attorney’s Office about the case, but have not yet received a response.

    The U.S. Department of Education has alerted schools nationwide to be prepared for cyberextortion and threats. Experts recommend updating computer systems and strengthening firewalls and anti-virus software.

    Richards said cybertraining is critical, with school employees often the gatekeepers to so much personal information.

    "It's really the person behind the computer that's the greatest vulnerability," Richards said.

    Culprits are difficult to track down, especially if they are overseas, she said.

    Paddyfote has a message for whoever is behind the attacks in her district.

    "Stop. Please stop," Paddyfote said. "And should we find out who you are, we will pursue it legally and financially."

    Schools and school districts are not required to report all suspicious cyberactivity to law enforcement, but they are certainly urged to do so.

    Federal education officials encourage IT staff at schools and school districts to protect themselves by:

    • Conducting security audits to identify weaknesses and update/patch vulnerable systems;
    • Ensuring proper audit logs are created and reviewed routinely for suspicious activity;
    • Training staff and students on data security best practices and phishing/social engineering awareness; and
    • Reviewing all sensitive data to verify that outside access is appropriately limited.
    See the responses from all the public school districts the NBC Connecticut Troubleshooters reached out to for this story below.

    Avon Public Schools Inquiry:

    Bristol Public Schools FOI

    Connecticut Education Network FOI

    East Hartford Public Schools FOI

    Hartford Public Schools FOI

    Meriden Public Schools FOI

    Middletown Public Schools FOI

    Milford Public Schools FOI

    New Britain Public Schools FOI

    New Haven Public Schools FOI

    Wallingford Public Schools FOI

    Waterbury Public Schools FOI

    Get the latest from NBC Connecticut anywhere, anytime

    • Download the App

      Available for IOS and Android