Safeguard lapse allowed student to access and disrupt Pinellas County school computer system, police say
Safeguard lapse allowed student to access and disrupt Pinellas County school computer system, police say
8 ON YOUR SIDE
by: Walt Buteau, Sam Sachs
Posted: May 28, 2021 / 12:34 PM EDT / Updated: May 29, 2021 / 10:44 AM EDT
ST. PETERSBURG, Fla. (WFLA) – A computer system safeguard that the Pinellas County School District was paying for unknowingly lapsed this year, allowing a 17-year-old student to access and disrupt the district’s system, according to school officials.
According to a St. Petersburg police arrest affidavit, the high school student allegedly broke into the district computer network March 22 and 25 and caused the district internet network to fail. The teen was charged with a third-degree felony for illegally accessing a computer system network and is scheduled to be arraigned June 17. A call to his home was not answered.
Pinellas County School District spokesperson Isabel Mascarenas said representatives of the district internet provider Charter-Spectrum said, “they failed to maintain” what is known as distributed denial-of-service (DDoS) DDoS protection, “even though we were continuing to pay the contracted amount.”
The company said the lapse hit after the school system migrated school online services to a new platform in late 2020, according to Macarenas, who said the district was credited $23,000 for the issue.
Learning from Oldsmar cyber attack, expert details how to protect critical infrastructure
Charter-Spectrum spokesperson Joe Durkin said the company worked with the district to resolve the attack.
“Together, we have put measures in place to help prevent future internet service disruptions related to DDoS attacks,” Durkin said.
According to the district, the issue clogged the regular computer traffic and stopped system users from accessing the internet but “no student or personnel information was ever accessed or in danger.”
District spokesperson Elizabeth Herendeen said there was no “districtwide notification since no information was accessed or compromised at any time.”
READ NEXT
Rep. Matt Gaetz, fiancée claim money for St. Pete yacht deal ‘went missing’
Florida Supreme Court rules against Tampa medical marijuana company
Gov. DeSantis visits Lakeland to call for federal approval on Florida’s Canadian drug importation proposal
Mark Montgomery, from the Cyberspace Solarium Commission, said the district is fortunate the suspect did not do more damage, and he added parents should be notified if a district system is hacked in this way.
“Absolutely. The parents are the guardians for all these students,” Montgomery said. “And I think it’s ethically egregious. You need to inform a person and you need to inform a gaurdian and in fact we need to pass a law to make that happen.”
We’ve seen these crimes become more prevalent — nationally and locally in recent months.
Colonial confirms it paid $4.4M to pipeline hackers, report says
On Feb. 5, the Oldsmar water supply system was hacked, with the suspect trying to poison 15,000 residents by spiking the levels of lye in the supply.
This month, the cyber gang known as Darkside was blamed by the FBI for forcing Colonial Pipeline to take its system offline in a ransomware attack that slowed almost half of the east coast fuel supply.
According to Montgomery, data shows educational institutes are among the most vulnerable to ransomeware attacks.
His organization blames budget decisions that leave cyber security on the cutting room floor.
“I think we now understand just like you don’t leave physical security on the cutting room floor, you don’t leave cyber security on the cutting room floor and you need to make those investments,” Montgomery said.
Montgomery said a proposed state law, the Enhancing K-12 Cyber-Security Act, would help districts with funding and other tools to better protect their computer networks.
8 ON YOUR SIDE
by: Walt Buteau, Sam Sachs
Posted: May 28, 2021 / 12:34 PM EDT / Updated: May 29, 2021 / 10:44 AM EDT
ST. PETERSBURG, Fla. (WFLA) – A computer system safeguard that the Pinellas County School District was paying for unknowingly lapsed this year, allowing a 17-year-old student to access and disrupt the district’s system, according to school officials.
According to a St. Petersburg police arrest affidavit, the high school student allegedly broke into the district computer network March 22 and 25 and caused the district internet network to fail. The teen was charged with a third-degree felony for illegally accessing a computer system network and is scheduled to be arraigned June 17. A call to his home was not answered.
Pinellas County School District spokesperson Isabel Mascarenas said representatives of the district internet provider Charter-Spectrum said, “they failed to maintain” what is known as distributed denial-of-service (DDoS) DDoS protection, “even though we were continuing to pay the contracted amount.”
The company said the lapse hit after the school system migrated school online services to a new platform in late 2020, according to Macarenas, who said the district was credited $23,000 for the issue.
Learning from Oldsmar cyber attack, expert details how to protect critical infrastructure
Charter-Spectrum spokesperson Joe Durkin said the company worked with the district to resolve the attack.
“Together, we have put measures in place to help prevent future internet service disruptions related to DDoS attacks,” Durkin said.
According to the district, the issue clogged the regular computer traffic and stopped system users from accessing the internet but “no student or personnel information was ever accessed or in danger.”
District spokesperson Elizabeth Herendeen said there was no “districtwide notification since no information was accessed or compromised at any time.”
READ NEXT
Rep. Matt Gaetz, fiancée claim money for St. Pete yacht deal ‘went missing’
Florida Supreme Court rules against Tampa medical marijuana company
Gov. DeSantis visits Lakeland to call for federal approval on Florida’s Canadian drug importation proposal
Mark Montgomery, from the Cyberspace Solarium Commission, said the district is fortunate the suspect did not do more damage, and he added parents should be notified if a district system is hacked in this way.
“Absolutely. The parents are the guardians for all these students,” Montgomery said. “And I think it’s ethically egregious. You need to inform a person and you need to inform a gaurdian and in fact we need to pass a law to make that happen.”
We’ve seen these crimes become more prevalent — nationally and locally in recent months.
Colonial confirms it paid $4.4M to pipeline hackers, report says
On Feb. 5, the Oldsmar water supply system was hacked, with the suspect trying to poison 15,000 residents by spiking the levels of lye in the supply.
This month, the cyber gang known as Darkside was blamed by the FBI for forcing Colonial Pipeline to take its system offline in a ransomware attack that slowed almost half of the east coast fuel supply.
According to Montgomery, data shows educational institutes are among the most vulnerable to ransomeware attacks.
His organization blames budget decisions that leave cyber security on the cutting room floor.
“I think we now understand just like you don’t leave physical security on the cutting room floor, you don’t leave cyber security on the cutting room floor and you need to make those investments,” Montgomery said.
Montgomery said a proposed state law, the Enhancing K-12 Cyber-Security Act, would help districts with funding and other tools to better protect their computer networks.
