Expert weighs in on why hackers attack schools and what usually happens

HUNTSVILLE, Ala. (WAFF) - In recent years, cybersecurity attacks on schools have become more and more common.

No one knows that better than Doug Levin, he’s behind the K-12 Cybersecurity Resource Center. It’s a unique database tracking cyber security threats to U.S. public schools.

Levin began noticing cyber attacks on schools back in 2016, since then, there have been more than 1,000 threats tracked by the site.

“I’ve grown increasingly convinced that this is a problem, that we need to raise awareness about these issues,” he said.

Levin said schools are being targeted more and more now-a-days for a few reasons, he said they usually under-invest in I.T. support and security, computer systems tend to be older and out-of-date because of budget issues and most of all, schools are a need for communities.

“They offer essential services, so there isn’t a lot of tolerance in the community for them being knocked offline, meaning that there is a greater chance hackers can extort money from them,” Levin said.

As for a timetable on a return to devices, Levin said it varies on severity, but he thinks HCS may be dealing with a more severe threat since they’ve asked students and staff to shutdown all devices.

“In that case, you certainly are looking at maybe weeks before things are approaching back to normal, though it could be many months before systems are fully restored,” he said. “A lot of it depends on how the school district approaches it’s recovery efforts and whether they are able to really recover all of that information that may have been compromised.”

Even if the school system does have good backups, there is still the issue of making sure you figure out how your system was inflitrated.

“Unfortunately we’ve seen circumstances where school district have had good backups and tried to restore, but weren’t able to completely evict the malware from their system,” Levin said. “Then only to find themselves get reinfected quickly soon thereafter, so it’s definitely a complicated process.”

So far, HCS said they aren’t sure what information, if any, has been compromised.

Levin said in the time he’s tracked these cyber attacks on schools, he’s noticed big changes. In 2019, he started to see hackers targeting schools with ransomware attacks and asking for even larger demands to unlock the data that was encrypted. On top of that, he said he also saw school systems have to shut down because of the difficulties of responding to these attacks.

Just this year is when Levin said he began to notice hackers stealing private information form the school districts they attacked.

“The threat actors stole data from the school system, about students, about employees, before they initiated the ransomware attack,” Levin said. “So that way they could increase the leverage to get the school districts to pay and that way if the school districts didn’t pay they would dump that data on the dark web and then the identities of people and their financial records are at risk.”

Levin said what information gets stolen depends on what the school system might have. But, most of the time, it’s enough information to steal someone’s identity.

“We’ve seen employment records of school staff, tax information for school staff,” he said. “Identity information of students, depending on what it is the school might hold about the students. So name, address, birthday, social security number.”

In these instances, Levin said the students information is more valuable than the staff members. A criminal could steal the student’s identity and that student might not notice for years.

Without knowing exactly what HCS is dealing with, Levin said it’s tough to know exactly what parents should do to try and protect their families from these criminals. He said in this situation, it’s best to assume the worst.

“The first thing I would suggest is parents actually issue a credit freeze on the credit accounts of their children,” he said. “Each of the credit reporting bureaus have a method of doing that and that would prevent student identity from being stolen and abused for years without their knowledge.”

Levin also said it’s a good idea to change any passwords the school system might have had access to.

Levin said there have been about 50 similar cases to what HCS is dealing with across the country this year. He said all school systems need to be concerned about this and take the proper precautions.

“These are extremely serious incidents, and I think it’s prudent that school districts take steps now to reduce the odds that they’re going to be targeted by this, because school districts are increasingly being specifically targeted by these attacks,” he said.

Levin said while the investigation continues, it’s best for the community to support the school system while they struggle to continue educating and get to the bottom of the cyber attack.

At last update, the HCS’s I.T. Department was working in conjunction with outside cybersecurity experts to figure out what is going on.

Students also returned to the classroom Monday. Traditional students were back in the classroom using pen and paper, while Huntsville Virtual Academy students stayed home and learned from packets of work they had to pick up from the school.

Copyright 2020 WAFF. All rights reserved.