It was a calm Monday night in the Johnston School District, which abruptly changed by a few text messages. Several parents that have students enrolled in the Johnston Schools received very concerning and threatening messages about their kids going to school the next morning. The group making the threats via text message were claiming they were going to kill some of the students at Johnston the next morning. These messages were immediately reported to the Johnston Police Department and Johnston Schools administration. These threats were taken with great caution; Johnston Schools closed that Tuesday for the day to guarantee safety. When Wednesday came, Johnston Schools started with a two hour delay to let the Police Department do another search through all the buildings and to set up security at each entrance of the school.
Thursday morning, October 6th, a black hat hacking group named “The Dark Overlord” publicly claimed that they are responsible for this cyber threat. This group has done several big attacks to Netflix, healthcare companies, and now has its new target: school districts. This blackhat hacking group’s main purpose of these attacks is for ransom; they have been paid over half a million dollars in Bitcoin for all of the damage done since the group has started. This has caused the Johnston Police to hand over the investigation to the FBI and Homeland Security.
On October 10th, I had the opportunity to talk about this attack that happened on October 2nd, with a member of the Homeland Security Cyber Defense Team. We both agreed that this group didn’t have to do any hard work to exploit a school's information. The hacking group has done a lot of hard work with some of their past targets, but this attack was probably the easiest thing they have done thus far. Myself, and the team member assume/believe that this hack was done by a Phishing Method performed on one of the Johnston's staff members, allowing all access to their computer, data, and access to Infinite Campus. Although, there have been rumors of the group attacking Infinite Campus directly by SQL Injection and other backdoor methods.
My biggest concern about this type of attack used to threaten Johnston School District is how easy it can be done. There are too many uneducated school personnel when it comes to cyber attacks. Phishing attacks are simple to perform, and even easier to let the victim fall for it without knowing it is an attack. Schools and staff members do not have the background knowledge in cyber security, which can lead to their school getting attacked in a matter of minutes.