Wednesday, October 4, 2017

School District Held Hostage [Upodate]

Don't file this under "ed reform" or "pedagogical issues." File this under "so this is the kind of terrible crap school districts have to deal with in the 21st century."

You may be familiar with the name The DarkOverlord. It's a hacker group, or maybe a single hacker, or maybe some Russian teenager in his mother's basement. But it achieved some notoriety last year when it hacked into a server and stole the new season of Orange Is the New Black, along with some other material, and attempted to shake Netflix down for ransom.

This put DarkOverlord in the public eye, but by the time it hit Netflix, it had already been plenty busy, specializing in breaching security at medical businesses. DO is fond of issuing "contracts" with its victims in pseudo-lawyerly language, though it also can run to pretty basic threats and worrying about its press coverage. In one instance, DO e-mailed the child of business executives to tell the child that Mommy and Daddy were about to be ruined.

This fall, the DarkOverlord diversified its portfolio by moving on a new class of victim-- an entire school district.

Columbia Falls and the surrounding Flathead Valley in Montana were hacked, and what followed was a harrowing couple of weeks in September.

The personal information (names, addresses, records-- just think about what a school district stores) mined by the hackers was held hostage, and the district was instructed via a long and ranty ransom note, to pay off DO in bitcoin. But the hacker also proceeded to terrorize the community with emails containing graphic and physical threats to the children of the school district. School leaders called meetings with parents and thirty schools across the region, affecting thousands of students, shut down for three days, with some families waiting longer to be certain it was safe to send their children back. "We are savage creatures," said one communique from the hacker.

If you decide to not entertain us and agree to one of our win-win business propositions, we will escalate our use of force in a tiered process that will involve an ever increasing level of damage and harm for you.

The DarkOverlord is not shy, and contacted both the authorities and the local newspaper, the Flathead Beacon, which provided some excellent coverage. They also provide some of the public exposure the hacker so obviously seeks-- a difficult decision and one that the paper handled well. But some of the excerpts from the interview continued to disturb.

During the course of the conversation, [Beacon reporter Dillon] Tabish tried multiple times to understand who the suspect was, where he or she was from, why the individual was making the threats and why they were targeted at area schools.

The individual said on multiple occasions in various ways that he or she intended to kill people in large numbers. The suspect said they were heavily armed with “extensive training.”

“If you know anything about military weapons … it should scare your region,” the person said.
When asked again why he or she was targeting the Flathead Valley, they responded that they wanted to scare people and harm as many people as possible.

“I wanted the public to exist in a state of fear before I make my move. This will allow the government protecting your children to look poorly in the light of the public,” the suspect said.

The individual later elaborated, “The quaint, small, backwoods region of the US like yours is prime hunting grounds. This incident is the last thing you will expect to happen here.”

Security experts suggest that the school district was not targeted and that the hackers simply sent out ransomware "en masse" to see what opportunities would present themselves.

It’s usually not a purposeful, planned attack. They’re just looking for low-hanging fruit, and if you’re not protected and don’t have the right defense in place, they will go after you.

The consensus also seemed to be that despite the threat of imminent physical attack, DarkOverlord is located overseas and was not actually kill anyone. That seems rational and reasonable, but when the death threats are landing in your in-box, it's hard not to freak out.

Montana U.S. Sen. Steve Daines raised the cyber-terrorism issue with the FBI in DC, referencing the attack just last week. The FBI didn't have much to say about the ongoing investigation, but everyone agrees this level of cyber-terrorism, spreading past corporations into hospitals and schools, is a problem.

This is one of the major arguments against large-scale data mining, as we see again and again and again-- just as criminals would rob banks because "that's where the money is," bad actors are going to go after any large collection of personal data.

Welcome to the 21st century. Hope your school's IT department has a good handle on your cyber-security.

Update: It has happened again. In Johnston, Iowa, school security has been breached and student info has been published online while locals have received threatening text messages.

One common feature-- both school districts use the Infinte Campus platform. We'll see if that turns out to be the doorway through which DO is entering.

The DarkOverlord was behind it again. It looks as if they have a new hobby. Good luck, everyone.


  1. "just as criminals would rob banks because 'that's where the money is,'" ... Isn't this the line that Hillary Clinton referred to as her justification for taxing the rich ?

  2. Last year in MD and I think some other states, there were threats (computer phone calls) posted to schools. In MD it would be in several counties on the same day and often times at about the same time. Wonder if it was DO looking to see if they could get into a system and to see how much attention was being paid to the threats? The police would come with the dogs, and the day would continue as normal after the "all clear" was given.