Unprecedented cyberattack on KDE data network leaves some Kentucky parents in info limbo; common occurrence but uncommon magnitude

KSBA eNews Service, Frankfort, Aug. 30, 2013

Parent portal offline for some after hack attack on Infinite Campus system; student data untouched
By Brad Hughes

A worldwide, coordinated cyberattack on part of the Kentucky Department of Education’s Infinite Campus (IC) information network has kept parents in some Kentucky communities unable to access school data about their children this past week.

The attack, described by KDE Associate Commissioner and Chief Information Officer David Couch as “intense, targeted and sophisticated,” was detected late last week. The attack is specifically targeting select IC parent portal servers in small- to medium-size districts  in the Eastern time zone. Large districts, which house servers on site, and those in the Central time zone have been unaffected so far.

“We could see the attack was headed for the parent portal last Friday . It never made it because the firewall stopped it,” Couch said. “When you have that much mass hitting that fast – there were about 300,000 separate devices sending millions of messages per second – you can jam up the firewalls. And you have to take everything offline for a while and move it, so the attacker doesn’t know where it is located.”

Couch estimated the IC server firewalls were bombarded by as many as 25 million hits, usually between 7 p.m. and 8 p.m. The firewalls did their job, preventing the hackers from being able to access the parent portal, and more importantly, any online student information.

“This is not an attack to grab information; this is an attack to jam up the service,” Couch said. “With school data being involved, some people may think the attackers are grabbing information. They aren’t making it past our firewalls. So it’s flooding the firewalls. They aren’t getting into the system to get anything, but it’s like if 25 million people tried to get to the Kroger in Versailles, not only could you not get into the building, it would clog up every road to going by the building and no one could get by there and do anything.”

IC network servers are located in 60-70 larger school districts, while the other districts use servers in Frankfort at the Commonwealth Office of Technology. Staff from that office, AT&T and the Infinite Campus Inc., headquartered in Blaine, Minn., are working with the KDE technology team to figure out how to foil the attackers.

Students can still access their data accounts in their school, as can any parents who come to a school and user either a building computer or their own smartphone.  But Couch said the decision was made to take down the Eastern time zone parent portal because this attack actually followed the portal’s online access points.

“When someone targets an IP (Internet Protocol) address, you move things around so the attackers can’t find it,” Couch said. “This is much more sophisticated, which is getting our attention. We kind of change the (access point), but this attack is tracking the network when we try to bring it back online.”

Cyberattacks are no stranger to KDE’s online networks. Couch says such attacks are an almost daily occurrence, often coming from computers in China. But this attack is different in several ways.

“This is the first time it’s been this scale, this concentrated. This is real specific (to the parent portal)”, he said.  “Usually when you are attacked, you can track back where it came from. This one comes from hundreds of different sites that are coordinated. These folks have planted things in others’ computers to take part in the attack, unbeknownst to the users of those computers. These are computers all over the world, massed for a short period of time.”

Couch feels confident this is no attack by a student or students trying to make it hard for parents to track their academic progress in school. But beyond that, a motive is just fodder for speculation.

“What’s their intention? We don’t know, but we are trying to track them down and prosecute them because this is just to disrupt that particular network,” Couch said. “It tells me they know something about the system, this specific piece. Thankfully, it’s not the whole IC system.”

Print This Article
Home   |    About   |    Employment at KSBA   |    Site Map   |    Contact Us   |    Login
Kentucky School Boards Association   260 Democrat Drive   Frankfort, Kentucky 40601    Phone: (800) 372-2962   Fax: (502) 695-5451   Map Our Location
Copyright © 2014. Kentucky School Boards Association - All Rights Reserved.   Education Software created by eSchoolView
Terms & Conditions