DORAL, FL – Miami-Dade Public Schools was hacked this week by a 16-year-old teen who launched at least eight cyberattacks of the two dozen that helped paralyzed the first three days of distance learning.
Board members are now questioning the effectiveness of My School Online, the platform used by students, while cybersecurity experts are alarmed by how easily the school district was taken down considering its size.
In a report made by the Miami Herald where cybersecurity experts where interviewed, it was explained that the district should have been able to withstand the attacks made by the teenager that according to the experts weren’t even so complicated to pull off.
A series of distributed denial-of-service (DDOS) cyberattacks is what overwhelmed the school system and ruined back to school for everyone in the district, but this wasn’t done in a sophisticated way.
In an interview with Local 10, web expert Craig Agranoff said “a simple Google search of how to do one of these will reveal how to do them.”
“It doesn’t even have to be an orchestrated setup. It’s some simple software you can use and it just basically goes and almost grabs other people’s computers that they don’t even know and starts sending traffic to these websites that they want to take down.”
The tool used by the student was “Low Orbit Ion Cannon (LOIC)” as the Miami Herald reported and it’s easy to download to disrupt websites according to experts.
It’s a “primitive” software used a decade ago by other hackers and the “modern-day equivalent” of pulling a school’s fire alarm.
“It’s a point-and-click program. You don’t have to have a great degree of sophistication to launch it,” said Mark Rasch, a cybersecurity expert and former federal cybercrimes prosecutor, to the Herald.
He also added it was surprising that the school district’s servers could not handle the LOIC attack. “The firewalls on the district’s computer network should be able to detect and handle the traffic,” read the article.
“It’s really easy to prevent…The school must be really out of date on their router configuration.”
And according to experts age is not a limitation to perform the attacks made to the school district, which means even a 16-year-old can do it.
“[With] the right search terms, you can find tools available to launch this kind of attack for free… these tools are trivial to locate and operate,” said Doug Levin, a cybersecurity expert and president of EdTech Strategies, to the Miami Herald.
“This speaks to the cybersecurity posture of school districts,” he said. “Historically, it has not been an issue they have worried much about. They have long believed they wouldn’t be a target.”
Miami Dade Schools Police alongside the FBI, the Secret Service and Florida Department of Law Enforcement traced other Miami-Dade Schools’ cyberattacks with IP addresses of Russia, Ukraine, China, Iraq and other countries.