No Suspect, Motive Unclear In Cyberattack On School Tests
September 17, 2015
An investigation into a cyberattack launched earlier this year against the state’s computer-testing platform for public schools has ended with no suspects and no apparent motive, according to the Florida Department of Law Enforcement.
State officials emphasized that the March incident was what is known as a Distributed Denial of Service, or DDoS, attack — which occurs when someone bombards a server with requests to overload it and make it unable to handle legitimate traffic.
“Most importantly, I want to reassure our state’s students, parents and educators that, because of the nature of the cyberattack, no student information was accessed and the content of the assessment was not compromised,” Education Commissioner Pam Stewart said in a statement issued Wednesday.
The Florida Department of Law Enforcement said 29,000 IP addresses were used in the cyberattack. IP addresses are meant to identify computers on the Internet, though they can be hijacked or spoofed.
“While some of the IP addresses used in this attack were based in the United States, most were believed to be in foreign countries,” the agency said. “FDLE did not identify a suspect or a motive for the DDoS attacks.”
The investigation appears to close out a stormy chapter in the history of the state’s new test, known as the Florida Standards Assessment.
The attack was part of a series of embarrassing technological snags that hampered the spring rollout of the assessment, the latest standardized tests for the state’s public schools. The attacks hit the testing platform operated by American Institutes for Research, a non-profit group that signed a six-year, $220 million deal to design the test.
While the attacks were blamed for some of the trouble that students had accessing the test, there were also widespread delays before the computer assault began. The state is pursuing sanctions against the group for the glitches.
As a result of the snafus and a general public uproar about over-testing, lawmakers scaled back tests and required a third-party review of the test before it could be used for accountability measures like school grades and teacher evaluations.
The Florida Department of Education announced earlier this month that the review found the test to be valid.
by Brandon Larrabee, The News Service of Florida
Comments
6 Responses to “No Suspect, Motive Unclear In Cyberattack On School Tests”
I stand corrected. Good catch William…I glossed over that section.
>> we’re talking about a relatively rinky-dink network in the Escambia County School System
No, we are not. See first sentence of story “state’s computer-testing platform for public schools ”
I was an attack against the statewide network, not just Escambia County
. Escambia County’s network was working fine during the state outage; it was not a target.
Molinoman
I would have to respectfully disagree with you on a couple of points…in many, many instances, a person with a basic knowledge of computers doesn’t even know where to go to check what their subnet mask is if asked. I still think that it’s someone with an above average knowledge of computers and how networking works.
While I would agree that 29K Zombie comps used for a DDoS attack against a hardened target like a banking system, Federal government system or large business is pretty weak, we’re talking about a relatively rinky-dink network in the Escambia County School System. Someone went through a bit of effort for such a small target.
But you bring up an excellent point that I hadn’t considered. Common Core has a lot of enemies, myself being one of them, It still makes me wonder why someone that dedicated to crushing Common Core would choose such a small target like our county rather than a much larger metropolitan area in central or south Florida, unless it’s because we had one of the less hardened networks in Ecambia County. Of course, I may have answered my own question since central and south Florida are highly populated by illegal immigrants and socialist Democrats who shutter with pleasure at the mention of Common Core.
or………………….
disgruntled programmer at AIR built it into the program.
But when the culprit can’t be found, make up some hacker theory to explain it.
$220 million to design a test!!! A test that we are using to grade the knowledge our kids have using common core at that. How much did those yahoo’s make coming up with common core and implementing that train wreck of teaching? Sounds like our schools are big money for everyone but our teachers! Why must I still dish out money every week for pictures, year books, extracurricular uniforms and equipment? Some of those millions being passed around in the shadows should be going back to the schools and teaching what has worked for decades… you know the same education most all of us have had from the 1900’s until 15-20 years ago! The same education we use in our everyday lives… yeah that education.
29k IP’s is nothing.Using foreign shell accounts and/or zombie computers from other countries to DDoS is nothing as well. It’s actually so easy anyone with basic computer knowledge can do it. They try to make it sound like someone in a foreign country did this when it can easily be done from a laptop sitting at McDonald’s in Pensacola or an open unsecured wireless home connection by a war-driver.
29K IP addresses?
Sounds like someone may have created or utilized an existing zombie hoard to create the DDOS attack.
Who would benefit? I’d start looking at who had the most to gain in delaying the test. It sounds like we have the possibility of a very talented but misguided student that didn’t exactly feel like taking the tests at that time. DDOS isn’t the most eloquent of attacks, but it is effective.
Not saying that is what happened, as I’m not an expert, but that’s the only plausible explanation that I can think of off the top of my pointed head.