Pittsfield Schools Face Cyber Attack As Classes Start
With the school year just getting started, the Pittsfield Public School district has already experienced a cyber attack.The district’s first full school day was Thursday, August 28, but staff had been reporting since the beginning of the week when the issues were noticed, according to superintendent Dr. Jason McCandless. He says new student registration, daily attendance and email have been hampered through a denial of service attack, which is overwhelming the system with data.
“There have been some things that we can do inside of our own network with the school district, but really anything that gives us access to the outside world or the outside world access to us has been closed off,” said McCandless.
Dr. Larry Snyder directs the Cybersecurity Management program at Bay Path College in Longmeadow, Mass. He explains what a denial of service attack is.
“The analogy I always give is your internet connection is like a straw,” Snyder said. “You can only shove so much Jello through that straw before you can’t get any more in and that’s where they’re at right now. The stream is full. They can’t go in and can’t go out. They got to figure out what’s at the other end shoving it down.”
McCandless says no school, student or employee information has been compromised. The district rolled out a new website days before the attack to match up with the start of the school year. McCandless says that was just a coincidence.
“Whoever is on the other side of the challenges that we’re facing also appears to have been looking toward the beginning of the school year in terms of causing disruption,” said McCandless.
The district’s internet service provider is Integrity by CELT, or the Center for Educational Leadership and Technology. The agency provides internet service for roughly 35 percent of the districts in Massachusetts and was brought on by Pittsfield in July. Chief Technology Officer Jeff Bajgot says the attack has flooded the network with15 gigabits of data per second intermittently, making it difficult to track.
“This was an ongoing problem even before we got the account,” Bajgot said. “So they’ve seen the switch in providers and now they’ve found the school district again and now they’ve started to attack them again.”
Bajgot says the data flow was also affecting other districts for which CELT provides service so a separate network was set up for Pittsfield. He adds a separate data endpoint was also created.
“We basically route all the traffic that’s destined for that endpoint to nowhere,” Bajgot said. “To basically a bit bucket. Which of course eliminates that traffic from getting to the school and any other traffic. So the legitimate traffic doesn’t make it either.”
Bajgot says CELT has recommended Pittsfield schools bring on a third party vendor who specializes in this type of attack, which would come at an additional cost to the district. He adds CELT experiences a couple of these types of attacks on its networks a year. Executive Director Antonio Pagán says CELT, like most internet service providers, does not provide protection against this type of attack on a daily basis though schools are increasingly being targeted.
When Snyder learned of the denial of service attack against the Pittsfield schools, he says he was hard-pressed to think of a school district that has fallen to one or at least made it known publically.
“If it’s directed at a business the motivation might be that the person wants to cause financial harm to business by shutting down their servers, they can’t conduct business,” Snyder said. “To direct a public school, where they’re not in the business of making money, to me says that it’s something different. It’s more of an act of protest.”
Snyder says organizations usually spend between 5 and 10 percent of their IT budgets on preventing denial of service attacks. Pittsfield’s annual IT budget is $426,000. Snyder adds the method has been around for a long time, originating with one-on-one attacks evolving to cases where attackers use multiple computers to flood a network.
“Then you have the evolution of this attack to a distributed denial of service where it’s one attacker who controls multiple computers,” Snyder said. “You maybe have heard of things like zombie nets or bot nets where there are networks that are controlled by an attacker who directs collective resources at a particular victim. That’s probably where we’re at. The term is often used interchangeably, but it’s not new and it’s not going to go away.”
In the end, Snyder says it comes down to the defender’s resources matched up against the attacker’s resources.
“At some point they’re going to have to break the connection,” Snyder said. “I don’t know what resources it’s being directed at, but if they can’t figure it out eventually they’re going to have to disconnect whatever that particular device is that’s under attack. Then maybe reconnect it, change the IP address, reconfigure it. It seems persistent so it’s going to be on as long as the attacker leaves it on or they get caught.”
Superintendent McCandless says the district is working with its service provider, local law enforcement and a separate vendor. He adds help from higher authorities could be sought if needed.
“Ideally…the end of today [Friday], but in reality it could be next week or the week after before we are fully operational and feeling confident that we are not going to suffer a similar setback and another attack,” said McCandless.
Snyder says state and federal authorities have the resources to stop the attack with the ultimate goal of catching whoever is behind it.
“You think about it long-term, this could be a practice run for something bigger so they will want to try to resolve this issue as quickly as possible,” Snyder said. “So I’m sure they’ll put whatever resources necessary to bring it to a conclusion that takes care of that potential threat,” said Snyder.
Meanwhile, the Pittsfield School Committee extended superintendent McCandless’ contract by one year through 2020.