U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > U.S. Forums > Montana
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 09-20-2017, 10:51 AM
 
Location: LEAVING CD
22,952 posts, read 22,535,449 times
Reputation: 15493

Advertisements

Columbia Falls School District 6 servers were hacked and all data compromised to include employment info and all personal info on the students, unknown how far back the hackers went but I'd guess whatever was on the servers. If they follow through with their threats this could be very ugly and embarrassing to a lot of people in the area.
This threat closed down ALL Flathead Valley Schools for several days.
http://flatheadbeacon.com/2017/09/18...cyber-threats/

Below is part of the extortion letter sent to the district and it is disturbing to say the least given the hacker group responsible.

Quote:
Dear XXXXX & Board of Trustees of Columbia Falls SD6,
Sidney Hook (appears a bit like Sandy Hook), a well learned American Philosopher once said “everyone who remembers his own education remembers teachers, not methods and techniques. The teacher is the heart of the educational system.” We couldn't agree any more, but we did feel Sidney Hook left out some key players. You ladies and gentlemen. Due to the perspiration and blood of hard working people like you yourselves, teachers have a place to teach and young promising minds have a place to learn.
Do you know what it means to exhibit great strength, Columbia Falls? We are all about to find out, as you will soon see. What you choose to happen next will define your district for years to come and we can assure you of that for you have been graced with our presence. You should be thankful we are giving you a choise in this matter. Rarely do educational institutions such as your own and people such as yourselves receive an opportunity like this. More on that later.
We know who you are, Columbia Falls. We know everything about your operation. We know everything about your schools and the children in them. Your nursery children, your primary children, and your secondary children. We know who the problem children are, who the honour performing children are, and even who many of the parents are. We have educated ourselves and made ourselves aware of your entire lives. Today, we're invading your lives and offices in the form of a letter filled with verbose, condescending, and abusive language. Yikes, right?

http://1qb1ow3qfudf14kwjzalxq61.wpen...-redaction.pdf
Reply With Quote Quick reply to this message

 
Old 09-20-2017, 01:41 PM
 
4,745 posts, read 4,025,113 times
Reputation: 9942
It seems from what was published in the newspaper that this is attempted cyber terror/cyber extortion from someone who is not a native English speaker.

I can't imagine that school has any more or less stringent cyber security than any other school district in the state.
Reply With Quote Quick reply to this message
 
Old 09-21-2017, 09:34 AM
 
Location: Brendansport, Sagitta IV
7,543 posts, read 12,603,263 times
Reputation: 2954
"Once you pay the danegeld, you never get rid of the Dane."

These people don't stick to their own agreements, even if you're fool enough to pay up:
Here Are the Terms Dark Overlord Hackers Imposed on OITNB Victims
https://www.netswitch.net/the-dark-o...ne-bad-hombre/

Basically, anything that ever went into an internet-facing network has to be regarded as public, because sooner or later it WILL be hacked.

Keep sensitive records strictly on airgapped systems, and the internet-hacking vector goes away.

If it's gotta be connected, use a hardened server, not some off-the-shelf solution. (And no, linux is not inherently secure.)
Reply With Quote Quick reply to this message
 
Old 09-21-2017, 11:37 AM
 
Location: East Helena, MT
839 posts, read 589,438 times
Reputation: 2296
Being a government employee, we were briefed on the situation. Apparently, this group targets systems that are still using windows 7. These are normally going to be small businesses that can't afford real cyber security, and government agencies. A school administrator had a laptop that was 8 years old, running windows 7. Once they got into the laptop, they planted a program that allowed them to get into the schools network, the next time the laptop was connected. From there, they copied EVERYTHING on the network, and then deleted it. All of the data is gone. The school didn't back up their data. They have hired a cyber security company to try and retrieve the data. If the hackers don't receive $150,000, they will release the private medical records of the students, the behavioral records, and the results of child abuse investigations the school district is working on. This isn't going to harm the school, but it will destroy some innocent kids.


The reality is this, your SSN and private information is going to be hacked at some point. My info has been stolen 3 times already. Until the United States stops using the SSN for everything, this won't stop. Microsoft issued a statement that this vulnerability has been corrected on Windows 10, and asked that all agencies stop using windows 7 and 8 immediately.


This group has successfully hacked about a hundred small businesses, a couple of hospitals, and a dozen small government entities. They are located outside the U.S.
Reply With Quote Quick reply to this message
 
Old 09-22-2017, 09:03 AM
 
Location: LEAVING CD
22,952 posts, read 22,535,449 times
Reputation: 15493
Quote:
Originally Posted by historyfan View Post
It seems from what was published in the newspaper that this is attempted cyber terror/cyber extortion from someone who is not a native English speaker.

I can't imagine that school has any more or less stringent cyber security than any other school district in the state.
I would hope that's not true as there is highly sensitive information on their systems. <bold>

The release of the information stolen could really destroy some families and as has been said certainly the kids.
The difference is we're talking about a small town of around 4000 with 1 high school,1 middle school and 2 grade schools where gossip flies and people DO most certainly judge.

There is serious personal information stored on that system that should have been protected and run by professionals.

Last edited by jimj; 09-22-2017 at 09:23 AM..
Reply With Quote Quick reply to this message
 
Old 09-22-2017, 09:43 AM
 
Location: LEAVING CD
22,952 posts, read 22,535,449 times
Reputation: 15493
Quote:
Originally Posted by ericsvibe View Post
Being a government employee, we were briefed on the situation. Apparently, this group targets systems that are still using windows 7. These are normally going to be small businesses that can't afford real cyber security, and government agencies. A school administrator had a laptop that was 8 years old, running windows 7. Once they got into the laptop, they planted a program that allowed them to get into the schools network, the next time the laptop was connected. From there, they copied EVERYTHING on the network, and then deleted it. All of the data is gone. The school didn't back up their data. They have hired a cyber security company to try and retrieve the data. If the hackers don't receive $150,000, they will release the private medical records of the students, the behavioral records, and the results of child abuse investigations the school district is working on. This isn't going to harm the school, but it will destroy some innocent kids.


The reality is this, your SSN and private information is going to be hacked at some point. My info has been stolen 3 times already. Until the United States stops using the SSN for everything, this won't stop. Microsoft issued a statement that this vulnerability has been corrected on Windows 10, and asked that all agencies stop using windows 7 and 8 immediately.


This group has successfully hacked about a hundred small businesses, a couple of hospitals, and a dozen small government entities. They are located outside the U.S.
If true, that they didn't upgrade to protect vital information even after being advised to by MS AND didn't have any backups of the data stolen then it would seem to me that they failed to show even a basic amount of care and control of highly sensitive and confidential information. Someone or some group of people should lose their jobs over this.

Wouldn't shock me to see lawsuits fly over this debacle and rightfully so, especially if any information is leaked out.
Reply With Quote Quick reply to this message
 
Old 09-22-2017, 09:53 AM
 
Location: East Helena, MT
839 posts, read 589,438 times
Reputation: 2296
Quote:
Originally Posted by jimj View Post
If true, that they didn't upgrade to protect vital information even after being advised to by MS AND didn't have any backups of the data stolen then it would seem to me that they failed to show even a basic amount of care and control of highly sensitive and confidential information. Someone or some group of people should lose their jobs over this.

Wouldn't shock me to see lawsuits fly over this debacle and rightfully so, especially if any information is leaked out.

People are going to sue, and property taxes are going to be raised through the roof to pay for it. I have heard a rumor that the school district had a budget of $3,000.00 for IT operations. I don't know if that is true, but if it is, you can't really get much done on that budget. The hackers are taking advantage of the fact that most school systems are running on a bare bones staff. Add to this the requirements that all records have to be stored in electronic format, and you can see the problem.


The school simply can't afford the ransom, and can't afford any lawsuits.
Reply With Quote Quick reply to this message
 
Old 09-23-2017, 09:09 AM
 
Location: LEAVING CD
22,952 posts, read 22,535,449 times
Reputation: 15493
Quote:
Originally Posted by ericsvibe View Post
People are going to sue, and property taxes are going to be raised through the roof to pay for it. I have heard a rumor that the school district had a budget of $3,000.00 for IT operations. I don't know if that is true, but if it is, you can't really get much done on that budget. The hackers are taking advantage of the fact that most school systems are running on a bare bones staff. Add to this the requirements that all records have to be stored in electronic format, and you can see the problem.


The school simply can't afford the ransom, and can't afford any lawsuits.
As you might have guessed we lived in that district. While there I argued for many years that these little fiefdoms containing only a few schools needed to rid themselves of their expensive administrations like a superintendent making over $100k a year and consolidate under the Flathead County school district.

Secondly, as someone who lived in that district I'm aware of what their priorities were and IT security was NOT one of them as this obviously shows.
Reply With Quote Quick reply to this message
 
Old 09-23-2017, 09:23 AM
 
Location: Brendansport, Sagitta IV
7,543 posts, read 12,603,263 times
Reputation: 2954
Explain to me why schools need an IT staff in the first place, let alone a massive data system for all their kids.

We got along with paper records from the beginning of modern schooling. When I was in school the only thing the mainframe was used for was the district payroll. Obviously it's not that it can't be done.

The only reason to keep electronic records on kids is to make it easier for those records to follow them for the rest of their lives.
Reply With Quote Quick reply to this message
 
Old 09-23-2017, 09:57 AM
 
Location: North Dakota
7,735 posts, read 9,027,441 times
Reputation: 11107
Quote:
Originally Posted by Reziac View Post
Explain to me why schools need an IT staff in the first place, let alone a massive data system for all their kids.

We got along with paper records from the beginning of modern schooling. When I was in school the only thing the mainframe was used for was the district payroll. Obviously it's not that it can't be done.

The only reason to keep electronic records on kids is to make it easier for those records to follow them for the rest of their lives.
Welcome to 2017. This is how it works these days and how it has worked for a very long time. Why are you so shocked about this?
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:


Options
X
Data:
Loading data...
Based on 2000-2016 data
Loading data...

123
Hide US histogram

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > U.S. Forums > Montana
Follow City-Data.com founder on our Forum or

All times are GMT -6.

2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top