MDPS District cyber drama - tips on cyber-safety

Start of school year cyber drama continues

As if the lengthy debate over how to reopen schools wasn’t enough of a challenge for Miami Dade parents, teachers, school administrators and beyond. Then, it was settled.

But the decision came just before the start of the school year to have classes taught fully online, leaving little time to implement, test and perfect a massive digital transformation. Yet, it had to be done.

The first week of school turned into total chaos.

Throw in a software glitch, and a bored teenager carrying out a cyber attack to disrupt the entire Miami Dade public school system’s online learning platform, and the fourth largest school district experienced weeklong technological issues. This left the community frustrated and questioning how it could have happened.

Students could not connect to their classes. Parents didn’t know who was to blame.

On the fourth day of the disastrous week, Miami-Dade Schools Police made an arrest; a 16-year-old junior at South Miami Senior High School. The FBI, the Secret Service and the Florida Department of Law Enforcement were involved in the investigation.

The student admitted to conducting eight DDoS, distributed denial-of-service attacks, according to M-DCPS. He was caught because investigators identified his computer’s IP address. A professional cyber criminal would have known how to cover their tracks.

When news broke about the arrest, parents and community members commented across social media that the “kid is a genius,” and that “he should be hired immediately to do IT for the school system.”

The scary truth is the teen simply used tools written by professional hackers that are widely available on the internet. Computer crime is rampant, and it is not always a sophisticated operation. There are forums and software available with tutorials across the internet that teaches how to send phishing emails, conduct ransomware and beyond. Among cybersecurity professionals, there’s a warning: “It’s not if, it’s when.”

Coding is not required. Previous information technology experience is not necessary. It’s, unfortunately, easy for bad actors to get their hands on cheap methods to carry out cybercrime, which is an increasingly growing threat to all of us.

The more connected we are to devices connected to the internet – tablets, cell phones, smart speakers, home doorbells, medical equipment -- the more opportunities cyber criminals have to target us to steal sensitive data, personal information and disrupt organizational operations.

After the arrest was made, the cyber attacks continued through Friday, Sept. 4, according to Superintendent Alberto Carvalho.

The investigators are still working on the case and closely monitoring the online learning platform.

“We believe, based upon our investigation, that other attackers are out there. We will not rest until every one of them is caught and brought to justice,” said M-DSPD Chief Edwin Lopez. “Cyber attacks are serious crimes, which have far-reaching negative impacts. Our message to anyone thinking of attempting a criminal act like this is to think twice. We will find you.”

In response to the technological issues, the district has separated the Pre-K to 5th grade platform from the 6 to 12th grade, to get a better handle on the system’s performance.

Eventually on Thursday, Miami-Dade School Board decided to cut ties with the company - K12 - who was providing the controversial system.

Now, to help with the matter, M-DCPS is seeking feedback from parents regarding the online learning platform for Pre-K to 5th grade students. The survey can be accessed via the parent portal. Click here to access. 

Five tips for staying cyber safe 

  1. Connect to the internet using a VPN.
  2. Use strong and unique passwords for every account. Don’t share your passwords with anyone, and don’t give them out if you’re asked by a person in an email, text, social media message and by phone calls.
  3. Implement multi-factor authentication with sensitive accounts, especially banking and investment accounts.
  4. Use antivirus software across devices.
  5. Think before you click on any links, especially coming from a person with an urgent request for a money related favor and very personal information.