SecureWorld News

It Was the High School Junior, with the Botnet, that Knocked School Offline

Written by SecureWorld News Team | Thu | Sep 3, 2020 | 5:21 PM Z

Remember the old days when we heard about high school kids who came up with creative ways to get out of taking a test?

Some of them would pull the fire alarm.

Then came the "phone in a bomb threat" trick, which led to criminal charges in a few cases.

And now, with many schools going virtual, the get out of school tactics are moving into the cybercrime realm.

Just ask the Miami-Dade County Public School District.

Multiple DDoS attacks disrupt online classes

The first week of school usually involves some unexpected challenges. But in Miami, the unexpected came in a surprising form: a wave of cyberattacks hit the district. 

The district says distributed denial of service (DDoS) attacks kept knocking online classes offline.

"Miami-Dade County Public Schools (M-DCPS) has been the target of more than a dozen of these types of attacks since the 2020-2021 school year began."

And now, investigators say they have solved the crime by arresting a local high school student.

Student arrested for cyberattacks against school district

Here is what we know about the investigation in this wave of DDoS attacks:

"Detectives traced an IP address responsible for the attacks to a 16-year-old student, a junior at South Miami Senior High School. 

The student admitted to orchestrating eight Distributed Denial-of-Service cyber attacks, designed to overwhelm District networks, including web-based systems needed for My School Online.

The student used an online application to carry out these attacks and has been charged with Computer Use in an Attempt to Defraud - a 3rd degree felony, and Interference with an Educational Institution - a 2nd degree misdemeanor."

Are other students involved in cyberattacks against the school district?

If you do the math here, you will see a variable is still unknown. The high school junior admitted to eight DDoS attacks, but the district says it was hit with more than a dozen.

Which means investigators are hunting for others who are also involved. And the school system police chief made it clear this is a serious situation.

"We believe, based upon our investigation, that other attackers are out there. We will not rest until every one of them is caught and brought to justice. Cyber attacks are serious crimes, which have far-reaching negative impacts. Our message to anyone thinking of attempting a criminal act like this is to think twice. We will find you," said Miami Schools Police Chief Edwin Lopez.

DDoS attacks around the world are surging

Not only are DDoS attacks a crime, they are surging right now. 

ZDNet reported on more than a dozen DDoS attacks recently aimed at Internet Service Providers (ISPs) across the EU:

"The list of ISPs that suffered attacks over the past week includes Belgium's EDP, France's Bouygues TélécomFDNK-netSFR, and the Netherlands' CaiwayDeltaFreedomNetOnline.nl, Signet, and Tweak.nl."

Radware also issued a report about an August 2020 surge in DDoS extortion attacks that are targeting finance, e-commerce, and travel, including a number of airlines.

Security researchers explain how it works:

"Since the middle of August, Radware has been tracking several extortion requests from threat actors posing as 'Fancy Bear,' 'Armada Collective,' and 'Lazarus Group.'

Letters are being delivered via email and typically contain victim-specific data such as Autonomous System Numbers (ASN) or IP addresses of servers or services they will target if their demands are not fulfilled.

The ransom fee is initially set at 10 BTC [Bitcoin], which is equivalent to $113,000 at the time of the extortion. Some fees are set as high as 20 BTC (approximately $226,000). 

In many cases, the ransom threat is followed by cyberattacks ranging from 50Gbps to 200Gbps."

New Zealand seeing record denial of service attacks

As DDoS surges are happening around the globe, one of the hardest hit countries is New Zealand.

It is seeing a historic series of denial of service attacks targeting the private and public sectors and even halting trading on the New Zealand Stock Exchange, the NSX:

"NZX has been advised by independent cyber specialists that the attacks last week are among the largest, most well-resourced and sophisticated they have ever seen in New Zealand," chief executive Mark Peterson said about the attacks.

The National Cyber Security Centre of New Zealand issued a security advisory because of the attacks, which lists best practices for mitigating denial of service attacks. 

Read it here: NCSC denial of service attack advisory

What is the purpose of all these denial of service attacks?

In the Miami-Dade Schools, the purpose may have been to show off by knocking school offline. And the extortion attempts appear to be about making money from fear.

But in the case of many DDoS attacks, Ryan Burkhard of Check Point warns that the motive may be distraction.

He spoke on a recent SecureWorld Remote Session webcast:

"DDoS is a deception for something going on the back end. You know, as the customer is working with the DDoS attack, there's 15,000 plus logs filled with DDoS. And then basically, the attacker finds a backdoor for data exfiltration and you have one log of data exfiltration. And essentially, it's a needle in the haystack, right?

And he says even before the recent surge, DDoS attacks were climbing, with a 300% increase between October of 2019 and May of 2020.

"And again, that's not simply the first mode of attack. They are often looking for a backdoor."