NETWORK NEMESIS: Southern Hancock strengthens internet security after attack

Karen Ginther checks an email queue on her computer in the front office at New Palestine High School. The district's internet service was restored by Thursday after a cyber attacked knocked it offline on Tuesday. (Tom Russo | Daily Reporter)

NEW PALESTINE — Officials believe it was a “rogue actor,” maybe even a student, who crashed the Southern Hancock internet system earlier this week, shutting down virtual school, in-school work and internet access across the district for two days.

Connectivity was reestablished as of Thursday, Aug. 6. District officials and their internet provider, NineStar Connect, said the system was hacked through what is called a “Distributed Denial of Service” attack, or DDoS. The attack is a well-known way for hackers to make an online service unavailable by overwhelming it with traffic from multiple sources.

Miles Hercamp, SH director of technology, noted the district experienced a similar event in January but was quickly able to shut down the breach. This time, on Tuesday, Aug. 4, the second day of school, when something similar happened, officials from NineStar assessed the problem as a cyber attack and took counter measures, which included beefing up security and changing the district’s internet protocol address.

“We used to have one IP address; now we’ve got multiple for each school building, so if they attack an IP address again, it can only affect people on that IP and not the entire district,” Hercamp said.

[sc:text-divider text-divider-title=”Story continues below gallery” ]

Click here to purchase photos from this gallery

The IP address that was attacked is no longer in use by the district. With internet security beefed up, district officials noted some students might have trouble accessing the internet, but they’re working getting those students back online on a case-by-case basis.

Ross Ferson, chief technology officer for Greenfield-based NineStar, said the company sees this type of problem frequently, with up to 1,000 or more cyber attacks on its customers each year.

“School districts are ripe for the DDoS attack,” Ferson said. “That kind of attack gets thousands and thousands of computers across the world to attack that IP with so much bogus data that legitimate data can’t get through.”

Safety measures normally filter out 99 percent of attacks, Ferson said, but when an attack is coming from thousands of computers at once, it’s impossible to stop.

Authorities believe the hacker purchased an app or maybe used a program often utilized by businesses to check their firewall to orchestrate an attack against the district, overwhelming the system.

“It doesn’t take any real skill for a hacker to do a DDoS attack,” Ferson said.

District officials started noticing issues Tuesday when they lost internet access across the district. The problem continued into Wednesday as NineStar worked to solve the issue and get new safety measures in place. The district, which uses Macbooks for students in grades seven through 12 and iPads for pre-kindergarten through sixth-graders, said the issue was never hardware-related.

The attack compromised internet connectivity for teachers, students in classrooms and students attending virtually. The attack also impacted the functionality of some other programs, including PowerSchool and Canvas.

Wes Anderson, the district’s community relations director, said no one’s personal or academic information was compromised. That fact makes officials think the attack could have come from a student who had access to the district’s IP address.

As of late Thursday afternoon, things appeared to be back to normal, Anderson said, with the exception of a handful of issues at New Palestine High School that were typical back-to-school computer problems unrelated to the attack.

The New Palestine Police Department is working with the Indiana State Police Cyber Crime Unit on an investigation.

“It’s considered computer trespass,” New Palestine Police Chief Bob Ehle said.

The crime is usually charged as Class A misdemeanor and punishable by up to one year in jail with a fine of up to $5,000. However, the crime is charged as a felony in certain circumstances in Indiana, and that’s what district officials are hoping for.

No suspects have been identified. When the culprit is found, officials want to make sure he, she or the group responsible is punished to the fullest.

“We are going to recommend prosecuting whoever it is,” Hercamp said.

Hercamp wanted to remind parents that educators were just as frustrated as they were, especially for those approximately 400 students who signed up for the new virtual program. Those students were left with no access to their lessons. However, Hercamp noted the students did have educational material during the shutdown, and educators are working hard to get everyone back on track.

Regardless of the new security measures put in place, Ferson acknowledged internet hackers are part of the digital age. When professionals work to develop safety measures, hackers work just as hard to get around them.

“No school, no business, no government, or person should ever feel they will not have a DDoS attack again,” Ferson said. “Because it’s going to happen again. It’s a cat-and-mouse game we’ll continue to play.”

[sc:pullout-title pullout-title=”What is a DDoS? ” ][sc:pullout-text-begin]

The attack on Southern Hancock’s network was characterized a “Distributed Denial-of-Service” attack, a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

The purpose of the attack: To target a wide variety of important resources and present a major challenge to making sure people can access important information online.

Almost anyone can fall victim to a DDoS attack. They are relatively cheap; can be implemented through an app; are easy to organize; and can be highly effective if reliable protection is not in place.

Such attacks are considered a criminal offense: Conviction may result in any one or a combination of the following consequences: Seizure of computers and other electronic devices; arrest and criminal prosecution.