16-year-old student arrested for allegedly crippling Miami school system with cyberattack

In this article:

A 16-year-old student was arrested Thursday for allegedly bringing down Miami-Dade County Public Schools’ (M-DCPS) virtual learning platform, which had been down for several days. According to the M-DCPS, district detectives traced the IP address responsible for the attacks to the student, who is a junior at South Miami Senior High School.

“The student admitted to orchestrating eight Distributed Denial-of-Service cyber attacks, designed to overwhelm District networks, including web-based systems needed for My School Online. The student used an online application to carry out these attacks and has been charged with Computer Use in an Attempt to Defraud. A 3rd-degree felony and Interference with an Educational Institution — a 2nd-degree misdemeanor,” the district — the fourth-largest in the country — said in a statement that did not name the student.

According to the district statement, it faced several connectivity issues resulting from both a malicious cyberattack and software malfunction, which it attributed to a problem with software provided by Cisco Systems.

Colleen Wright of the Miami Herald reported that The M-DCPS superintendent said that some of the attacks on its systems emanated from outside the U.S.

Justin Cappos, an associate professor in the Department of Computer Science and Engineering at the NYU Tandon School of Engineering, was skeptical about the attack coming from groups outside the U.S. and noted that Miami-Dade school district had been having problems with its system before the hack.

“So it means that they’re not doing basic cybersecurity hygiene. They’re not applying patches; they’re not updating software,” he said.

“They were having problems because they had outdated systems, and they knew they needed to do an update to fix this. After they applied their update, they noticed that they had capacity problems and started to notice this denial of service.”

Cappos tells Yahoo Finance that other school districts around the U.S. could be just as vulnerable as the Miami-Dade County Public Schools.

“Are other school systems vulnerable? Absolutely,” he said, adding that school districts need to practice proper maintenance on their systems, which includes properly installing updates. He suggests schools rely on the big players in the tech space such as Zoom (ZM), Microsoft (MSFT), and Google (GOOG) rather than their own systems.

“You absolutely 100% need to install your software updates. You need to get all your systems up to date. This is the most important security thing you can do. If you’re using cloud-type services, like Zoom, you’re effectively outsourcing the security of that part of your system to the company,” he said.

Sen. Marco Rubio (R-Fla.) requested a briefing with the Department of Homeland Security on cybersecurity as it relates to school districts, according to the Miami Herald. The district says that it plans to utilize Microsoft Teams, Zoom through Microsoft Teams, or an alternate pathway, while the current issues are being resolved.

The school system’s police chief, Edwin Lopez, had a warning for other hackers. "We believe, based upon our investigation, that other attackers are out there. We will not rest until every one of them is caught and brought to justice. Cyberattacks are serious crimes, which have far reaching negative impacts. Our message to anyone thinking of attempting a criminal act like this is to think twice. We will find you.”

Reggie Wade is a writer for Yahoo Finance. Follow him on Twitter at @ReggieWade.

Read more:

Read the latest financial and business news from Yahoo Finance

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, and reddit.

Advertisement