On the same day that millions of sensitive data allegedly stolen from the Los Angeles school district were put up for sale on the dark web, the Federal Communications Commission approved a $200 million pilot program to help K-12 schools and libraries across the country to combat an onslaught of cyber attacks. .
A spokesperson for the Los Angeles Unified School District confirmed that they are investigating a listing on a notorious dark web marketplace, posted Thursday by a user called “The Satanic Cloud,” asking for $1,000 in exchange for what they claim is a treasure of to be more than 24 million. records. The development comes nearly two years after the district fell victim to a ransomware attack that led to a widespread leak of sensitive student data, some of which was years old.
At the same time, federal officials cited the earlier LA ransomware attack and subsequent breaches, with FCC Chairwoman Jessica Rosenworcel noting that they have become a growing scourge for districts of all sizes.
Get stories like this straight to your inbox. Sign up for the 74 newsletter
“School districts as large as Los Angeles Unified in California and as small as St. Landry Parish in Louisiana were targeted by cyberattacks,” Rosenworcel said, adding that these events led to real-world disruptions to education, sometimes costing millions. recovery costs for districts. . “This situation is complex, but the vulnerabilities in the networks we use in our nation’s schools and libraries are real and growing.”
“So today we’re going to do something about it,” she said.
The five-member FCC voted 3-2 to approve the pilot, which will provide firewalls and other cybersecurity services to eligible school districts and libraries over a three-year period. While the pilot project aims to explore how federal funds can be used to strengthen defenses of these vulnerable targets, some have criticized the initiative as too little, too late.
When Rosenworcel first introduced the proposal in July, education stakeholders demanded a more urgent and substantive federal response.
Districts selected to participate in the newly approved pilot will receive a minimum of $15,000 for approved services and the commission aims to “provide funding to as many schools and school districts as possible,” according to a fact sheet. While the funding “by itself will not be sufficient to fund all school cybersecurity needs,” the fact sheet notes, the committee is working to ensure that “each participating school will receive funding to prioritize the implementation of solutions within one big technological category. .”
The Satanic Cloud, which posted the latest batch of LAUSD data, told The 74 that it is completely separate from what was stolen in the September 2022 ransomware attack on the nation’s second-largest school district. An executive at a leading threat intelligence company said his team suspects the data comes from the earlier event.
The Los Angeles County is aware of the threat actor’s claims, a spokesperson told The 74 in an email Thursday, and is “investigating the claim and working with law enforcement to investigate and respond to the incident.”
‘It is certainly sensitive data’
Last year, an investigation by The 74 found that thousands of students’ psychological evaluations were leaked online after cybercriminals launched a ransomware attack on the Los Angeles neighborhood. The district had categorically denied that its mental health records had been compromised, but within hours of the story admitted that it had.
Last month, a joint investigation by The 74 and The Acadiana Advocate revealed that officials at the 12,000-student St. Landry Parish School Board, about 60 miles west of Baton Rouge, waited five months after a ransomware attack to kill data breach victims to inform them that their sensitive information had been compromised. The report came after an earlier investigation by the news media found that personal student, employee and company information had been made public, despite the district’s claim, and that St. Landry had likely violated the state’s breath reporting law. Within hours of the initial story’s publication, the Louisiana attorney general’s office issued a warning to the district.
Louisiana School District Notifies Data Breach Victims Following News Investigation
The latest files from Los Angeles were listed Thursday on the dark web marketplace BreachForums, an online outpost that was briefly taken offline last month after it came under the control of federal law enforcement officials. The Federal Bureau of Investigation first targeted BreachForums in March 2023 when it arrested the site’s owner, 20-year-old Conor Brian Fitzpatrick, at his home in Peekskill, New York. BreachForums was one of the largest hacker forums at the time, claiming more than 340,000 users.
An example file in the LA list is a spreadsheet containing the names, student identification numbers, and other demographic information of more than 1,000 students and their parents. Data reveals students receiving special education services, their addresses and their home phone numbers. A list of file names suggests that the records contain similar information about teachers.
The BreachForums user who listed the data from Los Angeles, reached for comment via the encrypted messaging app Telegram, told The 74 “there is no connection” to the previous ransomware attack. The breach, the threat actor said, originated through the Amazon Relational Database Service, which allows companies to create cloud-based databases. The service has been the subject of previous hacks that led to the disclosure of large amounts of sensitive information.
Subscribe to the School(in)Safety newsletter.
Get the most critical news and information about student rights, safety and well-being delivered straight to your inbox.
Kaustubh Medhe, the vice president of research and threat intelligence at threat intelligence company Cyble, said the latest threat actor has a history of discussing cryptocurrency scams on Telegram, but this is the first time they have tried to sell stolen data. Cyble’s research team, he told The 74, sees “a strong probability” that the data came from files exposed during the earlier ransomware attack.
“Historically, we have seen this type of activity where old data breaches are recirculated on dark web forums by various actors,” Medhe said. Be that as it may, Medhe said it is incumbent on district officials to take urgent action. The files, he said, could be useful for “some kind of profiling or some kind of targeted phishing activity.
“It’s certainly sensitive data,” he said, adding that district officials should analyze the sample dataset available online and confirm whether the data matches their internal databases and perhaps the data stolen in 2022. a thorough incident response and investigation to eliminate the possibility of another breach.”
A trove of LA students’ mental health records posted to the dark web after a cyber hack
‘An important step forward’
At Thursday’s FCC meeting, Commissioner Anna Gomez said the pilot program is a matter of educational equity, citing a report from the federal Cybersecurity and Infrastructure Security Agency that noted ransomware attacks and data breaches in K-12 schools have skyrocketed over the past decade increased, districts with limited cybersecurity capabilities and vast resource constraints are the most vulnerable to attack. According to her, connectivity is “essential for education in the 21st century.”
“Technology and high-speed internet access open doors and limitless opportunities for those who have it,” Gomez said. “Unfortunately, our increasingly digital world also creates opportunities for malicious actors.”
Facing a growing number of cyberattacks, educators have for years called on the FCC to provide cybersecurity resources with money from the federal E-rate program, which provides funding to most public schools and libraries across the country to make broadband services more affordable . It’s a move that more than 1,100 school districts endorsed in a joint 2022 letter, but which the commission declined to adopt. In a news release, the committee said the pilot was kept separate “to ensure that gains in improved cybersecurity do not undermine E-rate’s success in connecting schools and libraries and advancing digital equity.” The pilot will be allocated through the Universal Service Fund, which was created to subsidize telephone services for low-income households.
In a letter to the committee last month, the American Library Association, Common Sense Media, the Consortium for School Networking and other groups said the selection process for eligible schools and libraries was unclear and could confuse applicants. On Thursday, the library association expressed its support for the pilot.
“Today’s decision by the FCC to initiate a cybersecurity pilot is an important step forward for our nation’s libraries and librarians, too many of whom face rising costs to maintain their systems and data. institution,” President Emily Drabinski said in a statement. “We remain steadfast in our call for a long-term funding mechanism that ensures libraries can continue to provide the access and information their communities depend on.”
New $200 million FCC proposal could help schools combat cyber attacks
Critics of the pilot program include school cybersecurity expert Doug Levin, who told The 74 that many school districts do not have sufficient cybersecurity expertise and that as a result, the advanced tools the pilot wants may not be a “good fit for school systems with scarce capacity.”
“There is no argument that schools need support,” said Levin, co-founder and national director of the K12 Security Information eXchange. But the FCC’s “techno-solutions stance” on the problem, he says, is far too small to have a meaningful impact and could instead lead to a wave of vendor marketing to schools, which “some of them could ultimately convince them to buy solutions that, quite frankly, they don’t need.”
