Pedagogical Phishing: Understanding The Morton School District Cyber Attack

The recent Morton School District hack is a reminder that everyone is at risk from cyber attacks, and provides valuable insight into how to bolster security.

School Hackers

As computer systems become embedded in every aspect of our lives, no one is safe from cyber attacks. Public schools are particularly vulnerable, as they store sensitive data on their students and employees but often lack the training and equipment to adequately defend it. A recent attack against the Morton School District in Illinois demonstrates just how widespread the risk is. It also serves as an example of what school districts should and should not do to prevent and respond to attacks, potentially helping other schools to keep themselves safe in the future:

Analyzing The Attack

On 31 January 2017, Russian hackers used a phishing scam to gain access to sensitive data from the Morton School District in Tazewell County, Illinois. The hackers sent an email claiming to be from Lindsey Hall, the district’s superintendent, requesting information for W2 forms. A staff member responded to the email by sending out the names, social security numbers, and salary information for 400 of the district’s employees. When the employee received another email from that address requesting more information, she became suspicious and contacted the police. Investigators determined that the email had not come from the superintendent, tracing it to Russian servers instead.

Because the district acted quickly, the potential damage from this attack is low. Although the hackers learned the social security numbers of 400 employees, they did not receive their birth dates or addresses, limiting what they can do with those figures. Authorities provided the employees who were affected by tracking applications they could use to analyze unusual activity that involved their social security numbers. Nonetheless, the fact that Russian hackers successfully stole information from an Illinois school district is unsettling, prompting concerns that other schools may be at risk.

Proactive Prevention

In many ways, the Morton School District is a model for how to respond to cyber attacks. The staff quickly identified suspicious activity, contacted the authorities, and took the necessary steps to keep themselves safe. Ideally, however, school districts should never have to respond to the attack in the first place. Districts should maintain the risk of hacking to a minimum by:

  • Educating Employees– Districts should train their staff on proper cyber security measures, notably by teaching them how to recognize and avoid common scams.
  • Assessing Access– Social Security Numbers and other sensitive information should not be available to any employee. Districts should control who has access to such data, thereby minimizing the number of staff who could fall victim.
  • Reinforcing With Redundancy– In addition to stealing information, hackers can also prevent institutions from accessing their data and systems. Schools should have redundant systems and data storage to minimize the risk from such an attack.
  • Security Steps– School districts must institute and regularly update security software, strong passwords, and physical protection for their hardware.

Centerpoint IT offers schools, businesses, and all other Roswell institutions with valuable cyber security support. For more information on keeping yourself safe, contact info@centerpointit.com or (404) 781-0200 today.

Used by permission