ST. PETERSBURG, Fla. (WFLA) – A computer system safeguard that the Pinellas County School District was paying for unknowingly lapsed this year, allowing a 17-year-old student to access and disrupt the district’s system, according to school officials.
According to a St. Petersburg police arrest affidavit, the high school student allegedly broke into the district computer network March 22 and 25 and caused the district internet network to fail. The teen was charged with a third-degree felony for illegally accessing a computer system network and is scheduled to be arraigned June 17. A call to his home was not answered.
Pinellas County School District spokesperson Isabel Mascarenas said representatives of the district internet provider Charter-Spectrum said, “they failed to maintain” what is known as distributed denial-of-service (DDoS) DDoS protection, “even though we were continuing to pay the contracted amount.”
The company said the lapse hit after the school system migrated school online services to a new platform in late 2020, according to Macarenas, who said the district was credited $23,000 for the issue.
Charter-Spectrum spokesperson Joe Durkin said the company worked with the district to resolve the attack.
“Together, we have put measures in place to help prevent future internet service disruptions related to DDoS attacks,” Durkin said.
According to the district, the issue clogged the regular computer traffic and stopped system users from accessing the internet but “no student or personnel information was ever accessed or in danger.”
District spokesperson Elizabeth Herendeen said there was no “districtwide notification since no information was accessed or compromised at any time.”
Mark Montgomery, from the Cyberspace Solarium Commission, said the district is fortunate the suspect did not do more damage, and he added parents should be notified if a district system is hacked in this way.
“Absolutely. The parents are the guardians for all these students,” Montgomery said. “And I think it’s ethically egregious. You need to inform a person and you need to inform a gaurdian and in fact we need to pass a law to make that happen.”
We’ve seen these crimes become more prevalent — nationally and locally in recent months.
On Feb. 5, the Oldsmar water supply system was hacked, with the suspect trying to poison 15,000 residents by spiking the levels of lye in the supply.
This month, the cyber gang known as Darkside was blamed by the FBI for forcing Colonial Pipeline to take its system offline in a ransomware attack that slowed almost half of the east coast fuel supply.
According to Montgomery, data shows educational institutes are among the most vulnerable to ransomeware attacks.
His organization blames budget decisions that leave cyber security on the cutting room floor.
“I think we now understand just like you don’t leave physical security on the cutting room floor, you don’t leave cyber security on the cutting room floor and you need to make those investments,” Montgomery said.
Montgomery said a proposed state law, the Enhancing K-12 Cyber-Security Act, would help districts with funding and other tools to better protect their computer networks.