News - Sauk Valley

Seesaw hack a sobering reminder that schools are data-rich targets

An image of the Seesaw login page as seen on a desktop computer browser. The school-parent-student messaging portal experienced a "credential stuffing" attack on Sept. 13. Sterling Public Schools and Dixon Public Schools disabled access to the app this week until the issue was resolved.

DIXON — It was a matter-of-fact item on the Dixon Public Schools agenda on Wednesday: the disposal of technology.

The district spent the summer clearing out the old, making room for the new.

The list was code numbered, but it appeared the district was removing from service 143 monitors, 74 laptops, 49 desktop computers, 21 Chromebooks, eight terminals, six servers, five projectors, three cameras, and a printer.

“It was nothing that happened internally on our servers or anything to do with us. But of course, it is always a very scary thing because you are so vulnerable and we hear more and more of cyber concerns.”

—  Margo Empen, superintendent Dixon Public Schools

And no, the old gear isn’t for sale to the general public, as IT director James Manley told the board of education.

“By the time we are ready to dispose of them, it’s time for them to go,” he said.

A company that will dispose of them will do so in an environmentally safe way, Manley said.  Moreover, the information on the machines will be wiped.

Given the events of this month in terms of school digital security, that latter action might be the overriding concern.

Only seven days earlier, the district was in the same boat as some 70% of the nation’s school districts. They temporarily shut down the parental communication link Seesaw after the app had been hacked by means of a “credential stuffing” attack.

It turns out that only 0.5% of the app’s users were compromised. And there’s been no incidents since. Still, it was a sobering reminder that schools are targets.

“When you’re not in control of it, it is always very nerve wracking,” said Margo Empen, superintendent.

“It was nothing that happened internally on our servers or anything to do with us,” she added. “But of course, it is always a very scary thing because you are so vulnerable and we hear more and more of cyber concerns.”

Dixon Public Schools uses Seesaw as a communication link in grades K-5.

Sterling Public Schools also uses Seesaw as a component of its PreK-3 students.

Superintendent Tad Everett said in a story reporting on the incident that Seesaw reacted quickly to alert schools and shut down the attack. “Once they realized they had been technologically breached, they got on the problem immediately,” Everett said. “Within 48 hours they had corrected the issue and we were back up and running.”

The school year started in early September with a ransom-ware style attack on the Los Angeles Unified School District. The Associated Press reported that while no ransom demand was made, and the first day of school started on time, the nation’s second largest school district had to reset passwords for 540,000 students and 70,000 employees.

The K-12 Security Information Exchange tracks cyber attacks on U.S. schools. It says there have been 1,331 incidents since 2016. So far, Northwest Illinois has largely been untouched by these attacks. But the K-12six.org map shows one nearby incident: Rochelle Community Consolidated district was subjected to a personal data breach.

The Illinois Department of Innovation and Technology identified the types of attacks that schools and state agencies are most vulnerable to. In its report, “State of Illinois Cybersecurity Strategy 2021-2025″ it identified the threats as malware, social engineering, hacking, credential compromise, web attacks and distributed denial-of-service attacks.

A February issue of Education Week described the relationship between schools and cyberattackers “as a bit of a cat-and-mouse game.” It said schools are tempting targets because they have loads of personal data.

Empen said Manley is always looking at the level of security.

“You know we can control security at our end with the firewalls and the things that we have in place,” she said. “But what is it on their end that’s helping with that? So, we always want to make sure we are dealing with reputable companies.”

In the case of the Seesaw attack, Dixon Public Schools notified parents and students immediately. “I think people appreciated knowing that their personal information, nothing like that, was compromised,” Empen said.

The true aim of the attack on Seesaw isn’t known. In this case it involved an image intended to shock. According to the culture website gizmodo, hackers commonly infiltrate school district Zoom meetings or websites, posting porn or other NSFW material.

Troy Taylor

Troy E. Taylor

Was named editor for Saukvalley.com and the Gazette and Telegraph in 2021. An Illinois native, he has been a reporter or editor in daily newspapers since 1989.