A 16-year-old student was able to disrupt the Miami-Dade Public Schools e-learning system earlier this week and cause chaos across the district, including the platform virtual-only students have been using, called K12.
Police say David Oliveros attends South Miami Senior High. He was arrested during the early morning hours on Thursday and will face a judge in October.
Investigators say this was the work of the tech-savvy teen and they say others were likely involved, their hunt for the other suspects continues.
“Really what I think this highlights is the actual level of ability involved to launch an attack of these sorts. It’s very very easy,” said Randy Watkins, a cybersecurity specialist for the company CRITICALSTART.
Watkins says other school districts in Florida need to take what happened in Miami-Dade as a lesson, to ask lots of questions about what security measures third-parties use.
Could a similar attack happen in Central Florida?
The Brevard County Schools Communications Team sending FOX 35 News a statement in response to the developments in South Florida.
“Brevard Public Schools has several layers of security protecting our infrastructure, network, and systems. The safety of our students and staff is our top priority and we will continue to provide all protections possible to ensure the continuity of education for our students, teachers, and all stakeholders within our organization.”
The need to keep virtual learning platforms secure is critical in Brevard County. Since re-opening, 18 schools have seen COVID-19 cases and one of them had to close down entirely — all 580 students at that school are virtual learning again.
“I could go out onto the internet and say ‘I would like to bring down this website’ you put in your credit card information pay 20, 50, or 100 dollars, and it immediately targets the website and does damage,” Watkins said.
A K12 spokeswoman sent FOX 35 News the following statement,
“DCPS was the target of the DDoS attack, not K12. K12 was not the cause of the DDoS attack and was not responsible for the M-DCPS network. Also, note that the K12 network was not directly impacted and data was not compromised. However, as the curriculum and platform provider to M-DCPS, the network disruption and outages did impact K12’s delivery of service.”
We contacted other school districts in the region to find out about their cyber-security.
Seminole’s school system responded with this statement:
“School districts work hard to prevent cybersecurity threats on a year-round basis and work with our service providers to implement preventative measures to minimize risks. We’ve experienced Denial of Service threats in our district in the past and in each instance, developed further measures to secure and enhance any potential vulnerabilities. This is something our technical teams focus on year-round as new threats emerge.”
Other districts have yet to respond.
CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform, and Trusted Behavior Registry®. Any unauthorized use is expressly prohibited.