A secondary school near Burton-on-Trent in East Staffordshire had admitted that its website was knocked offline at various points by hackers in recent weeks. The attack appears to be denial-of-service (DoS), with hactivism group Anonymous reportedly taking responsibility.
Burton Mail reports that John Taylor High School’s website suffered from “significant periods of downtime during the past few weeks”, adding that a member of Anonymous had contacted the newspaper directly to claim responsibility.
“It has come to our immediate attention that the security used for school systems is not up to scratch,” the member said when interviewed. “This is putting pupils at risk of being targeted by paedophiles who have acquired the skill to access data which could lead them to being able to collect information and stalk pupils.”
The member continued: “We give every school in this country one month to fix their pitiful security systems. If, after that time, we can still achieve penetration at a reasonable level of attack we will personally disable their systems.
“We do not expect them to be able to stop us at an advanced level, however the level of hack used on the John Taylor systems highlighted a very serious problem.”
Mike Donoghue, head teacher at John Taylor, which has around 1,500 students, confirmed that they were still investigating the incident, and added that the systems are now fully functional.
Speaking to SCMagazineUK.com earlier today, Donoghue drilled down into some of the details, confirming that the outage related specifically to The Vault, a virtual learning environment – developed by FROG but hosted on the school’s servers – which is used to host teaching materials, former test papers and other revision guidance.
The school, a specialist ‘science and leadership academy;, was first alerted to the downtime by students, on Twitter, who were trying to access the system, with IT technicians subsequently blocking all IP address so no-one could access the service. The second outage lasted a “couple of days” over the Easter Bank Holiday weekend.
Donoghue was keen to stress that there was “no breach” of sensitive student data, and said that the school continues to work with providers RM and FROG to monitor the issue, and harden their existing security controls. Students were informed of the issue during assembly, and parents have also been made aware.
The principal said that the effect of the incident was “largely mitigated” because the downtime wasn’t overly long, and most of the materials could still be accessed by “just a few more clicks on Google”.
He also doubted the possibility of Anonymous being behind the attack, saying that the outages stopped after students were alerted to the situation.