Advertisement

Miami high schooler charged in DDoS attacks against district

A 16-year-old junior admitted to orchestrating eight attacks that blocked students and teachers from accessing their virtual learning platform, authorities said.
hooded figure in front of computer
(Getty Images)

Authorities in Miami on Thursday arrested a 16-year-old high school student who admitted to orchestrating a wave of cyberattacks that disrupted the first week of online classes for Miami-Dade County Public Schools.

The student, a junior at South Miami Senior High School, admitted responsibility for at least eight distributed-denial-of-service attacks against the Miami-Dade schools’ online learning platform, which disrupted the ability of teachers and students to access their virtual classrooms, officials said.

“It is disheartening that one of our own students has admitted to intentionally causing this kind of disruption, however, I am confident that the M-DCPS family will continue to show its resilience and commitment to education, in the face of adversity,” Superintendent Alberto M. Carvalho said in a press release.

Miami-Dade, like many school systems around the country, is beginning its fall semester with online instruction as the coronavirus pandemic, which has killed more than 11,000 Floridians, drags on.

Advertisement

According to law enforcement officials, the attacks targeted My School Online, which also suffered a software glitch Monday, though Carvalho said it was resolved later that day.

But the DDoS attacks overwhelmed the schools’ networks with traffic, preventing educators and students from logging into the My School Online platform. While school officials told users who were already logged in to remain logged in, the attacks blocked as many as 170,000 users from accessing the platform. School officials said the attacks only impeded the ability to access distance learning tools and did not compromise any sensitive data.

“At no time were our firewalls compromised and no student or employee personal data was accessed. The cyberattacks did create a significant burden and caused massive disruption to all District web-based systems,” read a statement from Miami-Dade schools on Tuesday.

As of Thursday morning, district leaders were advising students and teachers in grades 6-12 to fall back to using Microsoft Teams, Zoom and other video-conferencing tools while the cyberattacks were being remediated.

The student who admitted to carrying out the DDoS attacks told police that he used an online service to carry them out. He was charged with felony computer use in an attempt to defraud and misdemeanor interference with an educational institution. The investigation was conducted by Miami-Dade County Schools Police, the Florida Department of Law Enforcement and federal agents from the FBI and U.S. Secret Service.

Advertisement

While the student arrested Thursday admitted to eight DDoS incidents, authorities said the school district has been hit by at least a dozen such attacks, several of which remain under investigation.

But the attacks have also caught the attention of Florida’s representatives in Congress. On Wednesday night, Republican Sen. Marco Rubio, the acting chairman of the Senate Intelligence Committee, asked acting Homeland Security Secretary Chad Wolf for a briefing on the cybersecurity of the Sunshine State’s K-12 school systems.

“As a father, I know firsthand the importance of having our children in school and learning, including a safe return to sports for our student athletes,” Rubio wrote in a letter to Wolf. “However, it now appears that hostile actors, including foreign cybercriminals, are now targeting online classrooms in order to further disrupt the lives of Americans.”

Rep. Debbie Mucarsel-Powell, a Democrat whose district includes part of Miami-Dade County, asked FBI Director Christopher Wray for a similar briefing.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed is the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He has written extensively about ransomware, election security, and the federal government's role in assisting states, localities and higher education institutions with information security.

Latest Podcasts