Please ensure Javascript is enabled for purposes of website accessibility

Case Studies on Online Learning Platforms Cyberattacks

Zoombombing/classroom hijacking scenarios

  1. In Massachusetts two schools have reported zoom bombing incidents. One of the schools reported that while a teacher was conducting an online class using Zoom software, an unidentified individual dialed and joined the ongoing session without authorization. This individual yelled and shouted the teacher’s home address. In the second school reported that an unidentified individual joined a Zoom class session without authorization. In this incident, the individual was visible on the video camera and displayed body tattoos. Read more about this case study here.
  2. In San Francisco Bay Area, a school in Berkley reported a zoombombing attack. In this attack, an unknown adult male joined the session without authorization, exposed himself to teenagers, shouted obscenities and made inappropriate gestures during a virtual art class video conference before the teacher ejected him from the session. Read more about this case.
  3. In Kenya, Braeburn School and St Austin’s Academy reported zoom bombing attacks. Both schools reported that the Zoom sessions were infiltrated by hackers who posted pornographic material that disrupted the classes. Read more

Security breaches case studies

  1. In July 2020, security researchers from WizCase discovered unprotected databases belonging to multiple e-learning platforms that were exposed online without password protection. The databases leaked students’ personally identifiable information (PII) such as names, emails, passwords, ID numbers, contact numbers, addresses, birth dates, course details, and school information, of one million users. The databases were hosted on insecure servers, which allowed anyone to access it without any authentication. WizCase stated that it found five breaches from separate online educational institutions across the globe.   According to WizCase, the e-learning platforms that suffered data breaches include:
    • Escola Digital, a Brazil-based online learning platform, suffered a data leak that exposed over 75,000 private records of students and teachers.
    • South Africa-based online learning platform MyTopDog lost over 800,000 students’ personal records.
    • Okoo, a Kazakhstan-based online course portal, lost around 7,200 records that held students’ personally identifiable information and administrative data.
    • The U.S.-based online education platform Square Panda lost around 15,000 personal records of parents and teachers. Read more
  2. In April 2020, K12 Inc. an online learning platform used by more than 500 schools globally, recorded a security breach which left the personal records of 19,000 students exposed on an unsecured cloud server. Read more
  3. In Kenya it was reported that a group of students from Jomo Kenyatta University of Agriculture and Technology (JKUAT) gained unauthorized access to Moodle and changed their overall exam grades and fees. Read more

Identity theft/masquerading

In July 2020, as millions of Chinese students were sitting for their national university entry exam, cases of how an identity theft scandal robbed hundreds of previous candidates of their dreams emerged. Officials in the eastern province of Shandong said a two-year investigation had found more than 280 people involved in stealing the identities of students sitting the National College Entrance Examination. The announcement prompted public outcry and Chinese lawmakers to vow a crackdown on corruption in the sector. Read more

Ransomware

  1. Louisiana public schools: In July 2019, Louisiana Governor declared a state of emergency after three public school districts fell victim to ransomware. A State of Emergency was re-invoked in November when another ransomware attack affected 10% of Louisiana’s 5,000 network servers and more than 1,500 computers. Read more
  2. Rockville Centre School District: On July 25, 2019, Ryuk ransomware hit Rockville Centre School District. The district’s insurance carrier negotiated the ransom demand of US$176,000 down to US$88,000, which was covered by them. Read more
  3. Las Cruces Public Schools: In late October 2019, a ransomware attack infected thousands of servers and devices in Las Cruces Public Schools, New Mexico. The district disagreed to pay the ransom and instead ended up reformatting close to 30,000 devices. Read more
  4. Gadsden Independent School District (ISD). In February 2020, for the second time in a year, the school district was compromised by ransomware. Because of the attack, the district had to shut down its entire internet and communication systems. This included phone service across all of its 24 school sites, as well as supporting locations. School officials estimated that it would take four to five days to restore their internet and phone communications, as employees worked to clean computers. Read more

Licence

Icon for the Creative Commons Attribution-ShareAlike 4.0 International License

Cybersecurity Training for Teachers Copyright © 2023 by Commonwealth of Learning is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book