Just this month, HALOCK saw its first incident of a high school that fell victim to a Distributed Denial of Service (DDoS) attack. Existing internet users inside the school could continue to work, but the outbound internet pipe became so clogged that no new browser sessions could be opened, impacting productivity of students and staff alike. DDoS attacks have become front page news as of late, but usually come from perpetrators wanting to:

  • Disrupt a business with whom they compete
  • Collapse traditional protections like firewalls so that they can steal financial data, intellectual property or personal information that has some economic value
  • Vandalize an organization that offends the perpetrator’s moral sensibilities.

Banks, on-line retailers, defense contractors, web-based businesses like Spamhaus just in the last few weeks: these are the organizations that are the most obvious and common victims of DDoS attacks — but high schools? High schools don’t have money. They have some personal information, but nothing special. A high school student’s Social Security number (SSN) is hardly as valuable as one belonging to an income-earning adult. They certainly don’t have any intellectual property that isn’t in the public domain already. Whom do they offend? Political extremists? I’ll tell you who… some of the students who associate the school as the source of all their coming-of-age angst. Homework, awkward social situations, etc… let’s face it, high school can be a drag for a lot of kids. It’s easy to imagine some young hacker trying to impress his/her friends by taking down their school’s internet connection. The consequences here wouldn’t seemingly be too great: a mild annoyance, to be sure, but not likely enough of a pain for a high-school to buy some DDoS protection, especially when most are struggling for enough budget to buy adequate bandwidth, a good firewall or endpoint protection: some of the more basic networking needs.

Not so fast. In the 2013-14 school year, Illinois high school students will be required to take core online tests sanctioned by the Illinois Department of Education to test students’ competency on basic curricula. This is a trend affecting most states. This means high schools are going to have to rely on the internet to train and test children, bringing the issue of protecting critical applications to the forefront. I suspect that this month’s DDoS attack, like the canary in the coal mine, indicates DDoS attacks are going the mainstream. DDoS poses a threat to internet connectivity that is going to impact high schools around the country. Hopefully, administrators will find the budgets necessary to insure that these new critical teaching and testing applications remain operational.