The Little Silver school district’s computer security system could be getting a major upgrade in the near future, largely due to a highly damaging virus that swept through the district's computers within the past year.
“We had a company come in and basically do a security audit for us,” said district Superintendent Carolyn Kossack at the Little Silver Board of Education meeting last week. “What we discovered is that our security is absolutely horrible.”
The company hired to examine the district’s computer security is Links Technology, but the virus has been discovered to be so extensive that the FBI is currently conducting an investigation to find the culprit. The virus is a phishing virus and is a type that is designed to extort money from the affected computer’s owner, the victim. This is done by essentially holding files hostage and asking for money in exchange for their return.
The virus has affected computers throughout the district, including that of board Secretary and school Business Administrator Amy Lerner. Lerner said she lost all of her files and has since been re-creating them on an as-needed basis. Lerner also said that she has learned that the FBI has traced the virus overseas, although the hacker has not been found.
The district’s computers are currently set up in a three-level access system, divided by students, faculty and administrators. If one person’s account contracts a virus, that virus can spread to every other account set up on the computer. With a phishing virus, reinstalling Windows after getting it can make the virus nearly impossible to decrypt and retrieve lost files. A security update would not retrieve the files that have been lost, but it would help future viruses from being contracted and spreading so extensively.
“The money that we lost, in terms of manpower, and [Lerner]— everything that she lost, it’s catastrophic,” Kossack said.
The board discussed the needed security update, but no official plans were made. Kossack said the update could cost upwards of $60,000, prompting some board members to joke that it might end up being cheaper to pay off the hacker.
Phishing viruses and scams first began in the mid-1990s, but were not fully recognized as a form of cyber crime until 2004. They have been used to attack banks, corporations and even government computer systems. Other school districts in the United States have also been recorded as victims of phishing.