Hey, there! Log in / Register

Winthrop under cyberattack: Officials say hackers are blasting town Internet provider, disrupting remote education

Winthrop School Superintendent Lisa Howard says state and federal investigators have joined local police in looking at who might be attacking Winthrop's Internet provider and making it difficult for students to participate in remote learning in recent days. In e-mail to parents yesterday afternoon, she wrote:

This afternoon, the technology investigation team informed me that our town and schools are the target of a malicious computer attack called a Distributed Denial of Service attack (DDoS). A DDoS attack is an attack on a network designed to overwhelm bandwidth resources with large amounts of data. This type of attack prevents students and teachers from utilizing internet-based resources such as Google Classroom, email, video conferencing and other services while in school buildings.

She added:

I wish to stress - at no time was any student, employee, or financial data at risk. There was no damage to our internal computing resources, firewalls, or networks. This attack happened outside of our network. The individual, group or source of the attack has not been determined however this will continue to be investigated.

We are addressing this issue with our internet service provider along with technology experts and will have consistent service restored as soon as possible. We are also in the process of implementing additional safeguards to ensure this cannot happen again. In the interim, we will utilize alternate internet connections in the classroom to keep students learning and teachers teaching. Alternate internet connections are not the long-term plan but will allow us to continue in the Hybrid Model of learning and continue to provide in-person instruction and support to our students as we move forward with a long-term solution. We expect the temporary internet connections to arrive at each school by 12:00 p.m., tomorrow and deployed to classrooms immediately.

Comcast is the town's main Internet provider. It was reporting outages this morning.

Free tagging: 

Like the job UHub is doing? Consider a contribution. Thanks!


I should have mentioned that Lisa Howard, the Winthrop Schools Superintendent, has been nothing short of amazing. She has had plans, and backup plans, for almost everything this year has tossed her way. She has always had the students and teachers best interests in mind with every decision she has made and fought for, often times at the dismay of parents who just want their kids back in school at whatever cost. She deserves a lot of credit for keeping our kids and teachers safe.

Voting closed 12

Was the school specifically targeted, or just Comcast in general?

Voting closed 4

Are we sure this was an intentional attack, or just Comcast being Comcast. Remember the "Speeds may vary" disclaimer.

Voting closed 7

Comcast Business aka "Real Internet from Comcast's Network" not "Cable Internet" generally has much more specific terms around performance and availability.

Voting closed 16

Competent network admins can use common tools to determine the nature and scope of something like this. So it's likely true that they'd be able to tell if it's specifically targeted toward the school system. Unfortunately, while there are some fairly simple (if not inexpensive) steps that the school system & Comcast can take to counter a network attack like this, tracking down the originator may be much more difficult.

Voting closed 5

There are approximately 6,000 students in the Winthrop schools. If it's targeting the schools it shouldn't be too hard to figure out who's doing it :)

Voting closed 9

Not as simple as you might think. It's most likely being routed through a bunch of VPNs around the world to obscure the origin.

Voting closed 8

Then there's not one IP to track. There are hundreds. And they're part of a botnet, automatic bits of code usually installed on computers and IoT devices as malware, that are making the disruptive requests. And the person who set the botnet onto the target isn't one of those IPs, they are the one that sent those IPs the details of the target to set the botnet attack into motion. And that person is probably just a seller who was paid $20 to point this botnet at Winthrop schools.

In the world of IS, you don't track down DDoS attacks like it's CSI: Winthrop...you just take countermeasures and ignore them. Most of the cheapo for-hire botnets aren't doing anything sophisticated. So simple countermeasures, like firewalls that can auto-ban the IPs sending the broken packets for a few days, work wonders. The expensive well-skilled hard-to-block DDoS attacks aren't being used for smacking a townie school system's servers around. They're attempting to bring down Wikipedia, Amazon, Apple, etc.

Voting closed 32

When you’re being bled to death by a million mosquitoes, even the best anti-aircraft artillery is of little use.

Voting closed 6

Any additional info on how widespread the Comcast outage is today? Experiencing problems in Malden all day & ready to throw my modem at Comcast.

Voting closed 14

so IT person her. I've also had Comcast Business (for previous companies) so I have a clue how it works.

Also keep in mind that Comcast Business is not only business-grade coax service (similar to residential), it also includes MetroEthernet (aka Fiber) and other non-coax methods. Previous company had MetroE and had a single mode fiber cable brought to my location. I just plugged the fiber into my equipment and I was good to go. No cable modem or coax. Pure fiber.

With all of that said, I am pretty sure what they have is MetroE. Takes alot to flood one of these connections, but it is not entirely impossible.

But what gets me is why Comcast didn't do more, if this is the type of attack I am thinking of, moving their network to another node (i.e. IP, or endpoint) should fix the issue. Well assuming Comcast can do that. Technically it is possible (and the fix). My run ins with business support say otherwise knowing Comcast.

It will be interested to read once they figure out what it was.

Voting closed 8

Having dealt with all levels of IS from federal banks all the way down to town museums...I'm betting Winthrop schools falls closer to the latter scale.

They probably could have been done under by too many web harvesting spiders which would seem like a DDoS attack. I doubt Comcast was a target (or even noticed this themselves).

Voting closed 6

I can't wait for school to get back to normal.

Voting closed 11