Phishers steal San Diego school data going back to 2008 -- UPDATED

Originally published at: https://boingboing.net/2018/12/27/50-accounts-compromised.html

1 Like

great… not even getting a start in life and you get to deal with identity theft.
this is not the cyberpunk dystopia I was promised.

1 Like

So in my current job, I see a lot of hacked/phished/spoofed emails involving the email accounts of public sector employees (teachers, police, fire, sanitation, county board, etc.). It makes me wonder if there’s something about public sector, bless their hearts, that makes them really really bad at email security? It’s not just the stereotypical little-old-lady (ugh) teachers who use their work email to sign up for prayer lists and do all their online shopping. It’s cops and firefighters and municipal tree-trimmers and everybody else, too.

Or am I just crazy, and literally everybody uses their work email to sign up for Donald Trump commemorative coin spam email lists?

2 Likes

“Hey, we had everyone change their passwords, what more do you want?”

3 Likes

the district says it has identified the hacker

3 Likes

The only thing I can think of is that public sector employees probably get a constant stream of official e-mails to their work accounts from various government departments and agencies and unions that they’re required to read and click through on. It would be easier to slip an official-look phishing e-mail into that kind of flood.

2 Likes

Jesus - not your permanent record!

7 Likes

I see what you did there…

image

5 Likes

They intentionally allowed the attack to continue for eleven months? That’s almost criminal culpability.

Identifying the attacker is an exercise in futility. The attacks are often originating from a hacked system in an international location that has no extradition policy with the U.S. Trying to get cooperation with ISPs, record keepers, hacked server owners, public wifi hotspot owners, etc., is a lot of work that simply never pays off, no matter how big the loss.

Our defense team’s response goal is threat containment and elimination; with followup damage assessment when necessary. They use extensive monitoring tools and systems to detect attacks and respond by isolating and shutting them down within minutes of the illicit entry, not hours, days, weeks, or eleven months. We have decided we can’t afford to care who they are, we just need them out of our systems before they cause loss or damage.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.