Sunday, December 22, 2024
39.0°F

'Cyber terrorists' threaten schools, students staff; seek ransom

by CHRIS PETERSON
Editor | September 18, 2017 3:56 PM

It was a surreal and sometimes frightening week for the Columbia Falls School district amid a “cyber terrorism” attack on the school, staff, police and parents.

The attack came in the form of vile and threatening text messages forcing law enforcement to shut down the schools for three days across Flathead County. It later evolved into an attempt at extortion, as the hackers threaten to release sensitive information on school students and staff they stole from school servers.

On Monday afternoon, in front of a crowd of concerned parents at the high school, Columbia Falls Police Chief Clint Peters laid out a series of events that started last Wednesday night which prompted law enforcement officials to close the schools from Thursday to Monday.

At about 8:30 p.m. last Wednesday night, two school administrators and two police officers — one of which no longer even works for the department — received text messages making a direct threat on the school.

The threats then spread to other schools in the county and public schools, including Flathead Valley Community College, all shut down.

The perpetrator used a textnow application, which makes the sending phone number anonymous, though it did give a 406 area code. The first text actually came on Tuesday and was a “test” text, Peters told parents.

The perpetrator also was able to hack into a Columbia Falls server through one of the school’s computer labs and stole personal information on teachers, parents and students. They, too, then began receiving threatening and violent text messages, threatening people’s lives.

One text, circulated on social media, said, in part, “You’re lucky law enforcement did not give me the opportunity to exterminate your pathetic child’s life.”

The police department, the Flathead County Sheriff’s Department and the FBI jointly began an investigation.

Later Monday, Flathead County Sheriff Chuck Curry released even more details.

“We feel this is important to allow our community to understand that the threats were not real, and were simply a tactic used by the cyber extortionists to facilitate their demand for money,” Curry said in a press release.

The ransom letter uses personal, private information about certain students in the Columbia Falls School District as an extortion tool for money. The group, which refers to itself as TheDarkOverlord Solutions, is located outside of the United States and is also the subject of active investigations by authorities in other parts of the country, according to the sheriff’s office.

Curry said he believes the threats made by the group were basically a “scare tactic” to incite fear prior to issuing their ransom for money.

The ransom letter gave the Columbia Falls School District 48 hours to agree to pay between $100,000 and $150,000 over 12 months — and, in exchange, the group stated they would not release the information they have stolen from the school.

Text contained in the extortion message, addressed to the Board of Trustees of Columbia Falls, hints at why threats were also aimed at other school districts in the valley.

“We learned through previous dealings with other educational institutions that the most efficient way to have you understand and accept one of our offers was to really sell you hard ... We decided to bring other districts into the show to increase the liability of your own district.”

The letter also states, “If you don’t do what we propose, we can and will cause you a lot of financial and reputational (sic) damage.”

The hackers were able to bounce their Internet Protocol address from server to server, which kept investigators from tracking their exact location.

An IP address, in simple terms, is like a return address on a letter.

With that information in hand, law enforcement officials gave the clear to reopen schools starting on Tuesday. “They’re nowhere near us and not a threat to the community,” Peters said.

Having said that, police are still taking several precautions. Each of Columbia Falls’ schools will have an officer on campus through the week and schools will be locked down, save for main entrances.

The district itself still has to get its network back up and running, explained Superintendent Steve Bradshaw. Bradshaw said he would try the best as he could on Monday to get bomb-sniffing dogs to clear the schools before they opened on Tuesday.

The district has several problems to deal with from the hack. For one, Bradshaw noted, the hackers were able to hack the school’s security cameras. The school is working with a firm to secure its servers and its security cameras.

Hackers have likely stolen years of records of students and staff. The school stopped recording student’s Social Security numbers years ago, Bradshaw said. But they were able to steal other information, like medical records, addresses, phone numbers and other personal information.

Parents should contact family medical professionals about the hack and also keep an eye out for other suspicious financial activity. The perps used some of the information for nefarious means, texting some students and parents about intimate details of their medical history in threats, Peters noted.

“It’s likely they got everyone’s phone number,” Bradshaw said.

Bradshaw said, however, that the school would not penalize students who decided not to attend.

While Peters told the crowd that he couldn’t 100 absolutely guarantee the safety of the staff and student body, he was confident in law enforcement precautions and was sending his four children back to Columbia Falls schools.

What investigators aren’t revealing, at least at this point, is why the perp chose Columbia Falls and Flathead County.

They urged anyone who gets a threat in the future to not respond and to contact law enforcement immediately as they continue to pursue the case.

Overall, parents were appreciative of law enforcement and school efforts and gave them a round of applause.

Peters said at one point, he had worked 39 straight hours on the case.

Curry said there was a lot of internal discussion about releasing the ransom letter, but the sheriff’s office had discovered the cyber-hacker group has frequently failed to live up to its promises not to release stolen data in the past, even when the ransom demands have been met.

“Certainly that’s a concern and we understand the sensitivity of the situation. But even if the school district met their ransom demands there is a history of instances that shows the information is still released,” Curry said. “It was stolen and is in the hands of bad people and whether or not they release that, unfortunately, is not in our control.”

This story was updated on Wednesday from an earlier version.