Hacker attack on the cantonal school in Hottingen before graduation

Matura exams are being held throughout the canton of Zurich these days. The students have therefore spent the last few weeks studying. The teachers, in turn, had to come up with assignments for the final exams.

However, an incident occurred at the canton school in Hottingen in the final spurt before the end of the school year: the school was attacked by hackers in mid-May. The attackers stole access data and thus gained access to protected areas of the IT system. This will be confirmed by the school management on request.

As a result of the attack, certain Matura exams had to be rewritten. “A precautionary measure,” says Daniel Zahno, rector of the canton school in Hottingen. There is no evidence that the exam questions could have leaked out. “According to the current state of knowledge, individual access data was read out and selective information was stolen.”

After the attack, cybersecurity specialists launched an extensive investigation. The school filed a criminal complaint. Due to investigative reasons, Zahno cannot say exactly where the security gap was at the moment.

Little is known about the perpetrators and their actions. Just this much: According to the school, the cyber attack was carried out via a network node abroad. However, this does not allow any conclusions to be drawn about the whereabouts of the perpetrators.

Increase in digital crimes

Cyber ​​attacks have increased. This is shown by a look at the canton’s police crime statistics. It has recently also included figures on digital crime. The largest area is cyber fraud. Typical are cases in which a customer pays for goods online, but the online shop or private seller does not deliver them.

While around 3,400 cases of cyber fraud were recorded in 2020, a year later there were already 4,200 criminal offenses. Meanwhile, there was also an increase in cases of phishing, hacking or the use of malware, including the case of Kanti Hottingen. The number of crimes in this area rose from 555 to 815.

Criminals have recently repeatedly focused on hospitals and other healthcare facilities. So reported the “Observer”that in 2021 alone there were over 100 major cyber incidents in the healthcare sector in Switzerland. The perpetrators usually blackmail medical practices, homes or hospitals: they threaten to publish confidential patient data and demand a ransom. Or they encrypt the data and charge for the healthcare facility to be able to use it again.

The combination of sensitive data and an often poorly protected IT system makes healthcare attractive to cybercriminals.

Attacks on schools have also increased in the United States. A case from the beginning of January was sensational. A total of 5000 schools were affected by the attack, their websites were paralysed, as American media reported. The ransomware attack was directed against the company Finalsite. The private company claims to have more than 8,000 schools worldwide among its customers and offers software for content management, communication, mobile communication and enrollment.

The Zurich Department of Education is also seeing an increase in attacks. “Cyber ​​attacks have recently increased in all areas, education is no exception,” writes the canton on request. The schools are correspondingly sensitized to this threat. The protective measures would be continuously increased.

In the case of the cantonal school in Hottingen, the students were informed immediately and, as a precautionary measure, asked to change their internal school passwords.

In order for sensitive data to be protected, the schools must comply with the recommendations of the Canton of Zurich’s data protection officer and the requirements of the canton’s information security management system.

Schools are a target for attack

Lawyer Dominika Blonski has been the data protection officer for the Canton of Zurich for around two years. She does not know the exact background of the hacker attack at the canton school in Hottingen. From their point of view, schools are particularly vulnerable when it comes to information security.

There are various reasons for this: On the one hand, a large number of teachers work in schools with an even larger number of students. Everyone has certain access rights to the IT system. However, not everyone is equally aware of security risks.

The many people involved also often work with their own private devices, which are not always up to date with the latest security standards. This mixes private and school data, but also private and school activities. “Attacks via private channels such as e-mail or social media can lead to access to school data by unauthorized persons,” says Blonski.

On the other hand, schools store more and more confidential personal data. This includes reports on school psychological or other medical investigations that need to be shared with several people so that action can be taken. “As a result, information security in schools is becoming even more important,” says Blonski.

According to the data protection officer, the structure of information and communication technology is often insufficiently planned. «We often find that there is no role and authorization concept. This makes it unclear who has access to which data under what circumstances.”

When using private devices, Blonski recommends regular updates, an automatic screen lock with a strong password and the activation of a local firewall and malware protection. Data on the local device should be stored encrypted. If school servers or school cloud products can be accessed via the Internet, there should also be two-factor authentication.

School has taken preventive measures

The Cantonal School Hottingen has now introduced such a security measure, which requires an additional PIN to be entered when logging in.

Together with the security experts, the school also took preventive measures to prevent the hackers from causing further damage. According to the school management, the data stored on the affected information systems has remained intact according to current knowledge.

Rector Daniel Zahno emphasizes that the school was able to continue operating without restrictions despite the cyber attack. The Matura exams also got off to a good start on Thursday. Zahno says he is confident that the final exams can now go smoothly. “That’s the most important.”