Responding too slowly? – Data theft at Basel schools: computer science teacher criticizes authorities – News


Contents

Those responsible have informed how many people are affected by the hack. The procedure immediately after the attack is not only met with understanding.

761 people were directly affected by data theft at the Basel Department of Education (ED). This was announced by the authority after an analysis of the data published on the Darknet.

Files “with potentially sensitive personal content” were probably also stolen and published by these 761 people. This can be, for example, clarifications by the school psychological service or the KESB.

No content reviews due to privacy concerns


open box
close the box

Legend:

A group of cybercriminals stole data from a total of 1133 people and put it on the dark web.

key stone

A total of over 30,000 users are registered in the hacked “eduBS” network. According to the report, around 3 percent are directly affected by the cyber attack. A group of cybercriminals stole data from a total of 1133 accounts on the education server and placed it on the dark web.

Of the 761 people directly affected, 224 are schoolchildren, 195 teachers and 342 administrative employees.

The Digitization and Informatics Department of the ED analyzed the data directories. These provide information about the owner of the data and about the file names, but not about the content. These were not checked for data protection reasons.

In addition, the 30,000 users of the network have the opportunity to do a self-check by e-mail. You will then receive an answer as to whether you have been affected by the data theft.

The ED only asked the approximately 30,000 users of the hacked “eduBS” network to change their password around two months after the attack became known.

In the meantime, the school authorities had obtained help from an external IT security company and initiated various measures.

The canton’s late reaction triggers criticism

One has to reckon with a cyber attack these days, says Michael Wüthrich, computer science teacher at the Leonhard Gymnasium in Basel. However, the former Green Councilor criticizes that the school authorities waited far too long before asking all users to change their passwords.

Portrait of Michael Wuthrich

Legend:

Computer science teacher Michael Wüthrich accuses the Basel school authorities of having taken safety precautions much too late.

SRF

“If you discover a hacker attack, one of the first measures must be to deactivate all user accounts and ask users to change their passwords – and to do this within a short time,” says Wüthrich. In the present case, that only happened about two months after the blackmail.

Martin Lutz, a cyber security expert at the IT company Axians, agrees that the immediate request to change your password is a standard measure. “If you consider that such a well-known and large hacker group is behind such an attack, you can also assume that other users are affected.”

IT security expert Martin Lutz in an interview

Legend:

If passwords are stolen, there is a risk that hackers will cause further damage, according to IT security expert Martin Lutz.

SRF

Normally, the passwords should be changed within 24 to a maximum of 48 hours, according to the IT expert.

“Acted according to the current state of knowledge”

Basel Education Director Conradin Cramer says he reacted immediately when the extent of the attack became clear. “When we realized that the password database was also stolen, we asked all users to change their passwords.” And with around 30,000 users, including thousands of teachers, that is not an easy task.

Conradin Cramer gesticulates at the press conference

Legend:

Conradin Cramer, Basel’s education director, says he acted as soon as the extent of the hacker attack was clear.

KEYSTONE/Georgios Kefalas

It was difficult decisions. On the one hand, it was not clear for a long time which data had been stolen and the school had to continue. On the other hand, by the end of January it was clear that the attack was being launched by clever cybercriminals. “In retrospect, we might have asked our users to change their passwords earlier if we had known the extent of the data theft at the time,” says Cramer.

Is the school network secure now?

The education director assumes that the network was secure again as early as January and the hackers were no longer able to steal any more data.

Computer science teacher Wüthrich is skeptical. He thinks it’s possible that the hackers still have certain access points. He also has a guess as to why the education department reacted so late. “From my point of view, an attempt was made to let the whole thing disappear under the radar. Hope is good, but action is better.”

source site-72