Tag Archive for: Minneapolis
Minneapolis students use ‘Rickroll’ prank to highlight district computer security flaws
Updated 10 p.m.
Two Minneapolis Public Schools students used an email prank Friday to draw attention to what they say are more security flaws in the district’s computer systems.
The teens, who described themselves as members of Washburn High School’s class of 2025, sent a mass email from a district account to staff and students.
Couched as a Rickroll joke, in which a prankster tricks their target into listening to Rick Astley’s “Never Gonna Give You Up,” the email linked to a detailed report that the teens wrote detailing the problems that they found, including easily accessible student photos and usernames.
Ian Coldwater, a Minneapolis-based professional hacker who helps their clients find vulnerabilities in computer systems, said in a phone interview Friday that the students uncovered serious security flaws.
MPR News is Member supported public media. Show your support today, donate, and ensure access to local news and in-depth conversations for everyone.
“There are things that are accessible from within the network that shouldn’t be,” Coldwater said. “There should be extra layers of having to be authorized to see some of this stuff, even if you are connected to the school network.”
The teens wrote in their report that a March ransomware attack targeting the district inspired them to investigate other potential information technology problems.
Coldwater, who reviewed the report for MPR News, said that the students included suggested fixes and were careful not to publish private data.
“Their work is solid,” Coldwater said. “I hope that people see their talent, see their desire and commitment to act ethically and help them cultivate it, channel it in good directions, hire them to help fix this rather than punishing them.”
The teens wrote that they were not able to access their fellow students’ grades, but that potential security flaws with Chromebook laptops could enable “academic cheating and dishonesty” when the computers are used for standardized testing.
In an email to MPR News Friday afternoon, district spokesperson Crystina Lugo-Beach downplayed this latest incident.
“This was NOT a hack, but an internal email sent out by a group of students using…
Minneapolis students use “Rickroll” prank to highlight district computer security flaws
Updated: 10:00 p.m.
Two Minneapolis Public Schools students used an email prank Friday to draw attention to what they say are more security flaws in the district’s computer systems.
The teens, who described themselves as members of Washburn High School’s class of 2025, sent a mass email from a district account to staff and students.
Couched as a Rickroll joke, in which a prankster tricks their target into listening to Rick Astley’s “Never Gonna Give You Up,” the email linked to a detailed report that the teens wrote detailing the problems that they found, including easily accessible student photos and usernames.
Ian Coldwater, a Minneapolis-based professional hacker who helps their clients find vulnerabilities in computer systems, said in a phone interview Friday that the students uncovered serious security flaws.
MPR News is Member supported public media. Show your support today, donate, and ensure access to local news and in-depth conversations for everyone.
“There are things that are accessible from within the network that shouldn’t be,” Coldwater said. “There should be extra layers of having to be authorized to see some of this stuff, even if you are connected to the school network.”
The teens wrote in their report that a March ransomware attack targeting the district inspired them to investigate other potential information technology problems.
Coldwater, who reviewed the report for MPR News, said that the students included suggested fixes and were careful not to publish private data.
“Their work is solid,” Coldwater said. “I hope that people see their talent, see their desire and commitment to act ethically and help them cultivate it, channel it in good directions, hire them to help fix this rather than punishing them.”
The teens wrote that they were not able to access their fellow students’ grades, but that potential security flaws with Chromebook laptops could enable “academic cheating and dishonesty” when the computers are used for standardized testing.
In an email to MPR News Friday afternoon, district spokesperson Crystina Lugo-Beach downplayed this latest incident.
“This was NOT a hack, but an internal email sent out by a group of students…
Ransomware group claims massive data leak but Minneapolis schools files’ whereabouts a mystery
This story comes from The 74, a nonprofit news organization that covers education in America.
A cyber gang claims it published what could be a startling amount of stolen Minneapolis Public Schools records to the internet after the district failed to meet a $1 million extortion demand, but where the actual files are now remains something of a mystery.
Early Friday morning, after the Medusa gang’s countdown clock on the ransom deadline struck zero, the files weren’t readily available for download on its dark web leak site. Instead, a “Download data now!” button directs users to contact the ransomware gang through an encrypted instant-messaging protocol. Attempts by The 74 to reach the gang have been unsuccessful.
Files from previous Medusa victims are available on a website designed to resemble a technology news blog — a front of sorts. Unlike the Medusa blog, this site is not relegated to the dark web and does not require special tools to access. Download links are also posted in a channel on Telegram, the encrypted social media service that’s been used by terror groups and far-right extremists. Yet as of Friday afternoon, the files purportedly stolen from the Minneapolis district were not available for download on either platform.
Data breaches from previous victims appear to be uploaded to the faux technology news blog about a month after their ransom expires, suggesting that the Minneapolis files could become available online after a brief lag.
Still, in a statement on Friday, the district said it “is aware that the threat actor has released certain MPS data on the dark web today.”
“We are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth and comprehensive review to determine the full scope of what personal information was impacted and to whom the information relates,” the district continued. “This will take some time. You will be contacted directly by MPS if our review indicates that your personal information has been impacted.”
Early indications suggest the files contain…