This year hackers have attacked at least 27 United States school districts and 28 colleges. The recent hack of the Los Angeles Unified School District involved LAUSD receiving a ransom demand after a Labor Day security breech causing a shutdown of the district’s computer systems. In a ransomware attack, cyber criminals break into a network to encrypt or to steal files which then may be held for ransom hidden on the dark web. Let’s get a couple of terms under our belts. The Surface Web. This is the part of the World Wide Web also known as the visible web, indexable web, or Clearnet. It is content on the World Wide Web that is indexed by popular search engines like Google. Search engines create a database of pages on the internet through programs called web spiders, also called web crawlers or search engine bots. These automated programs roam the internet, compiling information about web pages and indexing them by keywords or other appropriate information for easy retrieval by search engines. So, you can type in a subject and find all kinds of sites giving you the information you are looking for. The Deep Web. This refers to parts of the internet you can’t access with standard search engines (browsers) like Google, Bing or Yahoo. Sites on the Deep Web are not indexed by these common search engines. Imagine a card catalogue in a library that has every book in the library ‘indexed’ or recorded by title, author and location on the library shelves. Now imagine an infinite library with no card catalogue system of indexing. There would be no help locating a specific book you are seeking. Actually, you use the deep web all the time. You need authentication to reach them like a user ID and password. All your personal email, your banking, your medical records, your educational records, etc., are located in the Deep Web. They are on the World Wide Web but are not public. The Dark Web. This is part of the non-indexed Deep Web. Sites on the Dark Web are not indexed, and are not accessible to most browsers. You need a special, anonymous browser like Tor to get to the Dark Web. An anonymous browser provides anonymity by keeping all communication private. This happens due to encryption and the routing of content through multiple web servers to keep its true origin hidden. After my first trip to the DarkWeb, I closed down my computer wanting to dunk it into a bucket of bleach and then do the same thing to myself. It was horrible…murder for hire, drugs, sex trafficking…. Ugh! But I have come to appreciate the positive side of the Dark Web as a place whistle blowers and dissidents or others wanting to share sensitive information can get their messages out to the world and still remain anonymous. What Happened at LAUSD? Over Labor Day Weekend, when cyber security was not as heavily manned as usual at LAUSD, hackers broke into the district’s information and management systems. The intent of the hackers was a double ransom proposition. They wanted to lock LAUSD out of the school management systems and gain access to sensitive student and employee data. The target then would have to pay a ransom to get their systems opened up again and have the data returned, which, even after payment is made, is no guarantee of truly returning the stolen data. A group called Vice Society took credit for the attack. So, how did this happen? Imagine all the student login/passwords and employee login/passwords that might have been shared and the thousands of people using the system. Some of those thousands might not be so careful, some may deliberately inject malware into their target. and some might sign onto personal, unprotected sites during breaks. Add in all the months and months of COVID-19 home instruction on computers, tablets and phones plugged into who knows what. What a security nightmare! Luckily for LAUSD, the hackers didn’t have time to complete their plan or the whole system would have been shut down and taken months to recover. The district intercepted the attack and deactivated all its systems in the middle of the attack, avoiding a catastrophic breach. As it is, we are not sure yet exactly what information was taken but we do know that after Superintendent Alberto Carvalho refused to pay any ransom, some information was leaked to the Dark Web. That information made some students and employees vulnerable to identity theft. While things have quieted down, it doesn’t mean the hackers won’t retry hitting LAUSD by bypassing the security products installed on the network. Hackers do their work for fun and profit, and like a challenge. Now What? A joint cybersecurity advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that federal agencies have “observed...actors disproportionately targeting the education sector with ransomware attacks.� The LAUSD systems have been turned back on slowly to avoid any “tripwire� that may have been left by the hackers to trigger system failures. There is a hotline established to answer questions and provide support: (855) 926-1129. Impacted individuals will be provided with credit-monitoring services. Students and staff must reset their passwords, an enormous project. Of course, many committees are being formed to study and address this problem. My advice: spend the money on cyber experts, not administrators. Vamos a Ver!