四虎影院

Get stories like these delivered straight to your inbox. Sign up for 四虎影院 Newsletter

On the same day that millions of sensitive records purportedly stolen from the Los Angeles school district were posted for sale on the dark web, the Federal Communications Commission approved a $200 million pilot program to help K-12 schools and libraries nationwide fight an onslaught of cyberattacks. 

A Los Angeles Unified School District spokesperson confirmed they鈥檙e investigating a listing on a notorious dark web marketplace, posted Thursday by a user named 鈥淭he Satanic Cloud,鈥� which seeks $1,000 in exchange for what they claim is a trove of more than 24 million records. The development comes nearly two years after the district fell victim to a ransomware attack that led to a widespread leak of sensitive student records, some dating back years. 

Simultaneously, federal officials were citing that earlier ransomware attack in L.A. and subsequent breaches, with FCC Chairwoman Jessica Rosenworcel noting that they鈥檝e become a growing scourge for districts of all sizes.

鈥淪chool districts as large as Los Angeles Unified in California and as small as St. Landry Parish in Louisiana were the target of cyberattacks,鈥� Rosenworcel said, adding that these events lead to real-world learning disruptions and sometimes millions in district recovery costs. “This situation is complex, but the vulnerabilities in the networks that we use in our nation鈥檚 schools and libraries are real and growing.鈥�

鈥淪o today, we鈥檙e going to do something about it,鈥� she said.

The five-person FCC voted 3-2 to approve the pilot, which will provide firewalls and other cybersecurity services to eligible school districts and libraries over a three-year period. While the pilot aims to study how federal funds can be deployed to bolster the defenses of these vulnerable targets, some have criticized the initiative for being too little, too late. When Rosenworcel first outlined the proposal in July, education stakeholders demanded a more urgent and substantive federal response.

Districts selected to participate in the newly approved pilot will receive a minimum of $15,000 for approved services and the commission aims to 鈥減rovide funding to as many schools and school districts as possible,鈥� it . While the funding 鈥渨ill not, by itself, be sufficient to fund all of the school鈥檚 cybersecurity needs,鈥� the fact sheet notes, the commission seeks to ensure that 鈥渆ach participating school will receive funding to prioritize implementation of solutions within one major technological category.鈥�

The Satanic Cloud, which posted the most recent batch of LAUSD data, told 四虎影院 it鈥檚 entirely separate from what was stolen in the September 2022 ransomware attack on the nation鈥檚 second-largest school district. An executive at a leading threat intelligence company said his team suspects the data did originate from the earlier event.

The Los Angeles district is aware of the threat actor鈥檚 claims, a spokesperson told 四虎影院 in an email Thursday, and 鈥渋s investigating the claim and engaging with law enforcement to investigate and respond to the incident.鈥�

鈥業t鈥檚 definitely sensitive data鈥�

In an investigation last year, 四虎影院 found that thousands of L.A. students鈥� psychological evaluations had been leaked online after cybercriminals levied a ransomware attack on the system. The district had categorically denied that the mental health records had been compromised, but within hours of the story, acknowledged that they had.聽

Just last month, a joint investigation by 四虎影院 and The Acadiana Advocate revealed that officials at the 12,000-student St. Landry Parish School Board, located some 63 miles west of Baton Rouge, waited five months after a ransomware attack to inform data breach victims that their sensitive information had been compromised. The notice came after an earlier investigation by the news outlets uncovered that personally identifiable student, employee and business records had been exposed, despite the district鈥檚 assertion otherwise, and that St. Landry had likely violated the state鈥檚 breath notification law. Within hours of the first story publishing, the Louisiana Attorney General鈥檚 Office issued a notification warning to the district. 

The latest Los Angeles files were listed Thursday on the dark web marketplace BreachForums, briefly last month after it came under the control of federal law enforcement officials. The Federal Bureau of Investigation first targeted BreachForums in March 2023 when it, 20-year-old Conor Brian Fitzpatrick, at his home in Peekskill, New York. At the time, BreachForums was among the largest hacker forums and claimed more than 340,000 users. 

A sample file included in the L. A. listing is a spreadsheet with the names, student identification numbers and other demographic information of more than 1,000 students and their parents. Data disclose students who receive special education services, their addresses and their home telephone numbers. A list of file names suggest the records include similar information about teachers. 

Reached for comment through the encrypted messaging app Telegram, the BreachForums user who listed the Los Angeles data told 四虎影院 鈥渢here is no connections鈥� to the previous ransomware attack. The breach, the threat actor said, originated via the Amazon Relational Database Service, which allows businesses to create cloud-based databases. The service has been the that led to the public disclosure of troves of sensitive information. 

Kaustubh Medhe, the vice president of research and threat intelligence at the threat intelligence company Cyble, said the latest threat actor has a history of engaging in discussions about cryptocurrency scams on Telegram but this is the first time they鈥檝e sought to sell stolen data. Cyble鈥檚 research team, he told 四虎影院, sees 鈥渁 high likelihood鈥� that the data was sourced from files exposed in the earlier ransomware attack. 

鈥淗istorically, we have seen this kind of activity where old data leaks are recirculated on dark web forums by different actors,鈥� Medhe said. Either way, Medhe said it鈥檚 incumbent on district officials to take urgent action. The files, he said, could be useful for 鈥渟ome kind of profiling or some kind of targeted phishing activity.

鈥淚t鈥檚 definitely sensitive data, for sure,鈥� he said, adding that district officials should analyze the sample data set available online and confirm if the records align with their internal databases and, perhaps, those stolen in 2022. 鈥淭hey would need to do a thorough incident response and investigation to rule out the possibility of a new breach.鈥� 

鈥楢n important step forward鈥�

During Thursday鈥檚 FCC meeting, Commissioner Anna Gomez said the pilot program was an issue of educational equity. She cited a federal Cybersecurity and Infrastructure Security Agency , which noted that as ransomware attacks and data breaches at K-12 districts have surged in the last decade, districts with limited cybersecurity capabilities and vast resource constraints have been left most vulnerable. Connectivity, she said, is 鈥渆ssential for education in the 21st century.鈥�

鈥淭echnology and high-speed internet access opens doors and unbounded opportunity for those who have it,鈥� Gomez said. 鈥淯nfortunately, our increasingly digital world also creates opportunities for malicious actors.鈥� 

Faced with a growing number of cyberattacks, educators have for years s with money from the federal E-rate program, which offers funding to most public schools and libraries nationwide to make broadband services more affordable. It鈥檚 a move that more than 1,100 school districts endorsed in a joint 2022 letter 鈥� but one the commission declined to adopt. In a press release, the commission said the pilot was kept separate 鈥渢o ensure gains in enhanced cybersecurity do not undermine E-rate鈥檚 success in connecting schools and libraries and promoting digital equity.鈥� The pilot will be allocated through the Universal Service Fund, which was created to subsidize telephone services for low-income households. 

In , the American Library Association, Common Sense Media, the Consortium for School Networking and other groups said the selection process for eligible schools and libraries was unclear and could confuse applicants. On Thursday, the library association nonetheless expressed its support.聽

鈥淭he FCC鈥檚 decision today to create a cybersecurity pilot is an important step forward for our nation鈥檚 libraries and library workers, too many of whom face escalating costs to secure their institution鈥檚 systems and data,鈥� President Emily Drabinski said in a statement. 鈥淲e remain steadfast in our call for a long-term funding mechanism that will ensure libraries can continue to offer the access and information their communities rely on.鈥�

Among the pilot program鈥檚 critics is school cybersecurity expert Doug Levin, who told 四虎影院 that many school districts lack sufficient cybersecurity expertise and, as a result, the advanced tools that the pilot seeks to provide may not be 鈥渁 good fit for school systems with scarce capacity.鈥�

鈥淭here鈥檚 no argument that schools need support,鈥� said Levin, the co-founder and national director of the K12 Security Information eXchange. But the FCC鈥檚 鈥渢echno-solutions point of view to the problem,鈥� he said, is far too small to make a meaningful impact and could instead prompt a vendor marketing surge that 鈥渕ay end up convincing some [schools] to buy solutions that, frankly, they don鈥檛 need.鈥� 

Get stories like these delivered straight to your inbox. Sign up for 四虎影院 Newsletter