Hackers publish school district’s student data after threatening to ‘kill some kids’

David Bisson

Hackers publish school district's student data after threatening to 'kill some kids'

Text messages

Hackers published the student directory of an Iowa school district online after they threatened to “kill some kids” at local schools.

The trouble began on the evening of 2 October when parents living within the boundaries of Johnston Community School District received some troubling text messages from an unknown number. One chain of messages talked about the innocence of the recipient’s 4-year-old son and then urged them to not have anyone look outside. The message ended with an ominous warning: “I’m only getting started.”

Other messages were much more overtly violent in nature, with some threatening harm against local school kids.

Not surprisingly, many parents called the police. Local law enforcement received dozens of reports along those same lines that night. Not wanting to risk the safety of her students, Johnston Schools Superintendent Corey Lunn decided to close all schools the following day.

Lunn told The Des Moines Register that it was a difficult call to make:

“This is a tough decision. It’s not something that we take lightly, but at the end of the day it’s our first priority to keep students and staff safe, and I believe we did that today.”

Investigators soon thereafter determined that the threats weren’t linked to any credible danger. But that didn’t matter to the hackers. Satisfied with sowing fear among parents and students, a familiar face claimed responsibility for the attacks when schools reopened on 4 October.

The Dark Overlord…of course. It’s a hacker group with a reputation for leaking sensitive data online, holding information for ransom, and (more recently) targeting schools with threats of violence.

Unfortunately, the miscreants didn’t stop there. The next day, contemptible criminals published a Johnston Community’s full student directory replete with student names, addresses, and telephone numbers. Why? To add insult to injury.

They also made public a series of calls and text messages they’d received from concerned parents and students following their Monday night high jinks. Most contained very strong language. Some even had some threats of their own.

And why should they have not? In threatening innocent school children, the Dark Overlords revealed themselves to be some of the most disgusting people on the face of this planet. Those jollies that they wrongly get from hacking unsecured school networks don’t excuse their behavior, not to mention the danger they might pose.

Speaking candidly, I would love nothing more than to see them, in the words of one worried parent, end up “in a hole” as a result of a foolish mistake. And sooner rather than later.

David Bisson David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

4 Replies to “Hackers publish school district’s student data after threatening to ‘kill some kids’”

  1. They are operating in at least two other U.S. school districts, as well (one in MT and one in TX): https://www.databreaches.net/no-holds-barred-thedarkoverlord-threatens-students-with-physical-violence-to-send-fbi-a-message-to-back-off/. And, are threatening to release even more sensitive and damaging information: https://www.pogowasright.org/a-privacy-nightmare-may-be-looming/.

    Indeed, as schools are moving more of their data and operations online, the vulnerabilities are growing (https://www.edtechstrategies.com/k-12-cyber-incident-map/), but the DO attacks are…extreme.

  2. I wonder; if the leaked information (and their statement regarding sex crimes), leads to or actually triggers said crimes, is there a case for https://en.wikipedia.org/wiki/Accessory_(legal_term) to the crimes or https://en.wikipedia.org/wiki/Aiding_and_abetting the criminal(s) and if the hackers' identities are uncovered & released to the public, how fast they will be able to run, from grief–stricken parents? Fill in your own meme text https://imgflip.com/s/meme/Liam-Neeson-Taken-2.jpg

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES