Month: January 2022

For teachers at a middle school in New Mexico’s largest city, the first inkling of a widespread tech problem came during an early morning staff call.

On the video, there were shout-outs for a new custodian for his hard work, and the typical announcements from administrators and the union rep. But in the chat, there were hints of a looming crisis. Nobody could open attendance records, and everyone was locked out of class rosters and grades.

Albuquerque administrators later confirmed the outage that blocked access to the district’s student database — which also includes emergency contacts and lists of which adults are authorized to pick up which children — was due to a ransomware attack.

“I didn’t realize how important it was until I couldn’t use it,” said Sarah Hager, a Cleveland Middle School art teacher.

Cyberattacks like the one that canceled classes for two days in Albuquerque’s biggest school district have become a growing threat to U.S. schools, with several high-profile incidents reported since last year. And the coronavirus pandemic has compounded their effects: More money has been demanded, and more schools have had to shut down as they scramble to recover data or even manually wipe all laptops.

“Pretty much any way that you cut it, incidents have both been growing more frequent and more significant,” said Doug Levin, director of the K12 Security Information Exchange, a Virginia-based nonprofit that helps schools defend against cybersecurity risk.

Precise data is hard to come by since most schools are not required to publicly report cyberattacks. But experts say public school systems — which often have limited budgets for cybersecurity expertise — have become an inviting target for ransomware gangs.

The pandemic also has forced schools to turn increasingly toward virtual learning, making them more dependent on technology and more vulnerable to cyber-extortion. School systems that have had instruction disrupted include those in Baltimore County and Miami-Dade County, along with districts in New Jersey, Wisconsin and elsewhere.

Levin’s group has tracked well over 1,200 cyber security incidents since 2016 at public school districts across the country. They included 209 ransomware attacks, when hackers lock data up and charge to unlock it; 53 “denial of service” attacks, where attackers sabotage or slow a network by faking server requests; 156 “Zoombombing” incidents, where an unauthorized person intrudes on a video call; and more than 110 phishing attacks, where a deceptive message tricks a user to let a hacker into their network.

Recent attacks also come as schools grapple with multiple other challenges related to the pandemic. Teachers get sick, and there aren’t substitutes to cover them. Where there are strict virus testing protocols, there aren’t always tests or people to give them.

In New York City, an attack this month on third-party software vendor Illuminate Education didn’t result in canceled classes, but teachers across the city couldn’t access grades. Local media reported the outage added to stress for educators already juggling instruction with enforcing COVID-19 protocols and covering for colleagues who were sick or in quarantine.

Albuquerque Superintendent Scott Elder said getting all students and staff online during the pandemic created additional avenues for hackers to access the district’s system. He cited that as a factor in the Jan. 12 ransomware attack that canceled classes for some 75,000 students.

The cancellations — which Elder called “cyber snow days” — gave technicians a five-day window to reset the databases over a holiday weekend.

Elder said there’s no evidence student information was obtained by hackers. He declined to say whether the district paid a ransom but noted there would be a “public process” if it did.

Hager, the art teacher, said the cyberattack increased stress on campus in ways that parents didn’t see.

Fire drills were canceled because fire alarms didn’t work. Intercoms stopped working.

Nurses couldn’t find which kids were where as positive test results came in, Hager said. “So potentially there were students on campus that probably were sick.” It also appears the hack permanently wiped out a few days worth of attendance records and grades.

Edupoint, the vendor for Albuquerque’s student information database, called Synergy, declined to comment.

Many schools choose to keep attacks under wraps or release minimal information to prevent revealing additional weaknesses in their security systems.

“It’s very difficult for the school districts to learn from each other, because they’re really not supposed to talk to each other about it because you might share vulnerabilities,” Elder said.

Last year, the FBI issued a warning about a group called PYSA, or “Protect Your System, Amigo,” saying it was seeing an increase in attacks by the group on schools, colleges and seminaries. Other ransomware gangs include Conti, which last year demanded $40 million from Broward County Public Schools, one of the nation’s largest.

Most are Russian-speaking groups that are based in Eastern Europe and enjoy safe harbor from tolerant governments. Some will post files on the dark web, including highly sensitive information, if they don’t get paid.

While attacks on larger districts garner more headlines, ransomware gangs tended to target smaller school districts in 2021 than in 2020, according to Brett Callow, a threat analyst at the firm Emsisoft. He said that could indicate bigger districts are increasing their spending on cybersecurity while smaller districts, which have less money, remain more vulnerable.

A few days after Christmas, the 1,285-student district of Truth or Consequences, south of Albuquerque, also had its Synergy student information system shut down by a ransomware attack. Officials there compared it to having their house robbed.

“It’s just that feeling of helplessness, of confusion as to why somebody would do something like this because at the end of the day, it’s taking away from our kids. And to me that’s just a disgusting way to try to, to get money,” Superintendent Channell Segura said.

The school didn’t have to cancel classes because the attack happened on break, but the network remains down, including keyless entry locks on school building doors. Teachers are still carrying around the physical keys they had to track down at the start of the year, Segura said.

In October, President Joe Biden signed the K-12 Cybersecurity Act, which calls for the federal cyber security agency to make recommendations about how to help school systems better protect themselves.

New Mexico lawmakers have been slow to expand internet usage in the state, let alone support schools on cyber security. Last week, state representatives introduced a bill that would allocate $45 million to the state education department to build a cybersecurity program by 2027.

Ideas on how to prevent future hacks and recover from existing ones usually require more work from teachers.

In the days following the Albuquerque attack, parents argued on Facebook over why schools couldn’t simply switch to pen and paper for things like attendance and grades.

Hager said she even heard the criticism from her mother, a retired school teacher.

“I said, ‘Mom, you can only take attendance on paper if you have printed out your roster to begin with,'” Hager said.

Teachers could also keep duplicate paper copies of all records — but that would double the clerical work that already bogs them down.

In an era where administrators increasingly require teachers to record everything digitally, Hager says, “these systems should work.”
…

Myanmar’s military government is set to pass a new cybersecurity law that will ban the use of internet services, a move that has been condemned by digital rights activists and business groups.

The Southeast Asian country has been in turmoil since a coup by the military last February. A widespread grassroots movement has seen thousands refuse to accept military rule, with anti-coup communications and demonstrations now largely mobilized online.

But a draft bill released by the junta, if passed, would criminalize the use of virtual private networks and online gambling, carrying a punishment of one to three years’ imprisonment and fines of up to $2,800.

The first draft of the bill was released last year, but progress on the legislation slowed after substantial public outcry and industrywide criticism. The legislation is expected to become law next week.

“We are speculating the bill will actually be official within just a few days, it might come before the first of February,” Ma Htike, a digital rights activist, told VOA.

People living in Myanmar rely heavily on internet access, especially social media platforms such as Facebook, for news, and many have struggled to get online since the junta took control of the country’s telecommunication regulators after the Feb. 1, 2021, coup. Major Norwegian telecommunication operator Telenor recently quit its operations inside the country because of the political situation.

The military regularly shuts down the internet, routinely blocks social media platforms and censors what information can be found online, all in the name of ensuring national “stability.”

But political analyst Aung Thu Nyein describes the latest draft legislation as unusually severe.

“The leaked new communication law is the most draconian law restricting many freedoms and privacy of a person,” he told VOA. “This law could be a major roadblock to technological development as well, such as prohibiting the use of digital coins and blockchain technology, etc.

“It is definitely for the purpose of oppression of freedom of speech and a tool for control,” he said.

Junta-enforced regional internet blackouts make VPNs vital to accessing independent news online via private networks outside of the country.

According to Top10VPN, Myanmar went without internet access for 72 consecutive days from February to April of last year, driving demand for VPNs up by 7,200%. The report also says the shutdowns came at a cost, with Myanmar suffering nearly $3 billion in lost revenue, according to the indicators from the World Bank, The International Telecommunication Union, Eurostat and the U.S. Census.

Htike says most of Myanmar’s citizens continue to struggle with the blackouts.

“There are still various locations that the mobile internet has not been available,” she told VOA, adding that junta-backed regulators have scheduled price increases for internet subscriptions, which is likely to pose “a big obstacle” for most citizens in a country with typically low per capita incomes.

“[The] internet plays a pivot role to send information to all parts of the country, from cities to remote corners,” said Aung Htun, a journalist for Burma VJ, an informal network of professional and citizen video journalists who pool footage. “That’s why the military tried to raise the data fees higher than previously.”

In its attempts to control the flow of information, the Myanmar military has also cracked down on the country’s media. According to Reporting ASEAN, a monitoring group in Southeast Asia, 120 journalists have been arrested with 49 still detained and 16 convicted. The licenses of at least five media outlets have been revoked.

Aung Htun also says the looming internet restrictions under the new law will put people at increased risk of arrest in public, where the military sometimes randomly searches phones.

“It’s getting more difficult to hide data in your phone. It’s better to use simple ways; don’t keep any important data in your phone,” he said, adding that journalists must “stay low, and try to be in touch with your colleagues [only] by secure network.”

Freedom House, a nonprofit research institute that ranks internet freedom by country on a scale in which 100 is “most free,” placed Myanmar at 17 in 2021.

Ten foreign businesses and industry groups in Myanmar said in a joint letter they are “deeply concerned” over the latest draft of the cybersecurity law.

“If enforced, the current draft disrupts the free flow of information and directly impacts businesses’ abilities to operate legally and effectively in Myanmar,” the statement read.

Htike said the new law could force customers to break the law in order to use basic business services.

“Myanmar’s economy really declined after the coup, but still small businesses have used social media and networks, but with this kind of [restriction] it’s going to be very difficult,” she added.

Feb. 1 marks one year since the Myanmar military removed the country’s democratically elected government. To mark the anniversary, anti-coup activists have called for a silent strike, which leaves the streets of towns and cities across Myanmar deserted.

“Silent strikes are a good strategy for people to get involved,” said Htike, who also warned that risks remain whether you’re demonstrating in the streets or online.

Myanmar’s military routinely stops and searches people to check phones for evidence of VPN activity, such as whether the phone has Facebook access, which is impossible without a VPN.

They also surveil the web for digital anti-junta activity.

In a silent protest, Htike added, “it might be difficult for [the military] to do search and seizure [on empty streets], but [even] if people are active [only] online, they can [still] be targeted there.”

Myanmar, formerly known as Burma, gained independence from Britain in 1948, but most of its modern history has been under military rule.

After a brief period of civilian rule, the military in November 2020 began making unsubstantiated claims of electoral fraud. On Feb. 1 of 2021, the military removed the democratically elected government and arrested leader Aung San Suu Kyi and President Win Myint, both of whom have since been sentenced to several jail terms.

Widespread opposition to military rule has resulted in thousands of arrests and at least 1,499 killings, according to the Thai-based Assistance Association for Political Prisoners.
…

Electric vehicles are in high demand as gas prices and concerns about carbon emissions and global warming climb. From the 2022 Washington Auto Show, VOA’s Saqib Ul Islam examines where consumers and car manufacturers think all-electric vehicles are heading in the future.

Camera: Saqib Ul Islam Produced by: Saqib Ul Islam
…

The U.S. Federal Aviation Administration announced Friday U.S.-based telecommunications companies AT&T and Verizon can activate more of their fifth-generation, or 5G, transmitters after consultation with the agency. 

Earlier this month, the telecommunication companies agreed they would delay launching the new wireless service near key airports after weeks of legal wrangling with the nation’s largest airlines and U.S. government regulators that feared the 5G service would interfere with aircraft technology and cause massive flight disruptions. 

But in its release Friday, the FAA said both companies provided additional data about the exact location of wireless transmitters and supported more thorough analysis of how 5G C-band signals interact with aircraft instruments. 

The agency said it used that data to precisely map the size and shape of the areas around airports where 5G signals might interfere with aircraft, allowing the regulators to shrink the areas where wireless operators had to delay their antenna activations. 

The FAA said that will allow wireless providers to safely turn on more towers as they deploy new 5G service in major markets across the country. The agency expressed its appreciation for the “collaborative approach” AT&T and Verizon took in providing the data. 

The FAA says it is continuing to work with helicopter operators and others in the aviation community to ensure they can safely operate in areas of current and planned 5G deployment. 

Some information for this report came from Reuters. 

 
…

Toyota is working with Japan’s space agency on a vehicle to explore the lunar surface, with ambitions to help people live on the moon by 2040 and then go live on Mars, company officials said Friday.

The vehicle being developed with the Japan Aerospace Exploration Agency is called Lunar Cruiser, whose name pays homage to the Toyota Land Cruiser sport utility vehicle. Its launch is set for the late 2020’s.

The vehicle is based on the idea that people eat, work, sleep and communicate with others safely in cars, and the same can be done in outer space, said Takao Sato, who heads the Lunar Cruiser project at Toyota Motor Corp.

“We see space as an area for our once-in-a-century transformation. By going to space, we may be able to develop telecommunications and other technology that will prove valuable to human life,” Sato told The Associated Press.

Gitai Japan Inc., a venture contracted with Toyota, has developed a robotic arm for the Lunar Cruiser, designed to perform tasks such as inspection and maintenance. Its “grapple fixture” allows the arm’s end to be changed so it can work like different tools, scooping, lifting and sweeping.

Gitai Chief Executive Sho Nakanose said he felt the challenge of blasting off into space has basically been met but working in space entails big costs and hazards for astronauts. That’s where robots would come in handy, he said.

Since its founding in the 1930s, Toyota has fretted about losing a core business because of changing times. It has ventured into housing, boats, jets and robots. Its net-connected sustainable living quarters near Mount Fuji, called Woven City, where construction is starting this year.

Japanese fascination with the moon has been growing.

A private Japanese venture called ispace Inc. is working on lunar rovers, landing and orbiting, and is scheduled for a moon landing later this year. Businessman Yusaku Maezawa, who recently took videos of himself floating around in the International Space Station, has booked an orbit around the moon aboard Tesla CEO Elon Musk’s Starship.

Toyota engineer Shinichiro Noda said he is excited about the lunar project, an extension of the automaker’s longtime mission to serve customers and the moon may provide valuable resources for life on Earth.

“Sending our cars to the moon is our mission,” he said. Toyota has vehicles almost everywhere. “But this is about taking our cars to somewhere we have never been.” 
…