Cyber-Attack Derails Common Core Testing in N.J. School District
A New Jersey school district was all set this week to begin testing students using a brand-new online assessment aligned to the Common Core State Standards.
But unknown hackers who shut down the district’s entire computer network had something else in mind: holding out for a ransom payment in exchange for restoring operations.
“There’s basically no tech service happening in Swedesboro-Woolwich right now,” Superintendent Terry Van Zoeren told the South Jersey Times on Monday. “Essentially our network has been taken over and has been made nonoperational.”
Officials for the Swedesboro-Woolwich schools, serving about 2,000 students, discovered over the weekend that the district’s entire computer network had been locked down from the outside. According to the newspaper, a ransom message followed, demanding 500 bitcoins (a digital form of currency). That’s the equivalent of about $125,000.
The district is working to rebuild its computer networks on its own after having been been “strongly discouraged” from paying the ransom, according to the Courier Post newspaper in Cherry Hill, N.J. And it’s not even clear that doing so would have solved the problem.
“There’s a slim chance they’re working with honorable terrorists,” technology expert David Suleski, owner of Cherry Hill-based TechStarter, told the Courier-Post, noting more than 95 percent of ransomware attacks originate outside of the United States. Most ransomware “cyberterrorists” opt to “take the money and run,” he said.
New Jersey is one of 10 states, plus the District of Columbia, administering the new Partnership for Assessment of Readiness for College and Careers (PARCC) assessment this spring. Another 18 states that have adopted the Common Core are using the Common Core assessment developed by the Smarter Balanced consortium and are using a different online assessment to measure student knowledge, while still others are going their own way (Education Week has a handy map showing each state’s plans for spring testing).
To be sure, the nationwide rollout of the new online assessments has been bumpy at times, but that’s no less than what education technology experts predicted given the disparities in readiness among schools, districts, and states.
Robert Shaeffer, public education director of the nonprofit advocacy group FairTest, told me it was pointless to speculate on whether the New Jersey hacker – or hackers – knew the Common Core assessment was on the schedule when deciding to make Swedesboro-Woolwich a target. And while intentional service interruptions have happened before to school districts, the ransom demand “is certainly something new and different,” Shaeffer said.
“The reality is that in the rush to implement the new Common Core tests, the actual capacity of many school computers and district networks has been ignored,” Shaeffer said. “In a dozen states the systems are not yet ready for prime time.”
Shaeffer’s organization is rallying parents, students, and educators in grassroots efforts to push back against the Common Core assessments and what the group considers a climate of over-reliance on standardized tests. FairTest has tracked a long trail of recent testing disruptions – ranging from brief postponements to full-on server crashes – stretching from Rhode Island to California.
In Florida, some schools took an online standardized test “without a hitch,” the Tampa Bay Times reported earlier this month, while server problems and intentional cyber-attacks disrupted the assessment elsewhere in the state. That’s lead to concerns about the credibility of the tests, according to the reporting.
As for Swedesboro-Woolwich, the FBI and the Office of Homeland Security are investigating the attack on the district’s network. In the meantime, teachers and students continue to make the most of each school day even without classroom technology like Smart Boards that have become routine.
As the superintendent told the South Jersey Times, “”We are operating as if it’s about 1981 again.”