ALBUQUERQUE: For teachers at a middle school in New Mexico’s largest city, the first inkling of a widespread tech problem came during an early morning staff call.
On the video, there were shout-outs for a new custodian for his hard work, and the typical announcements from administrators and the union rep. But in the chat, there were hints of a looming crisis. Nobody could open attendance records, and everyone was locked out of class rosters and grades.
Albuquerque administrators later confirmed the outage that blocked access to the district’s student database — which also includes emergency contacts and lists of which adults are authorized to pick up which children — was due to a ransomware attack.
“I didn’t realize how important it was until I couldn’t use it,” said Sarah Hager, a Cleveland Middle School art teacher.
Cyberattacks like the one that canceled classes for two days in Albuquerque’s biggest school district have become a growing threat to US schools, with several high-profile incidents reported since last year. And the coronavirus pandemic has compounded their effects: More money has been demanded, and more schools have had to shut down as they scramble to recover data or even manually wipe all laptops.
“Pretty much any way that you cut it, incidents have both been growing more frequent and more significant,” said Doug Levin, director of the K12 Security Information Exchange, a Virginia-based nonprofit that helps schools defend against cybersecurity risk.
Precize data is hard to come by since most schools are not required to publicly report cyberattacks. But experts say public school systems — which often have limited budgets for cybersecurity expertise — have become an inviting target for ransomware gangs.
The pandemic also has forced schools to turn increasingly toward virtual learning, making them more dependent on technology and more vulnerable to cyber-extortion. School systems that have had instruction disrupted include those in Baltimore County and Miami-Dade County, along with districts in New Jersey, Wisconsin and elsewhere.
Levin’s group has tracked well over 1,200 cybersecurity incidents since 2016 at public school districts across the country. They included 209 ransomware attacks, when hackers lock data up and charge to unlock it; 53 “denial of service” attacks, where attackers sabotage or slow a network by faking server requests; 156 “Zoombombing” incidents, where an unauthorized person intrudes on a video call; and more than 110 phishing attacks, where a deceptive message tricks a user to let a hacker into their network.
Recent attacks also come as schools grapple with multiple other challenges related to the pandemic. Teachers get sick, and there aren’t substitutes to cover them. Where there are strict virus testing protocols, there aren’t always tests or people to give them.
In New York City, an attack this month on third-party software vendor Illuminate Education didn’t result in canceled classes, but teachers across the city couldn’t access grades. Local media reported the outage added to stress for educators already juggling instruction with enforcing COVID-19 protocols and covering for colleagues who were sick or in quarantine.
Albuquerque Superintendent Scott Elder said getting all students and staff online during the pandemic created additional avenues for hackers to access the district’s system. He cited that as a factor in the Jan. 12 ransomware attack that canceled classes for some 75,000 students.
The cancelations — which Elder called “cyber snow days” — gave technicians a five-day window to reset the databases over a holiday weekend.
Elder said there’s no evidence student information was obtained by hackers. He declined to say whether the district paid a ransom but noted there would be a “public process” if it did.
Hager, the art teacher, said the cyberattack increased stress on campus in ways that parents didn’t see.
Fire drills were canceled because fire alarms didn’t work. Intercoms stopped working.
Nurses couldn’t find which kids were where as positive test results came in, Hager said. “So potentially there were students on campus that probably were sick.” It also appears the hack permanently wiped out a few days worth of attendance records and grades.
Edupoint, the vendor for Albuquerque’s student information database, called Synergy, declined to comment.
Many schools choose to keep attacks under wraps or release minimal information to prevent revealing additional weaknesses in their security systems.
“It’s very difficult for the school districts to learn from each other, because they’re really not supposed to talk to each other about it because you might share vulnerabilities,” Elder said.
Last year, the FBI issued a warning about a group called PYSA, or “Protect Your System, Amigo,” saying it was seeing an increase in attacks by the group on schools, colleges and seminaries. Other ransomware gangs include Conti, which last year demanded $40 million from Broward County Public Schools, one of the nation’s largest.
Most are Russian-speaking groups that are based in Eastern Europe and enjoy safe harbor from tolerant governments. Some will post files on the dark web, including highly sensitive information, if they don’t get paid.
While attacks on larger districts garner more headlines, ransomware gangs tended to target smaller school districts in 2021 than in 2020, according to Brett Callow, a threat analyst at the firm Emsisoft. He said that could indicate bigger districts are increasing their spending on cybersecurity while smaller districts, which have less money, remain more vulnerable.
A few days after Christmas, the 1,285-student district of Truth or Consequences, south of Albuquerque, also had its Synergy student information system shut down by a ransomware attack. Officials there compared it to having their house robbed.
“It’s just that feeling of helplessness, of confusion as to why somebody would do something like this because at the end of the day, it’s taking away from our kids. And to me that’s just a disgusting way to try to, to get money,” Superintendent Channell Segura said.
The school didn’t have to cancel classes because the attack happened on break, but the network remains down, including keyless entry locks on school building doors. Teachers are still carrying around the physical keys they had to track down at the start of the year, Segura said.
In October, President Joe Biden signed the K-12 Cybersecurity Act, which calls for the federal cybersecurity agency to make recommendations about how to help school systems better protect themselves.
New Mexico lawmakers have been slow to expand Internet usage in the state, let alone support schools on cybersecurity. Last week, state representatives introduced a bill that would allocate $45 million to the state education department to build a cybersecurity program by 2027.
Ideas on how to prevent future hacks and recover from existing ones usually require more work from teachers.
In the days following the Albuquerque attack, parents argued on Facebook over why schools couldn’t simply switch to pen and paper for things like attendance and grades.
Hager said she even heard the criticism from her mother, a retired school teacher.
“I said, ‘Mom, you can only take attendance on paper if you have printed out your roster to begin with,’” Hager said.
Teachers could also keep duplicate paper copies of all records — but that would double the clerical work that already bogs them down.
In an era where administrators increasingly require teachers to record everything digitally, Hager says, “these systems should work.”
Cyberattacks increasingly hobble pandemic-weary US schools
https://arab.news/nghzb
Cyberattacks increasingly hobble pandemic-weary US schools
- Cyberattacks like the one that canceled classes for two days in Albuquerque’s biggest school district have become a growing threat to US schools
Brazil strikes deal with Musk’s Starlink to curb criminal use in the Amazon rainforest
- Starlink will begin requiring identification and proof of residence from all new users in Brazil’s Amazon region starting in January
- Starlink, which first arrived in the region in 2022, has enabled criminal groups to manage mining operations in remote areas
BRASILIA: Brazil’s Federal Prosecutor’s Office announced Friday a deal with Elon Musk’s Starlink to curb the use of its services in illegal mining and other criminal activities in the Amazon.
Starlink’s lightweight, high-speed Internet system has rapidly spread across the Amazon, a region that for decades struggled with slow and unreliable connectivity. But the service has also been adopted by criminal organizations, which have used it to coordinate logistics, make payments and receive alerts about police raids.
It’s the first agreement of its kind aimed at curbing such use following years of pressure from Brazilian authorities.
Starlink, a division of Musk’s SpaceX, will begin requiring identification and proof of residence from all new users in Brazil’s Amazon region starting in January. The company will also provide Brazilian authorities with user registration and geolocation data for Internet units located in areas under investigation.
If a terminal is confirmed to be used for illegal activity, Starlink has committed to blocking the service. The deal is for two years and can be renewed.
Illegal gold mining has contaminated hundreds of miles of Amazon rivers with mercury and disrupted the traditional lives of several Indigenous tribes, including the Yanomami. Starlink, which first arrived in the region in 2022, has enabled criminal groups to manage mining operations in remote areas, where logistics are complex and equipment and fuel must be transported by small plane or boat.
“The use of satellite Internet has transformed the logistics of illegal mining. This new reality demands a proportional legal response. With the agreement, connectivity in remote areas also becomes a tool for environmental responsibility and respect for sovereignty,” federal prosecutor André Porreca said in a statement.
Illegal gold miners and loggers have always had some form of communication, mainly via radio, to evade law enforcement. Starlink, with its fast and mobile Internet, has significantly enhanced that capability, Hugo Loss, operations coordinator for Brazil’s environmental agency, told The Associated Press in a phone interview.
“They’ve been able to transmit in real time the locations of enforcement teams, allowing them to anticipate our arrival, which seriously compromises the safety of our personnel and undermines the effectiveness of operations,” Loss said. “Cutting the signal in mining areas, especially on Indigenous lands and in protected areas, is essential because Internet access in these locations serves only criminal purposes.”
Jair Schmitt, head of environmental protection for the agency, said what’s also needed is tighter regulation on the sale and use of such equipment.
The AP emailed James Gleeson, SpaceX’s vice president of communications, with questions about the deal, but didn’t immediately receive a response.
Tech firms warn ‘Scattered Spider’ hacks are targeting aviation sector
- Neither company has gone into detail about the intrusions or commented on any potential links between the incidents and Scattered Spider
WASHINGTON: Tech companies Google and Palo Alto Networks are sounding the alarm over the “Scattered Spider” hacking group’s interest in the aviation sector.
In a statement posted on LinkedIn on Friday, Sam Rubin, an executive at Palo Alto’s cybersecurity-focused Unit 42, said his company had “observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry.”
In a similar statement, Charles Carmakal, an executive with Alphabet-owned Google’s cybersecurity-focused Mandiant unit, said his company was “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider.”
Neither executive identified which specific companies had been targeted, but Alaska Air Group-owned Hawaiian Airlines and Canada’s WestJet have both recently reported being struck by unspecified cyber incidents.
Neither company has gone into detail about the intrusions or commented on any potential links between the incidents and Scattered Spider.
The loose-knit but aggressive hacking group, alleged to at least in part comprise youngsters operating in Western countries, has been blamed for some of the most disruptive hacks to hit the United States and Europe in recent memory.
In 2023, hackers tied to the group broke into gaming companies MGM Resorts and Caesars Entertainment, partially paralyzing casinos and knocking slot machines out of commission.
Earlier this year, the group wreaked havoc at British retailers. More recent targets include the US insurance industry.
Rwanda, Congo sign peace deal in US to end fighting, attract investment
- Deal calls on DRC and Rwanda to aunch a regional economic integration framework within 90 days
- Trump aims to end years of fighting, warns of ‘severe penalties’ if deal is violated
WASHINGTON/PARIS/KINSHASA: Rwanda and Democratic Republic of Congo signed a US-brokered peace agreement on Friday, raising hopes for an end to fighting that has killed thousands and displaced hundreds of thousands more this year.
The agreement marks a breakthrough in talks held by US President Donald Trump’s administration and aims to attract billions of dollars of Western investment to a region rich in tantalum, gold, cobalt, copper, lithium and other minerals.
At a ceremony with US Secretary of State Marco Rubio in Washington, the two African countries’ foreign ministers signed the agreement pledging to implement a 2024 deal that would see Rwandan troops withdraw from eastern Congo within 90 days, according to a copy seen by Reuters.
Kinshasa and Kigali will also launch a regional economic integration framework within 90 days, the agreement said.
“They were going at it for many years, and with machetes — it is one of the worst, one of the worst wars that anyone has ever seen. And I just happened to have somebody that was able to get it settled,” Trump said on Friday, ahead of the signing of the deal in Washington.
“We’re getting, for the United States, a lot of the mineral rights from the Congo as part of it. They’re so honored to be here. They never thought they’d be coming.”
Rwandan Foreign Minister Olivier Nduhungirehe called the agreement a turning point. Congo Foreign Minister Therese Kayikwamba Wagner said it must be followed by disengagement.
Trump later met both officials in the Oval Office, where he presented them with letters inviting Congolese President Felix Tshisekedi and his Rwandan counterpart Paul Kagame to Washington to sign a package of agreements that Massad Boulos, Trump’s senior adviser for Africa, dubbed the “Washington Accord.”
Nduhungirehe told Trump that past deals had not been implemented and urged Trump to stay engaged.
Trump warned of “very severe penalties, financial and otherwise,” if the agreement is violated.
Rwanda has sent at least 7,000 soldiers over the border, according to analysts and diplomats, in support of the M23 rebels, who seized eastern Congo’s two largest cities and lucrative mining areas in a lightning advance earlier this year.
The gains by M23, the latest cycle in a decades-old conflict with roots in the 1994 Rwandan genocide, sparked fears that a wider war could draw in Congo’s neighbors.
Economic deals
Boulos told Reuters in May that Washington wanted the peace agreement and accompanying minerals deals to be signed simultaneously this summer.
Rubio said on Friday that heads of state would be “here in Washington in a few weeks to finalize the complete protocol and agreement.”
However, the agreement signed on Friday gives Congo and Rwanda three months to launch a framework “to expand foreign trade and investment derived from regional critical mineral supply chains.”
A source familiar with the matter told Reuters on Friday that another agreement on the framework would be signed by the heads of state at a separate White House event at an unspecified time.
There is an understanding that progress in ongoing talks in Doha — a separate but parallel mediation effort with delegations from the Congolese government and M23 — is essential before the signing of the economic framework, the source said.
The agreement signed on Friday voiced “full support” for the Qatar-hosted talks.
It also says Congo and Rwanda will form a joint security coordination mechanism within 30 days and implement a plan agreed last year to monitor and verify the withdrawal of Rwandan soldiers within three months.
Congolese military operations targeting the Democratic Forces for the Liberation of Rwanda (FDLR), a Congo-based armed group that includes remnants of Rwanda’s former army and militias that carried out the 1994 genocide, are meant to conclude over the same timeframe. Reuters reported on Thursday that Congolese negotiators had dropped an earlier demand that Rwandan troops immediately leave eastern Congo, paving the way for the signing ceremony on Friday.
Congo, the United Nations and Western powers say Rwanda is supporting M23 by sending troops and arms.
Rwanda has long denied helping M23, saying its forces are acting in self-defense against Congo’s army and ethnic Hutu militiamen linked to the 1994 Rwandan genocide, including the FDLR.
“This is the best chance we have at a peace process for the moment despite all the challenges and flaws,” said Jason Stearns, a political scientist at Simon Fraser University in Canada who specializes in Africa’s Great Lakes region.
Similar formulas have been attempted before, Stearns added, and “it will be up to the US, as they are the godfather of this deal, to make sure both sides abide by the terms.”
The agreement signed on Friday says Rwanda and Congo will de-risk mineral supply chains and establish value chains “that link both countries, in partnership, as appropriate, with the US and US investors.”
The terms carry “a strategic message: securing the east also means securing investments,” said Tresor Kibangula, a political analyst at Congo’s Ebuteli research institute.
“It remains to be seen whether this economic logic will suffice” to end the fighting, he added.
War-torn nations face growing poverty and hunger crisis
- World Bank warns that 39 fragile states are falling further behind as conflicts get deadlier
WASHINGTON: The world’s most desperate countries are falling further and further behind, their plight worsened by conflicts that are growing deadlier and more frequent.
That is the sobering conclusion of the World Bank’s first comprehensive study of how 39 countries contending with “fragile and conflict-affected situations’’ have fared since the COVID-19 pandemic struck in 2020.
“Economic stagnation — rather than growth — has been the norm in economies hit by conflict and instability,” said Ayhan Kose, the World Bank’s deputy chief economist.
Since 2020, the 39 countries, which range from the Marshall Islands in the Pacific to Mozambique in sub-Saharan Africa, have seen their economic output per person fall by an average 1.8 percent a year. In other developing countries, by contrast, it grew by an average of 2.9 percent a year over the same period.
FASTFACT
The World Bank finds that countries involved in high-intensity conflict — which result in more than 150 deaths per million people — experience a cumulative drop of 20% in their gross domestic product, or the output of goods and services, after five years.
More than 420 million people in the fragile economies are living on less than $3 a day — the bank’s definition of extreme poverty. That is more than the combined total of everywhere else, even though the 39 countries account for less than 15 percent of the world’s population.
Many of these countries have long-standing problems with crumbling infrastructure, weak governance, and low educational standards.
People in the 39 countries get an average of just six years of schooling, three years fewer than those in other low- and middle-income countries. Life expectancy is five years shorter, and infant mortality is twice as high.
Increasing conflicts have made things worse.
In the 2000s, the world saw an annual average of just over 6,000 conflicts — in which organized groups used armed force against other groups or civilians and caused at least one death. Now the yearly average exceeds 20,000.
The conflicts are more lethal, too: In the 2000s, they took an average of fewer than 42,000 lives a year. From 2000 through 2024, the number averaged almost 194,000.
Of the 39 countries, 21 are involved in active conflicts, including Ukraine, Sudan, Ethiopia, and Gaza.
The World Bank finds that countries involved in high-intensity conflict — which result in more than 150 deaths per million people — experience a cumulative drop of 20 percent in their gross domestic product, or the output of goods and services, after five years.
More conflict also means more hunger: The World Bank estimated that 18 percent — around 200 million — of the people in the 39 countries are “experiencing acute food insecurity’’ compared with just 1 percent in other low and middle-income countries.
Some countries have managed to escape the cycle of conflict and economic fragility. Kose cites Nepal; Bosnia and Herzegovina; Rwanda; and Sri Lanka as relative success stories.
And the World Bank report notes that the 39 countries do enjoy strengths, including natural resources such as oil and natural gas, and a lot of young, working-age people at a time when many economies are aging.
“Some of them are very rich when it comes to their tourism potential,’’ Kose said.
“But you need to have security established. You and I are not going to go and visit these places unless they are safe, even though they might be the most beautiful places in the world.’’
Man pleads not guilty to hate crimes in attack on Colorado demonstration for Israeli hostages
- Mohamed Sabry Soliman was indicted earlier this week on 12 hate crime counts in the June 1 attack
- Soliman’s attorney, David Kraut, entered the not guilty plea on Soliman’s behalf during a quick hearing
DENVER: A man accused of hurling Molotov cocktails at a group of people who were demonstrating in Boulder, Colorado, in support of Israeli hostages pleaded not guilty Friday to federal hate crime charges.
Mohamed Sabry Soliman was indicted earlier this week on 12 hate crime counts in the June 1 attack. He is accused of trying to kill eight people who were hurt by the Molotov cocktails and others who were nearby.
Soliman’s attorney, David Kraut, entered the not guilty plea on Soliman’s behalf during a quick hearing.
Magistrate Judge Kathryn Starnella noted that lawyers had acknowledged that a plea agreement in the case was possible later.
Soliman, wearing a khaki jail uniform, entered the courtroom smiling and holding an envelope in his handcuffed hands. His right hand and arm were wrapped in a thick bandage as they were when he appeared in court last week, when an investigators testified that Soliman had burned himself as he threw the second of two Molotov cocktails at the group.
He listened to a translation of the hearing provided by an Arabic interpreter through headphones. He did not speak during the hearing.
Investigators say Soliman told them he intended to kill the roughly 20 participants at the weekly demonstration on Boulder’s Pearl Street pedestrian mall. But he threw just two of his over two dozen Molotov cocktails while yelling “Free Palestine.”
Soliman, who is also being prosecuted in state court for attempted murder and other charges, told investigators he tried to buy a gun but was not able to because he was not a “legal citizen.”
He posed as a gardener, wearing a construction vest, to get close to the group before launching the attack, according to court documents. He was also indicted for using fire and an explosive to attack the group and for carrying an explosive, which were included in the hate crime counts.
Federal authorities say Soliman, an Egyptian national, has been living in the US illegally with his family.
Soliman is being represented in state and federal court by public defenders who do not comment on their cases to the media.
Prosecutors say the victims were targeted because of their perceived or actual national origin.
At a hearing last week, Kraut, Soliman’s defense attorney, urged Starnella not to allow the case to move forward. Kraut said the alleged attack was not a hate crime. He said it was motivated by opposition to Zionism, the movement to establish and sustain a Jewish state in Israel.
An attack motivated by someone’s political views is not considered a hate crime under federal law.
