The Basel school network has been hacked. Since the canton of Basel-Stadt was not prepared to pay a ransom, 1.2 terabytes of data were published on the darknet. Among them are report cards as well as school psychology reports on individual students.
Huge amount of data
The unknown parties behind the cyber attack must have penetrated the eduBS system, the education server of Basel schools, in January at the latest. This is separate from Basel’s wider computer infrastructure. Both teachers and students have access to the server and can create their own folders and upload data. In addition to classroom-related content, the data also includes report cards, teaching reports and school psychology reports. The unknown persons presumably gained access through a compromised password of a teacher.
The canton of Basel-Stadt had already been threatened with the publication of the data at the end of January if a demanded ransom was not paid. At the time, the canton assumed that only a small amount of data was affected and that the incident would not have any serious consequences. The Basel Department of Education did not respond to the ransom demand, but filed a complaint.
Government council would not act differently
The responsible government councilor, Conradin Cramer (LDP) showed himself shocked in view of the mass of data that has now been published, but states that he views the decision against paying the ransom as positive, even with the current knowledge: “The canton cannot allow itself to be blackmailed, cannot pay a ransom. That is not possible.” Cramer also states that the canton invested early and intensively in cybersecurity, but now had to realize that these efforts were not sufficient: “In retrospect, we should have done more years ago, invested more in the security infrastructure. We are no different than many people, than many companies.”
BianLian as a hacking group?
According to SRF, the group behind the act is BianLian, which has also appeared in other cyberattacks. Originally, it encrypted the data found on its victims’ computers and released it in exchange for payment of a ransom. This practice has now arguably been replaced by sucking the data away – presumably because Avast released a program in January that can decrypt encrypted data, rendering ransomware attacks ineffective.
Further information can be found on a FAQ page of the responsible education department of the canton of Basel-Stadt.