Students scramble after security breach wipes 13,000 devices
- Thread starter JournalBot
- Start date
Upvote
100
(100
/
0)
This is exactly the same problem as CrowdStrike. It’s a mistake to put this much power in the hands of one person, organization, or company.
Upvote
66
(83
/
-17)
Upvote
63
(71
/
-8)
It wipes the device, if you're setup correctly then a device wipe is an inconvenience rather than a major issue. i.e Leveraging OneNote for notes and using OneDrive etc for file storage and photo backup. Hell, you can even have managed Apple accounts and segregation of work apps too.
Yes, this is a massive issue in terms of time and in this instance data loss. But it really doesn't have to be this way with a little bit of effort. Like shit me, I support over 2000 devices with an IT team of 2. It's not hard.
Upvote
53
(64
/
-11)
I’m curious as to who has the busiest beat at Ars lately… Dan or Beth Mole who has the previous posting. Cyber shit or crazy health shit … might be a tie.
Upvote
41
(43
/
-2)
Crying Croc
Wise, Aged Ars Veteran
I am just a home laptop user. I think my "external vulnerabilities" (meaning those I have little control over) are just my internet connection and OS updates. At the app level, my apps are local / portable. And all of my data are local as well. All backed up in multiple locations.
My phone is by definition much more connected. But even here, my data is always local, or at least synced and backed up along with my laptop data.
Things are always changing, but for my own limited needs, I like to keep my current setup for as long as practicable.
My phone is by definition much more connected. But even here, my data is always local, or at least synced and backed up along with my laptop data.
Things are always changing, but for my own limited needs, I like to keep my current setup for as long as practicable.
Upvote
1
(11
/
-10)
Upvote
34
(37
/
-3)
Currently, I am following the incident (living in Singapore) and not much is known about the cause of the incident on my end as well.
The attack seems to have been timed to coincide with the students’ examinations which are scheduled to take place next week. Some have lost years of notes (one school leaned in heavily on iPads and good notes).
Not sure if there is a takeaway to be had from all this.
The attack seems to have been timed to coincide with the students’ examinations which are scheduled to take place next week. Some have lost years of notes (one school leaned in heavily on iPads and good notes).
Not sure if there is a takeaway to be had from all this.
Upvote
39
(39
/
0)
with respect, i think the takeway is obvious: if you have years of important data, back it up. somewhere, that would be a start.
Upvote
86
(88
/
-2)
Yeah. Generally student devices are set to do cloud backups just because kids are likely to lose or break them. If my iPad is accidentally wiped I have to log back in and wait for the apps to reinstall and that's it.
If they also managed to wipe the cloud backups in an unrecoverable way they have even bigger problems.
Upvote
55
(55
/
0)
So, no one apparently asked, Quis custodiet ipsos custodes?
Seems to be a recurring * cough * Cloudstrike * cough * issue.
Upvote
-14
(4
/
-18)
If the devices are in DEP but the MDM is down, they could all be stuck waiting on it to be fixed before they can be reprovisioned.
Upvote
13
(14
/
-1)
Crying Croc
Wise, Aged Ars Veteran
For an app like an image viewer or word processor; yeah, definitely want to sandbox, zero trust, etc. But for a security app like antivirus, it's harder to draw the line. They would be useless without admin rights - they need to be powerful to recognize and neutralize baddies - but powerful also means potentially dangerous.
Upvote
11
(12
/
-1)
If the Chromebooks were synced to Google (why wouldn't they?), all files can be undeleted via the Admin Console.
Not sure about iPads, though.
Not sure about iPads, though.
Upvote
-7
(5
/
-12)
Unfortunately, I don't see a way around it. How do you efficiently administer tens of thousands of devices without some uniformity and centralized control in the hands of relatively few people? Those people screwing up will always be a risk, but adding more people responsible for smaller groups of devices doesn't make you safer. It's just trading the occasional large fire for constant ongoing small fires while making day to day administration way more difficult and expensive.
As far as I can tell, the only way to make this problem better is to make your systems more resilient to shit going wrong (and maybe using canary deploys for all upgrades before you roll then out to ten thousand devices to avoid clownstrikes...)
Upvote
39
(41
/
-2)
johnlsenchak
Wise, Aged Ars Veteran
Hacker wipes 13,000 devices after breaching classroom management platform
https://www.bleepingcomputer.com/ne...-classroom-management-platform/?sa=1#cid33352
Upvote
1
(2
/
-1)
Upvote
7
(9
/
-2)
Upvote
21
(21
/
0)
Yep my onenote and OneDrive are synced to 5 devices. The service or à computer can fail and I'll still have 5 copies..
Upvote
1
(3
/
-2)
Here’s what the news had to say.
'How am I going to pass my O-Levels': Students lose notes due to Mobile Guardian hack
“We didn’t even know that this was going to happen, so it just caught us all off guard,” said one Secondary 4 student who discovered her notes were gone just as she sat down to revise.
I am not familiar enough with said platform to understand how it works exactly, but it seems the data is irretrievably lost
Upvote
13
(14
/
-1)
I find it hard to believe that an entity that manages school devices doesn't also have the responsibility to back them up to the cloud. Also, why are company employees still using poor password and phishing habits in this day and age?
Upvote
13
(13
/
0)
This company had previously experienced a data breach earlier in April.
https://www.moe.gov.sg/news/press-r...thorised-access-into-mobile-guardians-systems
Seems they have learnt nothing.
Upvote
11
(11
/
0)
I must admit I know next to nothing about enterprise management of iPads and Chromebooks, but I'm a bit surprised it involves physically wiping and reinstalling in an IT office. Does the management software not have the ability to apply an image or a manifest that would automate the process?
I had the same reaction when I read Delta's CEO talking about "touching and restarting 40K servers." In 2024?
I had the same reaction when I read Delta's CEO talking about "touching and restarting 40K servers." In 2024?
Upvote
9
(10
/
-1)
So, today on the way to work at my job as a pizza driver I'm thinking, "Even a bad day at this job is better than a good day at my IT jobs."
So, the Gods decided to test me and I get back to the store a few hours into my shift and the hot side of the oven looks like a bomb went off, the cut table is piled with boxes and burned and smashed pizzas, there's a cut pizza upside down on the floor and the stuff coming out of the oven is colliding. We had to remake a pizza for my order three times because of this mess. It took half an hour to get everything worked out and for me to get back on the road the whole time I'm like, "I am a leaf on the wind, watch how I soar."
Then I come home, see this (and the CrowdStrike mess a couple weeks ago), and I defend my earlier statement.
So, the Gods decided to test me and I get back to the store a few hours into my shift and the hot side of the oven looks like a bomb went off, the cut table is piled with boxes and burned and smashed pizzas, there's a cut pizza upside down on the floor and the stuff coming out of the oven is colliding. We had to remake a pizza for my order three times because of this mess. It took half an hour to get everything worked out and for me to get back on the road the whole time I'm like, "I am a leaf on the wind, watch how I soar."
Then I come home, see this (and the CrowdStrike mess a couple weeks ago), and I defend my earlier statement.
Upvote
34
(34
/
0)
Depending on how it hooks into the system, and what option the hackers triggered, it could be a security remote wipe, the type of thing you would do with a stolen device, so not really wanting it to be able to just restore itself with your apps and configurations until you are sure it is securely in your hands again. You wouldn't want a potential attacker to load a compromised OS on the device, have your software remotely reattach it to your network, and let them get in that way.
Upvote
21
(21
/
0)
I'm having a hard time believing high school kids are bothering with notes from the previous term.
Upvote
-10
(1
/
-11)
Here’s what the news had to say.
'How am I going to pass my O-Levels': Students lose notes due to Mobile Guardian hack
“We didn’t even know that this was going to happen, so it just caught us all off guard,” said one Secondary 4 student who discovered her notes were gone just as she sat down to revise.www.channelnewsasia.com
I am not familiar enough with said platform to understand how it works exactly, but it seems the data is irretrievably lost
Adding this kind of whammy to high-stakes exams is absolutely a tough place to be, and it calls into question a number of things, in addition to the obvious one of the concept of a high-stakes test in and of itself.
- Why were students not encouraged and/or required to back up their notes, if in fact they were not? Part of my first wife's study habits in school involved transcribing her in-class notes to a second notebook--not as back-up should her original notes be lost (though it did, in fact, create a back-up), but it also allowed her to structure and clarify her notes as part of the mental process needed to move the information from short-term to longer-term memory.
- Why did the MOE not have a default backup process to a secure server when connected to the school wifi, and/or allow students to backup to storage at home or to a personal cloud account? I just looked after reading this story, and I have copies of my notes from a graduate program I finished more than a dozen years ago on two different devices (neither of which is the device on which I took the notes), each device backed up to two, separate, different places, and the notes themselves accessible via two different logins from other approved devices, should the first two devices not be available.
- Who evaluated the April 12 email and decided it was not worth elevating?
More gently, did the student mentioned in the story to which you linked believe she could sit down the night before her exam and memorize four years worth of notes? I empathize, having had a rude awakening my freshman year in college with a chemistry class that kicked my butt and took my lunch money until I stepped back and invested effort in learning how to study.
Upvote
-4
(8
/
-12)
One who was affected explained to me that their tablet was wiped AND the company's backup of the tablet files was also wiped. The student had files automatically backed up but the backups were also trashed. The files were in a format that wouldn't allow a second backup to another cloud service (or so the student was led to believe).
Upvote
26
(26
/
0)
Around 6 months ago the company I worked for changed it's BYOD policy and started ramming Microsoft Intune down our throats and threatened to disconnect our BYOD's. I raised this as a potential issue and was informed it would never happen. I refused to install it and told them they can consider me as unavailable when not in the office as I will not have this installed.
And here we are a few months later ...
And here we are a few months later ...
Upvote
13
(14
/
-1)
Of course if your cloud account is nuked you are completely toast.
I had this happen to a Microsoft Business account earlier this year, where the entire tenant was nuked.
I had nothing of value there but that and the story here a couple of months back about the Australian superannuation provider whose entire Google Cloud stack got smoked, are a reminder that the cloud really is just someone else's computer. Your backups should always involve an extra party.
I mean cloud services are great, but I keep my own local and offsite backups (home+office), each with separate twice daily snapshots to physically separate media.
Upvote
7
(8
/
-1)
Welp, a very harsh reminder for the students that using someone else's computer that holds your data is a hostage situation.
Maybe the trauma will teach them, their parents, and the schools that this business model are very risky to customers, but I doubt they would think that far and just accept it as inevitable.
Maybe the trauma will teach them, their parents, and the schools that this business model are very risky to customers, but I doubt they would think that far and just accept it as inevitable.
Upvote
-9
(1
/
-10)
Agreed! Was the first thing I thought of also. Even though I trust Apple I only enable Find My on devices which have full hourly versioning backup running, so if they get wiped I still have the data. These 3rd parties just want their subscription revenue and rarely follow best practices.
Upvote
-2
(1
/
-3)