Several schools in China, holding online classes at Tencent meetings, have been the target of a ransomware attack, a Chinese watcher revealed on Tuesday, September 6. According to reports, hackers have hijacked online courses and replaced teaching materials with vulgar content.
The incident was reported by Matthew Stinson, who writes for Forbes and is described as an educator, photographer, designer and blogger based in Tianjin, China on his Twitter profile.
The strangest news of the day on the lockdown is that several schools in China, including Tianjin, have suffered attacks from hackers who have hijacked online lessons at Tencent Meeting and replaced teaching materials with vulgar real-time content.
—Matt Stinson (@stinson) September 6, 2022
However, very little is known about the hacking incident and there is no mention of it other than by Stinson on his Twitter account.
What happened? According to Matthew Stinson, the hackers targeted not one but several schools in China, which were delivering their classes online through Tencent Meeting due to the Covid-19 lockdown in several locations. It was then that hackers launched nationwide attacks and replaced educational content with vulgar material.
Teachers were then “advised to change and protect their passwords”. Tencent, the company on whose platform the courses were hosted, has released a WeChat safety guide to help teachers.
Teachers have been advised to change and protect their passwords, but a nationwide hack at this level, targeting online learning, screams data leak and/or backdoor at me.
—Matt Stinson (@stinson) September 6, 2022
How did it happen? While it’s unclear who was behind the hack and how it unfolded nationwide, Stinson says it couldn’t just be a leak of teacher or school passwords. ‘school. He said it signaled a bigger problem of massive data leakage in China.
The biggest question that remains unanswered is –
How did hackers launch this nationwide attack?
– Matthew Stinson
From what I’ve heard it also looks like the hackers have some features you wouldn’t get if you just stole a teacher’s or school’s passwords, but I haven’t yet saw clear description of the attack. (I’m not sure I will either, unless @SixthTone covers it.)
—Matt Stinson (@stinson) September 6, 2022
The news also comes at a time when the United States and China are busy pointing fingers at each other over cyber espionage. China has claimed that the US NSA snooped into its Northwestern Polytechnical University, a military college, in June 2022. The US has denied the charge.
Answer a few questions:
Data leak in China: The massive data leak that Matthew Stinson alludes to is nothing new or surprising. Several reports earlier this year revealed that the data of one billion Chinese citizens had been leaked online, earning it the label of being the biggest personal data breach in the country’s history. The hackers also attempted to sell the data. The data was stolen from the Shanghai police database.
The leak revealed two flaws in Chinese cybersecurity:
- Bad data protection measures adopted by the government
- Massive data collection by the Chinese government for surveillance purposes
China is currently covering up the data leak of more than a billion people from a Shanghai police department database. It is probably one of the largest data leaks in history and contains personal information such as criminal history, ID numbers, addresses, names, etc.
Mad.
— Optimus ⛩ (@SubToOptimus) July 7, 2022
This isn’t the only major data breach in China. On September 1, 2022, reports surfaced that there was another leak of personal data involving some 800 million Chinese citizens.
The personal data leak included everything from people’s names, ages, dates of birth, faces and even license plates.
Cyberattacks on online courses and the education sector: Covid-19 has moved online education across the world. As things return to normal, some classes are still taking place online. This has led to online courses becoming targets for hackers. And it’s not limited to China.
In March 2020, a professor at Arizona State University in the United States was teaching classes online over Zoom, when the meeting was hit by what was called ‘Zoom bombing‘. The screens of several meeting attendees were replaced with vulgar and pornographic content and the chat also became vile, forcing the professor to cut the class short.
Z is our latest alphabet in our campaign on #AToZofOnlineSafety.Z stands for Zoom which is a popular video sharing app, especially during the pandemic, but it is important to read the privacy policies of these apps and know the security features to prevent practices such as Zoombombing. pic.twitter.com/lqqDtSrWzs
— Digital Rights Foundation (@DigitalRightsPK) September 2, 2022
It was unclear whether the intrusion was the work of students or hackers.
The computer systems of the education sector have also been attacked on several occasions. Last weekend, computer systems at the Los Angeles Unified School District were attacked by ransomware.
There is no doubt that in an increasingly digitized society, we are not moving fast enough to protect our digital identity and data.
Comments are closed.