Florida state law enforcement officials say no test instruments, test results or student information were compromised in a cyber-attack that plagued the Florida Standards Assessments when the test debuted in March.
The Florida Department of Law Enforcement said Wednesday it had concluded its six-month investigation into the hack, which affected eighth-, ninth- and 10th graders taking the statewide exam. Students trying to access the Florida Standards Assessments either couldn't log in or were met with blank white screens when they did.
FDLE did not identify a suspect or motive in the "denial of service" attack, which the agency said was targeted at Rackspace, a subcontractor of the state's test provider, American Institutes for Research.
"The security procedures utilized by private entities assisted in the mitigation of these attacks," FDLE said.
Education Commissioner Pam Stewart said Wednesday she was grateful for FDLE's "prompt response" in launching the investigation shortly after students experienced problems.
“I want to reassure our state’s students, parents and educators that, because of the nature of the cyber-attack, no student information was accessed and the content of the assessment was not compromised," Stewart said in a statement. "I am pleased that the additional safeguards were effective, and we will continue working with AIR to ensure they have all of the necessary protections to provide for a smooth testing experience this year.”
With assistance from federal partners, FDLE found some of the more than 29,000 IP addresses used to targeted Rackspace were based in the United States, but "most were believed to be in foreign countries."
"The flood of these incoming messages or connections blocked legitimate traffic (test takers) from accessing the server and the test or slowed these connections to the point of impacting test delivery," FDLE said in a statement. "In attacks like this, the owners of compromised computers or users on the compromised networks often have no knowledge that their technology has been utilized to facilitate a denial of service."
Photo credit: MiamiHerald.com