DDoS Attack Brick Wall
Image from Shutterstock.com

There’s no shortage of conspiracy theories when it comes to guessing who’s behind cyber attacks. So when it was announced that a distributed denial of service (DDoS) attack was behind last week’s crash of an Ontario online literacy test for about 190,000 high school students the list was long.

–One of the thousands of computer-literate students who want to Get Back At the Education System? (No shortage of them…)

–One of the tens of thousands of Ontario high school graduates who want to Get Back At the Education System (Some of whom are reading this right now …)

–General mischief makers around the world (Really no shortage of them)

–The usual suspects blamed for everything bad (Russia, China).

OK, probably not Russia and China. But with DDoS-as-a-service available on the dark web (all you need is Tor and a credit card) and — here’s the tricky part — the right URL — it’s not hard to launch an attack anywhere on the planet.

Who had that URL and how they got hold of it is the question. It may not have been that hard because last week’s test was preceded by earlier, smaller ones.

What we do know for sure is that on Monday the provincial Education Quality and Accountability Office (EQAO) said the Oct. 20 province-wide trial of the online Ontario Secondary School Literacy Test (OSSLT) had to be terminated because of what it called an “intentional, malicious and sustained” DDoS attack.

“An extremely large volume of traffic from a vast set of IP addresses around the globe was targeted at the network hosting the assessment application,” the office said in a statement. No personal or private student information was compromised, it added.

According to a statement Thursday from the EQAQ, a third party hosted the application. “We planned for a variety of cyber incidents,” the statement said, “but we are unable to disclose the specifics of this information because of the need to protect our infrastructure’s security. What we can say, however, is that we did not anticipate a DDOS of this magnitude.

A forensics firm is investigating.

“We were shocked to learn that someone would deliberately interfere with the administration of the online OSSLT,” Richard Jones, the office’s director of assessment, said in a statement. “There will be discussions over the next few weeks to determine how to strengthen the system, and we will continue to work with Ontario’s education community to understand how best to use online assessments to benefit our province’s students.”

—Richard Jones, Director, Assessment

Last week’s exercise was was a voluntary trial to test the system’s readiness before the regularly scheduled administration of the OSSLT — either online or on paper — in March 2017. The office is determined to keep to that schedule.