Cyber Incident Victim: Sandwich Public Schools
Date:
Oct 2020
Location:
United States of America
Summary
Sandwich Public Schools experienced prolonged connectivity disruptions initially attributed to firewall failures, prompting firewall replacements which proved ineffective until a DDoS attack was identified. The district reported the incident to local law enforcement and the FBI, with the superintendent confirming the disruptions were externally caused rather than capacity-related. Concurrently, another Massachusetts school district faced similar DDoS attacks, suspected to originate from an on-campus device, exacerbating remote learning challenges during the pandemic as investigations involving state officials and cybersecurity experts ensued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Sandwich Public Schools in Massachusetts experienced significant disruptions to remote learning beginning October 8, 2020, initially attributed to a firewall failure. The district's technology department responded by installing a replacement firewall, but this new hardware subsequently crashed, prompting them to source equipment from a different vendor. Connectivity problems persisted despite these measures, particularly affecting the schools' OpenCape Network infrastructure. After continued technical challenges, district officials determined the root cause to be a distributed-denial-of-service (DDoS) cyberattack. Superintendent Pamela Gould confirmed the malicious nature of the disruptions in communications to parents, emphasizing that the outages represented external interference rather than capacity limitations within district systems. The incident spanned at least one week of intermittent connectivity issues that directly impacted educational delivery during pandemic-era remote instruction. District administrators reported the attack to both local Sandwich police and the FBI's Cyber Crime Unit for investigation, though no technical specifics regarding attack vectors or threat actors were disclosed publicly.
Parallel connectivity issues occurred during the same timeframe at Tyngsboro Public Schools' middle and high school facilities, where repeated internet outages disrupted remote education despite district efforts to maintain services. Tyngsboro Superintendent Dr. Michael Flanagan stated that IT professionals and cybersecurity providers had ruled out internal hardware failures or internet service provider issues, instead attributing the outages to DDoS attacks potentially originating from a device physically brought onto the Norris Road campus each morning. The Tyngsboro incident remained under joint investigation by state education officials, a contracted IT solutions firm, and local law enforcement, with authorities working to determine whether the disruptions constituted deliberate sabotage or unintentional compromise of a device. Both school districts emphasized the operational and educational impacts of the attacks, with Flanagan specifically noting frustration over disruptions to what had been a successful pandemic-adjusted school opening, while Gould's communications underscored the external targeting of Sandwich's network infrastructure without speculating on motives or perpetrators.