DIXON – The Dixon school district continues to try to rid its website, email and Twitter accounts of interference from a hacker that compromised those services Sunday.
Shortly after Superintendent Michael Juenger said Tuesday morning that the district had regained control of all three systems, Sauk Valley Media received a tweet from the district's Twitter account that made it clear that wasn't yet the case.
The Dixon Public Schools website currently displays an older version of its design, and the district has shut down its parent portal as a precautionary measure. It will mail new log-in information to parents today.
Juenger said the district doesn't think any sensitive or private information has been compromised, since it is stored on a separate server.
However, the company that runs that server is working to determine if it was affected, said Charles Kinsella, the district's technology director.
Juenger said the district would shut down its email server overnight, and staff should have access this morning.
Jim Fatz, the director of information security at Northern Illinois University, said public bodies and nonprofit groups are at greater risk of being compromised, because they often rely on open source software or products, which are cheaper or free.
Open source software is made available or can be licensed to users, who can then alter or adapt that software to meet their needs. Wordpress, a popular blog and website design company, is an example of open source software.
Fatz doubted that a public entity could pay "top dollar" for advanced security measures.
"From a risk analysis perspective," he said, "the question has to be asked: If it will take $50,000 or $60,000 to secure it, is it worth it?"
While open source software can be more vulnerable, Fatz said, even the most secure networks – like the FBI – can get hacked because the most advanced security measures are only useful until someone figures out their weaknesses.
The district's website – www.DixonSchools.org – was compromised Sunday night, but by 7:30 a.m. Monday, according to district officials, it had been restored.
Kinsella sent an email to staff saying the GoDaddy account had been hacked and the website had been redirected, but that there was no risk of getting a computer virus through the website.
The district's email, Kinsella said, isn't housed by GoDaddy, but is on another server, and the district uses software from a private company.
Using GoDaddy for its website server, Fatz said, could have helped the school district, because it doesn't have to worry about the physical servers. GoDaddy can assist it in getting the website moved to another server on the company's end, he said.
A second redirect
The district's website was restored and remained as it usually is for much of Monday, until it was redirected again Monday night.
The first redirect, Juenger said, sent visitors to a website that had an Internet Protocol, or IP, address registered in Germany. The second redirect, which happened about 10:30 p.m. Monday, had an IP address registered in Canada, Juenger said.
At 9:30 a.m. Tuesday, the district's website was back up, but with an older design and content. The navigation menu was blue, instead of the usual purple to match the Dixon High School color.
The website was the same late Tuesday night.
The only way to guarantee that a hacker no longer has access to accounts, Fatz said, is start from the beginning. Since the "symptoms" of a hack may not show up right away, a business or public body that has been hacked can can also "go back to [the] last known good data" and rebuild from there.
A point of "last known good data," Fitz said, is a backup of the system its administrators know hasn't been compromised.
However, because hackers often cover their tracks and build security measures to give themselves access and keep others out, going back to the very beginning, Fatz said, can be quicker and easier than trying to figure out when a system was compromised.
At 7:06 p.m. Monday, Sauk Valley Media received an email associated with the account of a Dixon Public Schools employee, but from the content of the email, it was clear the employee hadn't sent the message.
Juenger was informed of the email and later confirmed that the district's email had been compromised. By 8 a.m. today, he said, the district had regained control of the email.
The district's Twitter account was compromised around 7 p.m. Monday, and later locked, Juenger said, preventing any further posts or changes by district officials.
But late Tuesday, the Twitter account still had the same black and white cartoon the website had Sunday night. The tweets sent out by the hacker also remained, and new messages had been sent to Sauk Valley Media.