Roosevelt High School in Delano, GA has announced that summer school classes will not be held this coming week because of problems with the building control systems. Linda Schrenko, Principal at the school, confirmed that the school has not been able to fix the problems that caused students to be sent home early on Friday. Students were sent home when the air conditioning systems stopped working Friday morning and the classroom temperatures quickly became unbearable.
“We used to hold classes without air conditioning all the time,” a teacher that did not want to be identified told this reporter, “But when the AC was installed and then people started getting worried about school shootings, the windows were redesigned so that they could not open. Without the AC there is just no circulation in those classrooms.”
Schrenko said the school was not hit by a ransomware attack. “We are having problems with the air conditioning,” she explained today in a phone interview, “These things happen with those systems, we will get them fixed and the students will be able to come back into the classrooms.”
A team from Dragonfire Cyber was seen at the school yesterday and an agent from the Federal Bureau of Inquiry was on site for about an hour last night. Johnathan Quest, a spokesperson for the FBI, confirmed that the agency was investigating a cyberattack at the school. “This is part of an ongoing investigation that is looking at a series of attacks on building control systems at an increasing number of schools across the country,” Quest said.
A technician from Dragonfire, who was not authorized to talk to the press, told me that the problem is broader than just the air conditioning system. “The complete building control system software has been wiped out,” she said.
The school uses the BauSystem building control system from Robotron. It controls the HVAC system, the access control system, and the fire alarm system within the buildings at the High School. A quick search of the name on Google® shows that there is a hard-coded account in the system that provides remote access to the system and the password for that account has been circulating on social media for a couple of weeks now.
“Looking at the social media surrounding the systems,” the technician told me, “It is apparent that students are probably responsible for most of the attacks on school systems over the last couple of weeks. There have always been kids that did not want to go to summer school but were required to do so for various reasons. Shutting schools down has to be attractive to those students.”
Erich Mielke, spokesperson for Robotron, confirmed that the company was working with the FBI and local authorities on fixing the school control system problems. “We expect to have an update available to correct this vulnerability in a couple of weeks,” Mielke said.
General Buck Turgidson, Director of the National Critical Infrastructure Security Operations Center (CI-SOC) confirmed that his organization was working with social media organizations to try to takedown the instructions for wiping out the building control systems. “We are seeing the information being shared as posts on blogs and personal pages, pictures on photo sharing sites and, of course, how-to videos, and that is not even looking at the Dark Web,” Turgidson explained, “If Robotron does not get a fix in place before the schools reopen in the fall, this is going to create chaos across the country.”