Digital backdoor to exams platform
Authorities refer to largest cyberattack in country’s history against a public or government organization
The Education Ministry has announced that it has fallen victim to the largest cyberattack in the country’s history, with distributed denial of service (DDoS) attacks being aimed at its centralized high school examination platform.
Approximately 24 hours after the first wave of the cyber attack on the online system of the Institute of Educational Policy called the Subject Bank that aims to provide a common standard across the country, there was unusual activity on Tuesday morning in the Single Sign On identification and authentication service of the Panhellenic School Network.
Greek high school final exams are administered using the Subject Bank online system.
Both the the Digital Governance and Education ministries bemoaned what they described as large-scale and sustained-duration attacks on Monday and Tuesday, calling them the most significant ever carried out against a Greek public or government organization.
The ministries reported that 165 million hits from computers in 114 countries were involved in the attack over a two-day period, causing outages and delays in high school exams.
Despite the attack’s severity, the system did not collapse. The Supreme Court prosecutor has ordered a judicial investigation into the incident, which will be assisted by the police’s cybercrime division.
The outages, which sparked a political fallout in the midst of the election campaign, kept students waiting in classrooms for hours for exams to begin.
“All we’ve got so far is an arrogant abdication of responsibility from New Democracy, which for four years failed to take adequate digital protection measures to shield the Subject Bank platform and ensure that school examinations run smoothly,” said Popi Tsananidou, a spokeswoman for left-wing main opposition party SYRIZA.
Kathimerini understands there are proposals in New Democracy to unify the various scattered cybersecurity services of the state and create an organization that will handle these issues uniformly for all public institutions regardless of which ministry they fall under. Another objective, according to the same suggestions, would be to standardize applications in use, as in certain cases they are considered to be antiquated.
However, security experts have told Kathimerini that so far no safe conclusion can be drawn, nor can the intensity of the attack be assessed.