Decrypted. Although the interference and investigation of “I’m in class at home”, ENT or Pronote continues, the reason is not clear.
PFor distance education in France, network testing continues. The National Distance Learning Center told us on Thursday morning: “Since the evening of April 7-8, 2021, all Cned websites and Ma classeàla maison platforms have once again become the target of cyber attacks.” Since 9.45 am (Thursday, Editor’s Note) , The service has gradually returned to normal, and all our teams have been mobilized to restore the best service as soon as possible.”
State that the cyber attack was either carried out by a joke or simply overloaded the server: the mystery remains unsolved. As part of the fight against the Covid-19 pandemic, the distance education computer platform was severely damaged on Tuesday, April 6, the first day of the main distance education operation of the Ministry of Education. The cybercrime department of the Paris Prosecutor’s Office immediately launched an investigation.
For the Digital Work Environment (ENT) and Pronote software, “everyone already knows that this is not a cyber attack,” assured Laurent Besset, I-Tracing’s director of cyber defense. He explained: “When the whole of France connects to these services on Tuesday morning, these services are the victims of their success.” “If we want to talk about cyberattacks on these platforms, then we have to accept that through It is the parents and students who carry out cyber attacks on large-scale connections! »He joked.
Closed school: virtual and chaotic “back to school”
On the other hand, with the support of the Cned service, the “I am at home class” platform will become a victim of cyber attacks. In order to characterize it and determine its source, the team from the National Cyber Defense Agency (Anssi, who does not want to communicate) must analyze a large number of “logs”, all of which are recorded in the computer system logs. million. The suspicious situation is a distributed denial of service (DDoS) attack, that is, computer server resources are saturated and a large number of concurrent connection attempts are made at the same time. In most cases, they are generated by botnets, which are botnet networks infected with malicious code, which are leased on parallel networks on the dark web.
“The problem is that denial of service attacks have the same effect as insufficient server size,” explained Arnaud Lemaire, French technical director of F5, which specializes in application security. Even if the Minister of National Education Jean-Michel Blanquer talked about “powerful computer attacks from abroad,” therefore, it is now known whether this is really a foreign aggression, or more simply a clown It’s too early to work.
Class suspension: How Macron changed his mind
The latter assumption is reasonable because it is relatively easy to launch a cyber attack. “With a botnet, there may be an entry price of several hundred euros,” Arnaud Lemaire said. Especially because the retirement of the platform does not always saturate everything: “Sometimes it is enough to target the weak points of the application, for example, the attacker will target the search scope of the reserved portal”, further pointing out the experts. Laurent Besset assured that on Tuesday morning, the service was already very busy processing legitimate requests, and “there may not be too many things to saturate the network attack”, according to him, “there may be malicious behavior at the same time.” .
“It is easy to be attacked by the Ministry of Foreign Affairs, saying that we have been confined for a year and we should be prepared, but many people do not understand the difficulties caused by its establishment and implementation. Laurent Besset said that such a large number of potential buyers The number is in the millions. “No French service provider would consume so many contacts! “He promised,” When we have to set up this type of service, we try to estimate the traffic that will occur and associate technical resources. He explained that we need a little profit, but we must find a balance of costs, because this profit has a price. According to him, “since Tuesday, the resources may have been revised upwards, but if they expand the scale of the resources without knowing the demand, it will be very expensive.”
For Arnaud Lemaire, we have to be very careful because “Denial of service attacks are also used to hide other attackers: the attacker creates security issues to keep everyone busy, and in the meantime, he passed more dangerous Sexual targeted attacks: He warned. The Anssi team still has work to do…