By Holly the Assistant
About noon yesterday I got the first note from a college student of my acquaintance, followed very shortly by confirmation from a different student at a different school: Canvas got hacked by a ransom group.
Canvas, for all five of you that have not had to deal with it for a public school, a public charter school, a private school, a college, a university, or any other group that uses it, is a really pretty terrible software platform that lets you read textbooks, download assignments, upload assignments, take exams, check grades, submit grades, etc. It works mostly, depending on the users. Mostly.
Which makes it slightly better than the competition, so many educational entities have signed up. Internationally many.
Almost all the eggs are in one basket, and as those of us who remember the nineties recollect, the tech troublemakers target the biggest basket as much as they can: the payout is better, whether money or chaos.
One friend asked “But what do they think they’ll gain? Who would pay the ransom?”
My answer was “Not everyone is as tech savvy as you are. Think of our local school district, which had to close a school due to declining enrollment, and whose position is ‘we didn’t do anything wrong, it’s home schoolers’. Faced with the ransom message, with a debit card to a slush fund meant to cover paper and toner, and two weeks from final exams, are you absolutely sure that some administrator isn’t going to pay up to avoid more people pulling their kids out angrily and more school closures resulting?”
The policy at the colleges and universities appears to be landing solidly on “We’ll just cancel finals in the affected classes.” So no finals for the kids who waited to the last minute to take the online finals, and the pre-final grade is the grade for the class. Or that’s how it’s playing out for my friends. Colleges I don’t have sources at, or where my sources are busy taking in-person finals right this minute, may be doing other things.
There’s no great answer in the short term.
In the long term, maybe more pen and paper in person exams. I’m old enough to remember blue book exams, and I heard those are coming back in some classes because of AI usage by students, which is a whole other thing, because apparently it’s been found that a number of the students enrolled in online classes and turning in AI essays are not actual people but extraction of loans and grant money fictions who vanish when the funds are gone with no recourse for the government . . . but that’s a different story.
I certainly don’t fondly remember standing in line with the course registration paper in hand, waiting at the registrars’ office to sign up for classes. It worked, but it was obnoxious and a pain. Online WAS quick and easy, comparatively . . . but right now it’s down, so you cannot register.
Link to schools affected, sort of (found not the individual districts but the state department of education for my state):https://privatebin.net/?f8c17bc224cd9f22#F2qrJM6a2juvQjziJTH8Pbwef5Lsa8TzRbCFW5FMg4uW
A good summary article: https://stateofsurveillance.org/news/instructure-canvas-shinyhunters-275-million-students-3-6tb-breach-2026/
If you and your children are affected, time for The Old Freeze Your Credit Song and Dance. Except if you did that two months ago for the Blue Cross Blue Shield hack, you’re probably still frozen. Or one of the many, many other hacks, that have become part of our daily lives.
At the same time, our oh-so-safe-by-obscurity Linux distros have had a couple nasty exploits discovered in the last week. Maybe not-so-safe-by-obscurity anymore.
P.S. Those are not MY eggs pictured: mine are considerably dirtier because my hens are messy creatures. I do believe that eggs are probably safe from computer hackers, but the local magpies are hopeful of successful thievery. The roosters think that magpies look like they might be tasty . . . in any event, there are no computers involved in the production of eggs here, and the highest tech is the whiteboard that holds the daily records.
According To Hoyt 
So there were several things going on with canvas, from what I recall hearing. One, is that there was some redirection going on, and basically your browser might block that based on the certificates not matching. I think there was also some sort of DDOS.
Canvas may be fixed now at some universities.
But, there are definitely more elements of the software world slightly f&cked now.
These are (1) vulnerabilities that were already there, but it has suddenly gotten a lot easier to find them. So the actual competent programmers (unlike me), are racing for the moment, and the white hats are trying to catch up to the technical debt before the black hats can run up the score.
EU has a lot of opinions, and the EU is pretty much at right angles to seeing the most important things. US federal government may also be at right angles.
(Some parts of my opinions and perspectives may be valid, but there is a more than decent chance that the stuff I am focusing on is also not the most important and best understandings. )
(1) in many cases
LikeLike
The EU’s insistence on having back doors into everything (and the US government is only *slightly* more restrained in this regard) is starting to look more and more like civilizational suicide, imo.
As if the EU isn’t already engaging in enough of these.
LikeLike
Yes, I remember the ’90s and hacking.
Yet Another Smug Mac Owner: “If you owned a Mac, you wouldn’t have to worry about hackers or computer viruses!”
Irritated Me: “That’s because not enough people own Macs to make hacking them worthwhile!”
LikeLike
c4c
LikeLike
Don’t feel TOO smug about the whiteboard – while there may be no electronics involved, the material science that makes a whiteboard work is definitely advanced tech. You’re literally writing on a liquid, which isn’t the easiest thing to accomplish.
Canvas used to have a major competitor Blackboard, so of course one bought the other, and now there’s only one major course management system remaining. There are open soure aternatives to parts of the experience, but nothing that encompasses everything in one place.
LikeLike
Canvas people say They Have Fixed Things.
Both Blackboard and Canvas are still in the business; Blackboard’s parent Anthology just emerged from Chapter 11 bankruptcy.
Never used Canvas; CSU Eastbay/Hayward had Blackboard when I was there.
LikeLike
I am retired from a career in financial services. I am an “emeritus member” of the CFA Society (Chartered Financial Analyst) – both the national and local organizations – on of the premier professional certification organizations in the world.
I received an email today that the Canvas system which is the basis of their “Learning Ecosystem” was hacked and they shut down access. Access has now been restored but there is not information on what information may or not have been stolen.
So far, according to the organization, there appears to be no unusual activity on CFA sites.
Bottom line, this may have hit more than just schools and educational sites – any site that offers professional or other learning as just one aspect of their activities.
Be vigilant out there.
Mark
LikeLike
I am retired from a career in financial services. I am an “emeritus member” of the CFA Society (Chartered Financial Analyst) – both the national and local organizations – on of the premier professional certification organizations in the world.
I received an email today that the Canvas system which is the basis of their “Learning Ecosystem” was hacked and they shut down access. Access has now been restored but there is not information on what information may or not have been stolen.
So far, according to the organization, there appears to be no unusual activity on CFA sites.
Bottom line, this may have hit more than just schools and educational sites – any site that offers professional or other learning as just one aspect of their activities.
Be vigilant out there.
Mark
LikeLike
I am retired from a career in financial services. I am an “emeritus member” of the CFA Society (Chartered Financial Analyst) – both the national and local organizations – on of the premier professional certification organizations in the world.
I received an email today that the Canvas system which is the basis of their “Learning Ecosystem” was hacked and they shut down access. Access has now been restored but there is not information on what information may or not have been stolen.
So far, according to the organization, there appears to be no unusual activity on CFA sites.
Bottom line, this may have hit more than just schools and educational sites – any site that offers professional or other learning as just one aspect of their activities.
Be vigilant out there.
Mark
LikeLike