Communications Ongoing with Overseas Hackers as Schools Regain Normalcy

Columbia Falls prepares for homecoming week with parade showcasing community pride, togetherness

By Dillon Tabish
Mark Flatau, superintendent of Kalispell Public Schools, addresses concerns about recent cyber threats during a community meeting on Sept. 18, 2017. Greg Lindstrom | Flathead Beacon

Schools are once again brimming with students as the Flathead Valley begins to emerge from the storm of cyber threats that shook the community over the last week.

Average attendance at schools across the valley has returned to normal, according to administrators. The presence of law enforcement remains heightened but the daily routines have resumed. Activities, including the crosstown football game between Flathead and Glacier on Friday night, are back on schedule.

“It’s completely normal,” Columbia Falls High School Principal Scott Gaiser said. “There’s a little more police presence, which is nice and we appreciate that, but things are going great.”

Law enforcement, including the FBI, continue to vigorously pursue the overseas hacking group deemed responsible for stealing information from the Columbia Falls School District server and threatening schools, administrators and families.

The hacker, or group of hackers, called The Dark Overlord Solutions, sent a ransom letter to members of the Columbia Falls school board, as well as the school district superintendent, seeking payment via bitcoin, a digital currency. The letter was sent Monday with three proposed payment options and the deadline to respond is Saturday night.

Law enforcement advises the recipients of the ransom letter to neither pay nor communicate with the hackers. The authorities continue to communicate with the hackers via electronic messages, and in recent days the group has backed off its previous violent threats, according to officials.

“We’re still working diligently on it with all the same resources when there was a public safety threat,” Flathead County Sheriff Chuck Curry said.

Citing the sensitivity of the situation, Curry declined to elaborate on the nature of the investigation and communication with the suspects.

“We’re pursuing investigative avenues that are slightly more confidential,” he said.

Curry said law enforcement is confident the Dark Overlord is the group responsible for the initial threats and data breach. The group is well-known in the cyber community and is considered highly sophisticated in its abilities to breach computer servers while remaining hidden and evading law enforcement around the world.

While fear of a public safety threat has largely evaporated, the situation does remain unresolved for Columbia Falls. The hackers infiltrated the school district server and obtained information about past and present students, parents and staff members, including names, school and medical records and addresses. The exact number of people affected by the data breach is unknown at this time.

“Columbia Falls, you will accord and satisfy one of our win-win business propositions, otherwise we will wreak havoc upon your district and your personal lives,” the ransom letter states. “If our letter and proposals goes ignored, rejected, or otherwise discorded and unsatisfied, we will become the cause of an immense and unfathomable amount of financial and reputational harm to your enterprise. We can go to the public with much of what we have. We can with great ease, put everything we have retrieved, from your district, on full display and cause you a tremendous amount of public embarrassment and humiliation.”

The three options laid out by the hackers are: paying $150,000 in bitcoin over a one-year period through monthly payments; paying $100,000 in bitcoin over a one-year period and having an unnamed local person write a five-page essay about the experience; paying $75,000 in a one-time installment.

The ransom letter states, “If you choose one of the proposed options above, we agree that we will securely destroy all of the data and information that we retrieved from you and we will make sure that all of this falls through the cracks and becomes forever lost in the darkness below, to not be brought up ever again (we need the storage space anyway, to have the room for our future activities – which don’t involve your school district, provided that one of our proposed options is agreed to and satisfied by the terms of the corresponding contract).”

Cyber security experts, echoing law enforcement, agree that paying the hackers’ ransom would be a bad idea and would not necessarily lead to a resolution.

“If we prove that we’ll pay a ransom … they know that and will come to attack us over and over again,” Zuly Gonzalez, CEO of Maryland-based cyber security firm Light Point Security, told the Beacon earlier this week. “Once you pay the money and prove you’re willing to give in, you have an even bigger target on your back.”

While law enforcement focuses on the cyber pursuit, local schools are devoted to returning to normalcy after an unprecedented situation. Classes at more than 30 schools resumed Tuesday after three days of closures. Activities and other school-related events also resumed Tuesday.

In Columbia Falls, attendance was roughly 70 percent at both the high school and junior high school on Tuesday, according to school administrators. By Thursday, attendance was back to normal, roughly 90-95 percent.

“It was very quiet (on Tuesday). The kids really did get back on track,” Gaiser said. “In many ways it really felt like the first day of school again.”

In Kalispell, attendance hovered between 85 to 88 percent at the various school sites on Tuesday before returning to normal, school officials said.

“We had smooth starts at all 10 school locations and each building had a strong law enforcement presence,” Mark Flatau, Kalispell school superintendent, said.

“Our staff were rock stars and they really pulled together.”

Concerns over armed residents showing up to area schools to defend against any potential threat proved unfounded. A robust collection of law enforcement, including probation officers, sheriff’s deputies and off-duty city police officers from all corners of the valley, worked extra shifts in recent days to patrol and guard students and staff. That heightened presence will wind down in the coming days as tensions calm even further.

Indeed, the community banded together in the face of an outside threat. Columbia Falls is even ready to celebrate that spirit of solidarity next week. The school is holding its homecoming week starting Monday, Sept. 25, with a parade at 4 p.m. that is sure to be unlike any other. In fact, it will be the first homecoming parade in over 30 years. It was already planned before the cyber threats, but the timing is proving quite fitting.

“We’re celebrating our classes and our kids. And to me it feels like more of a march to show the world that we bleed blue and we’re pretty darn proud of our community and our kids,” Gaiser said.

The parade will travel down Nucleus Avenue and end at The Coop on U.S. Highway 2 where a rally will feature live music and a kickoff celebration for a week of festivities.

As Gaiser said, “Timing wise, this is a great way to show our togetherness and community spirit.”

Stay Connected with the Daily Roundup.

Sign up for our newsletter and get the best of the Beacon delivered every day to your inbox.