Primaries in England have been targeted by online hackers, leading to hardcore pornography being shown on education web pages with the schools’ logos on them.
It has raised fears that primary pupils may be able to gain access to explicit pornographic imagery just by looking for their school on an internet search engine because of the “spam bot” attacks.
The TES understands that up to 20 schools around the country could have been attacked, although it is thought the material is unlikely to be accessible from inside schools because of security firewalls.
Tony Kenny, head of St Dunstan’s Primary in Birmingham, one of the schools targeted, said he was “shocked”. The school’s name appears on a website displaying hardcore gay pornography.
Mr Kenny said he would launch an investigation.
“Clearly, both I and the govenors are shocked that this type of site has been linked in any way to our school,” he said. “I am very glad our school firewall is working and so material like this cannot be seen. Once we knew about it, we immediately did everything in our power to find out how it happened and we are now looking at getting the site removed from the public domain.”
It is believed the problem stems from local authorities, schools, or individual users working with outdated versions of the software Moodle, a free “open source” online package used by 27 million people worldwide. It enables teachers and pupils to create interactive websites and communicate with each other.
Moodle.com, the firm that produces the software, said an earlier version of it had been attacked by “malicious spammers”, but insisted updates had been released to fix it.
Founder Martin Dougiamas said:
“All known vulnerabilites have been fixed and we’ve released lots of new versions of Moodle. But that doesn’t mean schools have upgraded to the latest versions.
“Schools often don’t have very good IT support and neglect this kind of vital maintenance, even though we try to notify them.”
Schools affected include seven or eight in Birmingham alone. Some, including Wylde Green Primary, have had their sites designed by WebAnywhere, which claims to be the UK’s biggest school website developer.
Sean Gilligan, managing director of WebAnywhere, said: “In the last five years we have provided more than 2,000 schools with a website. In that time, less than 1 per cent have been victims of malicious targeting by external hackers.”
A Birmingham council spokesman the problem was being treated as a “matter of urgency”.
“None of the material is specifically connected with the schools, but some pornographic material has been mixed with a link to them on websites that may be being used to develop web content for the school.
“There is no indication yet who put it there (or) if it has any link to the genuine use of the site or has been put on maliciously.”
Essential steps for internet security
Becta, the schools technology agency, says schools should:
Develop an e-safety policy detailing the ways staff, pupils and all network users (including parents) can and cannot use ICT facilities.
Check infrastructure and buy internet services from accredited suppliers.
Teach e-safety to students, parents and staff.
Monitor: misuse can still occur even with these measures, so ensure you have the right strategies in place to respond to these circumstances.
