The city’s school district’s email system was compromised in 2017, according to Paterson Public Schools and Paterson Times records.
School officials began experiencing email deliverability problems after the district’s internet protocol (IP) address was blocked by some email service providers like Microsoft for what’s called “namespace mining behavior.”
“Namespace mining is usually the result of a compromise (of the server, the network, or some user accounts), or a misconfiguration in the email system setup,” explained a Microsoft representative in 2017 after the Paterson Times, which uses Microsoft’s cloud-based email service, requested the email provider look into why the school district’s emails were not being received by the newspaper.
The district’s email system had been sending requests to validate large numbers of possible email addresses without sending or attempting to send equal number of emails. For example, on Apr. 27, 2017, the district’s email system sent 1,734 emails, but requested 11,663 email address validations – a difference of 9,879. Normally, the number of validation requests are very close to the number of emails sent out.
“It is important that you take steps to investigate the namespace mining behavior. The root causes must be addressed as soon as possible,” said the Microsoft representative’s email.
At the time the Paterson Times forwarded Microsoft’s investigation findings to the school district.
School board member Kenneth Simmons, chairman of the technology committee, was surprised when told of the 2017 compromise last week. He and his colleagues were not made aware of the incident.
Simmons, who has a background in information technology, said he was “extremely concerned” that the board was not informed about the 2017 situation. He pointed out there were two information technology professionals on the board at the time.
“Spam-related incidents are a common occurrence in information technology management circles and they do not typically rise to the level of board notification,” said Paul Brubaker, spokesman for the Paterson Public Schools, last Monday. “It did not represent a serious data security risk and was fully remediated within one business day, so it was therefore not communicated to the board.”
Brubaker said the district took a number of steps since the 2017 situation. He said the district is using McAfee EmailGateway and ProofPoint services to scan all incoming and outgoing emails, and if needed quarantine suspicious emails; it is subscribing to MxToolBox monitor service to receive alerts about suspicious volumes associated with paterson.k12.nj.us; it is regularly sending reminders and information about data security to its users.
But the most significant step the district took after the 2017 compromise was switching to Office 365, a cloud-based email system, which is secured by Microsoft. That was done a year later.
School officials awarded a $159,520 contract to Shi International Corporation on Jun. 28, 2018 to upgrade their system, according to district records obtained through a public records request.
Simmons said the purchase was approved without school board members knowing that the upgrade was forced due to the network intrusion.
Brubaker’s response did not state what caused the district’s email system to engage in “namespace mining behavior.” It’s not clear if the district ever identified the root cause of the problem. However, the upgrade to Office 365 fully rectified the compromised system.
The 2017 incident is separate from the data breach that claimed more than 23,000 district passwords. School officials said that problem has been addressed by changing all passwords and taking other steps like white listing server IP addresses to block unidentified users from accessing systems.
District officials have provided few answers on how the data breach took place. Board members approved the hiring of an expert to look into the data breach, said Simmons and school board president Oshin Castillo.
Brubaker said the district is “committed to maintaining the highest standards of information and data security.”