To explain the difficulties encountered by distance education services, the Minister of National Education, Jean-Michel Blanquer, had mentioned cyberattacks targeting the “My class at home” service offered by the CNED. If the initial statement was mocked by many Internet users, the CNED in turn evoked, in a statement released Wednesday, “several DDoS attacks” targeting its service. The distance learning service insisted on the fact that despite the slowdowns, its service had been able to continue to function, but indicated that it had filed a complaint with the cybercriminal section of the Paris prosecutor’s office, and that an investigation had been entrusted to the OCLCTIC, the investigation service of the judicial police specializing in fraud using new technologies.
According to a source close to the investigation quoted by the JDD, attacks were indeed noted by the investigators, which “emanate well from abroad: Russia and China”, according to the investigators. The director of the CNED evokes him “about thirty attacks” as of Tuesday morning, which continued throughout the week.
DDoS attacks consist in sending malicious traffic to servers in order to overload the number of connections that they are able to process and therefore render them inoperative. These attacks can exploit different vectors, targeting the server itself or its internet connection, but always have the same objective. They can be carried out by several means, thanks to botnets of infected computers of more or less size, or by exploiting techniques of amplification of the traffic. However, while the origin of the malicious traffic appears to be from a country, that says nothing about the actual sponsors of the attack, who may have exploited infected devices located in a country other than their own.
These attacks are quite common because they are easy to perform. They are sometimes used to disadvantage a competitor by crippling their online services, or to push victims to pay a ransom. In the specific case of the CNED, the motivations of the attackers remain unknown for the moment.
The early days of distance learning were fraught with problems for distance education services, which struggled to function properly in the face of the influx of connections. The digital work environments deployed by local authorities to offer distance learning courses thus experienced numerous dysfunctions at the start of last week. For this scenario, no malicious act is to be deplored, but simply insufficient resources to respond to the connections (legitimate this time) of students and teachers forced to work remotely.