Disrupt lessons: How students stage DDoS attacks on schools
Schools can become the target of DDoS attacks organized by students, experts have warned about this. In this way, schoolchildren try to disrupt the educational process and interfere with the unified state exam (USE), but in practice, cyber attacks inevitably turn into big problems with the law. For more information about how students launch DDoS attacks on schools and how to deal with this problem, see the Izvestia article.
What is known about DDoS attacks by students on schools
Schoolchildren launch cyber attacks on schools for a number of reasons, Ramil Khantimirov, CEO and co-founder of StormWall, a company specializing in DDoS attacks, told Izvestia. According to the expert, in September, with the help of DDoS attacks, students are trying to disrupt the start of the school year and avoid doing their homework. At the end of the school year, students launch attacks to prevent final grades and exams from being given.
"Every year we record a surge in attacks on schools and school platforms at the beginning and end of the school year," says Ramil Khantimirov. — The largest growth in 2025 was recorded in May-June and September.
According to StormWall, last May, the number of DDoS attacks on schools increased 2.6 times compared to April and 1.4 times compared to May 2024. From September 1 to September 15, the number of attacks on schools increased by 1.7 times compared to the period from August 1 to August 15 and by 1.2 times compared to the period from September 1 to September 15, 2024.
According to the company, the attacks have a low power, 10-20 Gbit/s. This indicates that they are not organized by professional hackers, but by schoolchildren who bought cheap attack launch tools online and were able to launch attacks with low power.
In addition to disrupting the educational process, students can arrange such DDoS attacks because of the opportunity to "stand out", attract attention to themselves, or just for the sake of pampering, adds Konstantin Gorbunov, a leading expert on network threats and web developer at Security Code. At the same time, as the expert notes, the threshold for launching such attacks has now significantly decreased. If earlier it was necessary to have special knowledge for this, today students can turn to neural networks for help.
What are the dangers of DDoS attacks by students on schools?
In previous years, DDoS attacks on schools organized by students were isolated and went unnoticed by the general public, but every year there are more such attacks, says Mikhail Sergeev, a leading engineer at CorpSoft24, in an interview with Izvestia. One of the reasons is that there are more ready—made "tools" on the Internet that allow you to launch DDoS even without deep knowledge.
"As a result of such attacks, digital platforms may malfunction or completely cease to function," says Ramil Khantimirov. — If the platforms are unavailable, students, teachers and parents will not be able to use the information system, including data on homework and grades.
The outcome of a cyberattack depends on which information portals the attackers manage to "reach," adds Konstantin Gorbunov. If the attack is directed, for example, at a school information website, then the incident is unlikely to seriously affect the educational process and exams.
However, if a DDoS attack becomes the first step to infiltrate a local network, for example, in order to intercept control of school cameras, access to teachers' computers, or steal passwords from electronic diaries, the consequences can be much more serious.
— The main consequence is the disruption of the educational process: websites and electronic systems of schools stop working, lessons and exams may be delayed or canceled, and the school spends resources on restoring work and protection, — says Mikhail Sergeev.
What responsibility is there for DDoS attacks on schools?
A distinctive feature of DDoS attacks is their extreme accessibility and simplicity, they can be ordered for very little money, says Sergey Polunin, head of the IT infrastructure solutions protection group at Gazinformservice. Therefore, the number of such cybercrimes directed against schools may increase in the near future, the expert believes.
Responsibility depends on the scale of the damage caused to the school as a result of the DDoS attack, Konstantin Gorbunov notes. However, it is important to remember that even if these actions were intended as a prank, they will inevitably damage the student's reputation. This can ruin his relationship with the teachers and the administration of the educational institution, and in some cases, create obstacles to admission to the university and further employment.
And in the most serious situations, such actions can result in the initiation of criminal cases under articles 272 ("Unlawful access to computer information") and 273 ("Creation, use and distribution of malicious computer programs") of the Criminal Code of the Russian Federation.
— These are criminal articles, which means that if schoolchildren have reached the age of 16, they may well be prosecuted to the fullest extent of the law, — says Sergey Polunin. — As a rule, in such cases, many factors are taken into account — the scale of the damage, the presence of malware, the purpose and repetition of actions.
To prevent such crimes, it is important for students to explain the possible responsibility for hacking attempts or attacks on information systems. If students are clearly explained what consequences come for cyber bullies, then many will change their minds about doing such things, the expert says.
A strong argument in this regard may be the fact that amendments to the Criminal Code of the Russian Federation are currently being discussed, according to which a person who has committed a DDoS attack can be punished with a fine of 2 million rubles or imprisonment for up to eight years, Ramil Khantimirov recalls.
How to deal with DDoS attacks by students on schools
The very fact of DDoS attacks on schools organized by students is almost impossible to prevent, but the serious consequences of such threats can be avoided. For this purpose, hardware and software (software) are used, which allows you to process large volumes of traffic and does not allow you to "put down" sites, Sergey Polunin says in an interview with Izvestia.
— As a rule, such equipment and software are hosted on the provider's side, since someone has to set it up and maintain it - and there are usually no such specialists in schools, — says the expert.
However, if possible, installing special solutions against DDoS attacks in the On-Premise format can also be a way out of the situation, says Denis Bandaletov, head of Network Technology at Angara Security. As part of such solutions, equipment and protective equipment are placed directly on the territories of educational institutions.
To ensure a basic level of security that minimizes the threat of cyber attacks, schools need to implement software to block DDoS requests, use firewalls to protect the local perimeter, and install and regularly update antivirus software on all computers, adds Konstantin Gorbunov.
"Tools for carrying out the simplest attacks are becoming more accessible every year, the cost of botnets is decreasing, and their capacity is increasing," says Sergey Levin, head of the Solar Group's Anti—DDoS department. — That is why we recommend all educational institutions not to ignore such risks and implement high-quality protection against DDoS attacks.
However, teachers also need to follow the rules of cyber hygiene: lock the computer when leaving the classroom, check the files they receive with an antivirus and use complex passwords, concludes Konstantin Gorbunov.
Переведено сервисом «Яндекс Переводчик»
