Schools are reporting an upsurge in cyber attacks, apparently from disgruntled students who are attacking school websites rather than pressing the fire alarm to disrupt classes.
Network for Learning (N4L), a Crown company that provides internet services to 98 per cent of New Zealand schools, says six schools were targeted with "dozens of attacks" aimed at taking down their websites in the first week of this term.
The "distributed denial of service" (DDoS) attacks involve multiple computers bombarding a school's internet connection with massive amounts of unwanted traffic.
N4L advised schools in an email on Friday to "keep an ear to the ground in case they hear a student or someone known to the school talk about DDoS attacks".
"They may view it as a challenge or prank, replacing the act of pulling the school fire alarm to disrupt classes," it said.
"Apart from this, there's not much a school can do to prevent a DDoS attack. If it is student-led, then there may be ways to reveal the likely instigator by observing student behaviour."
Chief product officer Gavin Costello said all six schools targeted so far this term were intermediate or secondary schools, suggesting that the attacks came from disgruntled students.
"It's impossible to say, but you could speculate that it could be students," he said.
"People can go to malware actors and you can order these attacks from pretty much anywhere and specify your exclusion so it's very difficult to track down the orderers."
The attacks are increasing internationally. Verisign reported a 35 per cent jump in DDoS attacks in the second quarter of this year alone, mainly targeting financial services (43 per cent), information technology services (37 per cent) and media and entertainment sites (20 per cent).
But in the Asia-Pacific region, an NTT Security report said attacks against education jumped from 9 per cent to 18 per cent of all attacks in 2017, while attacks on the finance sector dropped from 46 per cent to 26 per cent.
Costello said attacks on NZ school websites were most common at the start of the school year and towards the end of the year when students go on study leave.
He said N4L tackled attacks with "scrubbing" software which diverted unwanted traffic and allowed "the good traffic" to keep flowing.
"When the attack happens, you see an enormous amount of traffic heading towards one particular school," he said.
"When you see that traffic anomaly there is a brief period of time before you put mitigation in. The school's network can be flooded. It can slow down and it can also stop briefly before the impact is mitigated."
Secondary Principals Association president Mike Williams said it wouldn't surprise him if students were behind the attacks.
"For years, as we have been moving into schools networks, it was a pretty common process to get your best student hackers onside and use them for security," he said.
"That is common even in the business world. The best hackers end up being employed by the computer companies. Most companies would have, in their computer security sections, some of the best hackers."
He said most problems were due to staff and student laptops connecting to school networks without adequate security.
The Computer Emergency Response Team CERT NZ says; "Many of the devices that connect to your school's network are bring your own devices (BYOD). Students or staff may be using a malware infected device and not know it. Because you can't control them, it's hard to manage security for them."
Williams said he had heard of some schools being targeted by "ransomware" where hackers demanded ransoms to release the schools' data. But he was not aware of any school that had paid a ransom.
"If they have got backup, they can just ignore the ransom demand," he said.
"That's where something like N4L is really helpful for New Zealand, because the level of protection they provide is just amazing. Individual schools wouldn't be able to do it."