MIAMI (CBSMiami) – A 16-year-old Miami-Dade County Public School student is under arrest related to a series of cyberattacks affecting virtual learning since Monday.
According to Miami-Dade County Schools Police, David Oliveros is a junior at South Miami Senior High.
Detectives were able to trace an IP address responsible for the attacks back to Oliveros, according to a police incident report.
A thorough investigation is being conducted by Miami Dade Schools Police Department, working jointly with the FBI, the Secret Service and the Florida Department of Law Enforcement.
WATCH: Miami-Dade County Schools officials provide update on cyberattacks arrest:
According to the police report, Oliveros admitted to using an online application to attack the M-DCPS computer network and he admitted to 8 different attacks which the District said overwhelmed its networks, including web-based systems needed for My School Online.
“This individual is responsible at least for eight of the attacks sustained by Miami-Dade County Public Schools data center, interfering with internet connectivity and access to our school system. A number of resources have been confiscated from this individual and they are being forensically analyzed by our law enforcement agency as well as others,” explained Superintendent Alberto Carvalho at a Thursday afternoon news conference.
However, he explained, the arrest doesn’t mean there aren’t others out there targeting Miami-Dade County Public Schools.
“Federal and local law enforcement sources have informed us that in addition to these local attacks, originating from the South Florida community, most specifically the one perpetrated by this 16-year-old student, there are other attacks from foreign nations, such as Russia, Ukraine, China, iraq and possibly others,” said Carvalho. “That does not mean however, that individuals in those nations are necessary launching the cyberattacks.” He explained people can purchase these highly disruptive services via the dark web.
Oliveros is charged with Computer Use in an Attempt to Defraud – a 3rd degree felony, and Interference with an Educational Institution – a 2nd degree misdemeanor.
He is now in custody at the Juvenile Assessment Center.
People who know the teen are surprised. “He’s always in his house, he’s a good kid,” his neighbor Mary said. “He plays basketball, studies, always with his family. He’s not a bad kid.”
Miami-Dade County Public Schools was the target of more than a dozen cyberattacks since the first day of school on Monday.
In the meantime, District officials partially revised their virtual learning platforms on Wednesday in an effort to avoid disruptions.
Starting Thursday, Sept. 3, all students in grades 6-12 were told to use Microsoft Teams, Zoom through Microsoft Teams or an alternate pathway, as determined by each school and teacher, for live instruction.
Students in grades Pre-K-5 were to continuing using the K12 platform for Class Connect sessions and coursework.
Carvalho said the system is performing significantly better than the first three days of the week due to the partial suspension of the system for middle and high schoolers.
By September 11, the District will decide whether students in grades 6-12 will return to the K12 platform, as well as continue usage for grades Pre-K-5.
“While we have confidence that that platform can be reinitiated without the systemic problems that we identified, or if we abandon it altogether and continue to utilize the district approved, Zoom through Microsoft Teams platform access, we hope that the experience tomorrow will be even better than today’s experience,” said Carvalho.
“All of our systems in our data center, which we refer to as IPS, are working at full capacity 100% without interference. The last cyberattack that we sustained was at three o’clock in the morning, today 3am, since that time, no additional cyber attacks.”
Carvalho is now weighing his options on whether to get rid of the new online learning system. He revealed Wednesday, he never signed the $15 million contract.
“All of the signatures on this side are there with the exception of my personal and final original signature,” Carvalho said on Wednesday.
K12 released a statement on Thursday saying, “We’ve experienced some intermittent technical issues which we are working to resolve as quickly as possible.” A spokesperson went on to say “We are working with Miami-Dade County Public Schools to strengthen the system to allow for a smooth transition onto the K12 platform.“
The Florida Education Association said it told the District to avoid K12 before the rollout.
Dr. Steve Gallon is the Vice Chair of the school board. He notes the significance of the attack.
“We’ve had these cyberattacks previously but they’ve never come to a point to shut out an entire school system,” said Gallon.
“There’s no question that the K12 from training through implementation, thought course uploads, and most importantly allowing access to parents has been an utter fail. It’s been an utter fail. It’s been an utter fail,” added Gallon.
The cyberattacks were not a hack, so no personal information from students or teachers was stolen.
Republican U.S. Sen. Marco Rubio has requested a briefing with the Department of Homeland Security on cybersecurity as it relates to school districts.
Miami-Dade’s public school system is the nation’s fourth largest, with 345,000 students, 392 schools and more than 40,000 employees.
For parents and students needing help logging in, the district has set up a help line at (305) 995-HELP (4537) of they can get help online.