The "Lee County Incident," also known as the Cyber Monday Prank, occurred on November 27, 2023. The event gained significant attention due to its scale and impact on the Lee County School District. This incident involved the unauthorized use of third-party filtering and monitoring software, which ultimately led to public disruption, fear being sent across the district, and leading us perpetrators to get into some legal trouble.
The prank began as an idea to disrupt the school day by using a known vulnerability in the Lightspeed Classroom extension. This extension is widely used by schools to monitor students during class. By exploiting the security flaw with their weak authentication, as well as getting a hold of every student email, we were able to do a variety of things at a mass scale, such as opening up tabs to this link, lock/unlock students and even TEACHER's screens, and worse of all, see their screens as well (yes ik scary).
The exploit was based on a vulnerability within the Lightspeed Classroom extension, which allowed unauthorized access to any student's Chromebook. The attackers used this data to send out commands at a mass scale, without needing to authenticate or interact with the system in a legitimate way. The prank's success was driven by the speed of the attack program as well as the amount of student emails we were able to obtain.
The prank disrupted students and staff across the district. Though no permanent damage occurred, just some annoyances and frustration into our district's IT department, the incident exposed vulnerabilities within the educational system and Lightspeed's digital infrastructure, requiring the need for better cybersecurity practices in the education sector.
In the aftermath, the district worked quickly to block the site (lol) and Lightspeed took swift action to temporarily patch the vulnerability. As as we have mentioned before in the previous revision of this site, we are deeply sorry for any inconviences that have occured due to these various attacks. Also Lightspeed, crazy how you are called that, because you are quite slow at fixing problems for a company that moves at "light speed" 🥀