Malware reportedly found on laptops given to children in England
Investigation launched after teachers warn of worm on devices handed out for home schooling
The government has launched an investigation into reports that laptops it distributed to support vulnerable children during lockdown had been infected with malware connected to Russian servers.
The problem was reported by staff at a school in Bradford who raised the alarm on an online IT forum. Enquiries are under way to establish how many devices are affected, where they were sourced and whether any are already in the hands of pupils.
The Department for Education (DfE) confirmed its IT teams were in touch with those who had reported the issue. A spokesperson said fewer than 10 schools had reported the problem, and claimed all the devices came with anti-virus software already installed, which neutralised the virus during set-up.
“We have been investigating an issue with malware that was found on a small number of the laptops provided to schools as part of our Get Help With Technology programme.
“In all known cases, the malware was detected and removed at the point schools first turned the devices on.
“We take online safety and security extremely seriously and we will continue to monitor for any further reports of malware. Any schools that may have concerns should contact the Department for Education.”
Labour called for a rapid investigation. Kate Green, the shadow education secretary, said: “These are deeply concerning reports, and they must be investigated and resolved as a matter of urgency.”
The government’s promise to supply 1.3m devices to children in England whose remote learning has been held up because they have no computer has faced sustained criticism from school leaders, who have complained about long delays in receiving kit.
This latest setback could cause further delays as school IT staff redouble efforts to check for vulnerabilities and viruses before they distribute devices to pupils. One source, reported in the Daily Telegraph, suggested about 10% of the laptops they had received had been found to be contaminated.
Chris Hauk, consumer privacy champion at Pixel Privacy, said: “It may be a case of trying to quickly get laptops into the hands of children so that they could continue their schooling, and perhaps some corners were cut.”
The online post from Bradford, which flagged up the virus, said: “We have been made aware of the following issue from a Bradford school. They have just received their final assignment of Windows laptops from the DfE. The laptops are Geo Geobooks 1E.
“Upon unboxing and preparing them it was discovered that a number of the laptops are infected with a self-propagating network worm (Gamarue.I). The network worm looks like it contacts Russian servers when active.”
Gamarue.I, identified by Microsoft in 2012, is a worm capable of downloading files on to a PC.
“The DfE help desk has been notified and a screenshot of infected files has been provided to them. This shows the infected file was last modified on 7/12/2019 shortly after the laptop was manufactured. The DfE have confirmed that a few schools have reported this,” the Bradford school staff wrote.
Ray Walsh, an expert at ProPrivacy, the digital privacy consultancy, said the revelations were extremely worrying. “It will now be up to cybersecurity experts working for the government to explain how the malware made its way on to the computers and what kind of damage it might have been doing.
“This latest mishap is just another black mark on the government’s chaotic plan to provide laptops for disadvantaged pupils. It is vital that the government does not downplay the situation, and we now need the government to find out exactly how many infected devices have made their way to schools and potentially as far as pupils’ homes.”
Brian Higgins, a security specialist at Comparitech, a consumer research website, added: “While it is unclear where these particular laptops were sourced, it is absolutely vital that anyone seeking to source devices, whether they are bought using sponsorship or donated directly, be fully aware of the risk that they may contain dormant or active malicious software and research appropriate methods to make them safe before they are distributed to homes and families.”
Green added: “Gavin Williamson must decide if he is going to put in place a credible plan for children to learn at home, or if he will just tell the Russian server to go away and shut up.”
The problem was reported by staff at a school in Bradford who raised the alarm on an online IT forum. Enquiries are under way to establish how many devices are affected, where they were sourced and whether any are already in the hands of pupils.
The Department for Education (DfE) confirmed its IT teams were in touch with those who had reported the issue. A spokesperson said fewer than 10 schools had reported the problem, and claimed all the devices came with anti-virus software already installed, which neutralised the virus during set-up.
“We have been investigating an issue with malware that was found on a small number of the laptops provided to schools as part of our Get Help With Technology programme.
“In all known cases, the malware was detected and removed at the point schools first turned the devices on.
“We take online safety and security extremely seriously and we will continue to monitor for any further reports of malware. Any schools that may have concerns should contact the Department for Education.”
Labour called for a rapid investigation. Kate Green, the shadow education secretary, said: “These are deeply concerning reports, and they must be investigated and resolved as a matter of urgency.”
The government’s promise to supply 1.3m devices to children in England whose remote learning has been held up because they have no computer has faced sustained criticism from school leaders, who have complained about long delays in receiving kit.
This latest setback could cause further delays as school IT staff redouble efforts to check for vulnerabilities and viruses before they distribute devices to pupils. One source, reported in the Daily Telegraph, suggested about 10% of the laptops they had received had been found to be contaminated.
Chris Hauk, consumer privacy champion at Pixel Privacy, said: “It may be a case of trying to quickly get laptops into the hands of children so that they could continue their schooling, and perhaps some corners were cut.”
The online post from Bradford, which flagged up the virus, said: “We have been made aware of the following issue from a Bradford school. They have just received their final assignment of Windows laptops from the DfE. The laptops are Geo Geobooks 1E.
“Upon unboxing and preparing them it was discovered that a number of the laptops are infected with a self-propagating network worm (Gamarue.I). The network worm looks like it contacts Russian servers when active.”
Gamarue.I, identified by Microsoft in 2012, is a worm capable of downloading files on to a PC.
“The DfE help desk has been notified and a screenshot of infected files has been provided to them. This shows the infected file was last modified on 7/12/2019 shortly after the laptop was manufactured. The DfE have confirmed that a few schools have reported this,” the Bradford school staff wrote.
Ray Walsh, an expert at ProPrivacy, the digital privacy consultancy, said the revelations were extremely worrying. “It will now be up to cybersecurity experts working for the government to explain how the malware made its way on to the computers and what kind of damage it might have been doing.
“This latest mishap is just another black mark on the government’s chaotic plan to provide laptops for disadvantaged pupils. It is vital that the government does not downplay the situation, and we now need the government to find out exactly how many infected devices have made their way to schools and potentially as far as pupils’ homes.”
Brian Higgins, a security specialist at Comparitech, a consumer research website, added: “While it is unclear where these particular laptops were sourced, it is absolutely vital that anyone seeking to source devices, whether they are bought using sponsorship or donated directly, be fully aware of the risk that they may contain dormant or active malicious software and research appropriate methods to make them safe before they are distributed to homes and families.”
Green added: “Gavin Williamson must decide if he is going to put in place a credible plan for children to learn at home, or if he will just tell the Russian server to go away and shut up.”
