Saturday, May 4, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Axios school electronic register? Hacked!

3 years ago babelfish

Axios school electronic register? Hacked!

The article by Umberto Rapetto, director of Infosec.news

The dream of the donkey students has come true. The loss of the data stored in the computer system that manages the electronic school registers goes beyond Lucignolo's most ambitious expectations.

The fact is of such gravity as to leave speechless even those accustomed to not losing the opportunity to beat the misdeeds that unfortunately abound in the national technological scenario.

While everyone (thanks to the atmosphere of the past Easter) awaits the resurrection of the sophisticated IT infrastructure on which the functioning of the Schools rests, I am assailed by an irrepressible curiosity.

I would love to know who approved this system, who is – in practice – “the Del Monte man who said yes”.

The answer is simple and does not require gigantic efforts, although in the turmoil of these days no one bothered to ask the question.

If to impart their charismatic blessing were the departments in charge of Education and Innovation, it must be said that the consecration of the suitability of electronic registers is to be recognized by the Agency for Digital Italy (or AGID for lovers of acronyms ).

" Income quae sunt Caesaris Caesari et quae sunt Dei Deo " would write a boy accustomed to copying during DAD or distance learning if you prefer.

The platform in which the disaster of Italian teaching takes place was examined and approved by the Agid specialists, resulting "QUALIFIED" from April 24, 2019 (pre-pandemic period during which we could meet, there was a way to carry out inspections and give physically tested and tested …).

It must be said that for reasons of security and reliability (as in this case) the Public Administrations (and here the schools) from 1 April (ouch, bad day) of 2019 can " acquire only IaaS, PaaS and SaaS services qualified by AgID and published in the Cloud Marketplace ".

We translate for those who still speak Italian happily and not only to celebrate the 700th anniversary of Alighieri.

In the world where it is cool to use inaccessible acronyms or pretend to know English (or where the two tricks meet to make no one understand anything and make smoking a weapon of mass "distraction" …), the IT services provided through the Internet and placed outside the sphere of those who benefit from it, they are placed "in the cloud" (ie on a sort of "cloud" distant from the user and shared among several subjects).

Depending on their type and the different roles of the service provider and the user, they are classified as "IaaS" (Infrastructure as a Service, where the infrastructure is managed entirely by the supplier), "PaaS" (Platform as a Service, where the supplier only makes the infrastructure available and the customer develops its software) and "SaaS" (Software as a Service, where the customer only uses the supplier's "machines" and programs).

SaaS services (such as that of the electronic register) are those where the customer only fulfills the role of user and pays handsomely for the service that is provided.

The schools have chosen the electronic register solution through the "Cloud Marketplace" , or the Internet site where the Anglophone Agid has not been able to find an Italian name to label it.

Taking verbatim what the Agency for Britain… sorry, for Digital Italy publishes online “ The AgID Cloud Marketplace is the platform that displays the services and infrastructures qualified by AgID in accordance with the provisions of AgID Circulars no. 2 and 3 of 9 April 2018. Inside the Cloud Marketplace it is possible to view the technical data sheet of each service which highlights the technical characteristics, the cost model and the service levels declared by the supplier during the qualification " .

On the basis of the Eleventh Commandment, according to which "you will have no other SaaS other than me", the Schools have acquired the "electronic register" system relieved in their decision by the "qualification procedure" with which the Agid has excluded solutions that could manifest contraindications or problems of any kind.

The school managers, reading that for the Axios Didactic service " APP RE Alunni is the App dedicated to pupils who use the Axios Electronic Register " and even that " Axios Digital Secretariat is the heart of the Digital School and takes care, in every aspect, of the life cycle… ”, they could not imagine the catastrophe of these days .

The rigor of the selection of products and the meticulous dynamics of their approval is proven by the long times that elapse between the OK to the "Axios Digital Secretariat" (11.15 am on the day before April 24, 2019) to that of the RE Alunni APP (11.45 of the same day 24). A half hour dedicated to the Digital Secretariat is endless if you consider that at 9.15 pm on 29 August 2019 (challenging the summer heat wave) in the same minute (as can be read in the technical sheets placed on the "Cloud Marketplace") the Digital Agency approved the Services " Axios Web Services – MAD-ACC ", " Alternanza Scuola Lavoro Web " and the very delicate " Cloud Backup ".

Let's stop here. Now someone tell who took care of it and – in addition to wondering how much it costs and how the evaluation team was chosen – begin to do two accounts of the damage that the "crime" has caused to the entire community in such a delicate moment.

One wonders what Agid did to remedy (given that it issued the "license" of suitability for the hi-tech service of the electronic register) or at least to suggest initiatives aimed at mitigating the negative effects of such an embarrassing situation.

Ask those who talk about the "digital transition" if this is the first step. Towards the abyss.

Article published on infosec.news

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/cosa-dice-agid-sul-registro-elettronico-hackerato-di-axios/ on Sun, 11 Apr 2021 05:36:26 +0000.