Schools around the UK have found that laptops provided by the Government arrived with a virus on them that connected to servers in Russia, raising concerns that hackers could steal data on vulnerable students.
Employees of a Bradford school that received laptops to help vulnerable students study at home said in an online forum that the machines contained malware installed by hackers.
The Department for Education (DfE) confirmed the incident and said the virus was “found on a small number of the laptops provided to schools.”
“In all known cases, the malware was detected and removed at the point schools first turned the devices on,” a spokesman said.
Schools now face days of extra work deleting software on laptops in order to make sure they are safe before sending them out to students, a source said. They added that around 10 per cent of the laptops they had received had been found to contain the virus.
There were concerns on Thursday that some computers with the virus may have been provided to students without proper checks. However, it’s thought that the number of schools who received the infected devices was in the single figures, and the in-built anti-virus software should block the malware from operating when the laptops are turned on.
Bradford Council contacted schools on Wednesday to warn them of the problem, writing that “the network worm looks like it contacts Russian servers when active”. A council employee told schools to treat the problem as “a matter of urgency” and to check their networks for any evidence that they had also been hacked.
“I know bad news isn’t what we need right now, but we’ve just fired up a bunch of these to prep [them] and a number of them have alerted … that a worm has been found,” wrote a school IT employee from Wolverhampton on an online forum.
An employee of a Lincolnshire school wrote that they had also detected viruses on laptops received from the Government.
Infected laptops were found to contain a variant of the Gamarue virus, which Microsoft warned “can give a malicious hacker control of your PC”. This could give hackers access to files as well as the computer’s web browser, but the virus has not been found to gain access to people’s webcams or microphones.
Access to hacked laptops running Gamarue has previously been sold online, allowing cyber criminals to control the devices and use them to flood other networks with hijacked computer traffic.
The laptops are understood to have been sourced by XMA, one of the three IT resellers supplying the Government with devices.
XMA was brought on board to help ramp up numbers of laptops available to schools after the summer term as part of a series of deals which saw the Department for Education procure more than 160,000 further devices amid growing concerns over the numbers of students without access to technology at home.
Filings on the Government contract website show XMA was paid £12 million to deliver an initial 69,000 devices, with the option for the DfE to buy a further 60,000, taking the total contract size up to £22 million. A second contract, worth £5.7 million and agreed in October, saw the company agree to deliver 26,449 more devices by November 13.
XMA did not immediately respond to requests for comment.