Teays Valley Christian School has been in the news this week because a student received a threatening message stating that if a specific file was not downloaded, a so-called “hit list” would be distributed using the student’s email.
The incident is being treated as a cybersecurity threat and is under investigation by the Sheriff and the West Virginia Fusion Center. The timeline of events follows.
On Thursday, March 20, the Putnam County Sheriff Department responded to a call from Teays Valley Christian School. A student at the school received an email stating if the student did not download a certain “file”, an assault “hit list” would be sent out under his name and email account.
Chief Deputy Shamblin stated in a March 21 Facebook post that the threat was not valid but the incident was being publicized to prevent misinformation from being spread. Shamblin reported that the Department had called upon the West Virginia Fusion Center (WVFC) to assist in determining the origin point of the email. The WVFC was established following the events of September 11, 2001, to collect, integrate, evaluate, analyze and disseminate information and intelligence to support local, state and federal agencies in detecting, preventing, and responding to criminal and terrorist activity.
On Sunday, March 23, Shamblin posted that deputies would be present at the school to assure a safe and healthy environment for students and staff on Monday and that law enforcement will continue to be proactive for the safety of the Teays Valley Christian School family.
On Monday, Shamblin shared some findings by the WVFC following an analyst’s examination of the student’s computer hardware:
(1) The student’s “Discord” account and google school account suffered a “sophisticated” attack causing both accounts to be compromised. To clarify, a discord account can be used as a video gaming chat platform.
(2) The student’s account was accessed (3) three different times by (3) different IP addresses within 20 minutes of the attack. All personal files were accessed within seconds.
(3) Patterns of the user’s habits on the account greatly differentiate before the March 20th attack and after the attack. Before the attack, a WV internet service provider was used. After the attack, three different internet providers were used from three different states.
Shamblin said that information that can be shared will be shared but that it was not possible to provide certain information relating to criminal consequences and dealing with juveniles.
Also on Monday, Sheriff Bobby Eggleton reported, “During this investigation, we have determined that the threat was not made by any student or staff of TVCS. We are committed to do all we can to find and prosecute the person responsible for this incident.”
The Putnam County Sheriff’s Office said they feel that students are safe at the school.
