Eleven CA schoolkids expelled for hacking teacher accounts, bumping up grades
A group of teenagers from Orange County, California, have been expelled from school for breaking into teacher accounts to cheat on tests and adjust their grades.
The 11 youths, from Corona Del Mar High School in the Newport Beach area of Southern California, apparently used a hardware keylogger to snoop on their teachers’ login and password details.
They then used the stolen login codes to access information on upcoming tests, and to change grades from earlier periods of their education.
They are believed to have acquired the keylogging device from a private tutor, who is also alleged to have taught them how to operate it.
The tutor, Timothy Lance Lai, is wanted for questioning by local police, who have searched his home but have so far been unable to locate the man himself.
The local district education board voted to expel all those involved, but stopped short of barring them from all schools in the district, at least in the cases of those children still living in the area – six of the eleven are thought to have moved away following the discovery of the hacking incident.
School administrators will now have to analyse 52,000 changes made to grade records in the past year to look for unauthorised adjustments, while locals suggest there may be many other people involved and have complained of a “culture of cheating” at the school.
The ever-increasing use of technology in education keeps raising new problems, from security and privacy viewpoints.
They are also more than capable of bypassing security, such as when LA schoolkids were handed iPads which were meant to be locked down but proved easily unlocked.
Storing highly sensitive data such as future test content and past gradings is also a glaring target for hacking into, and we have previously seen data being diddled to improve grades, thanks to leaked login info and keyloggers.
Diverse requirements and low budgets make school networks easier targets
School networks and computer systems tend to be harder to secure than those in business settings, combining low budgets for equipment, software and skilled administrators with diverse requirements and locations.
It would seem worth the effort to ensure important data such as grades and tests are well secured though. Something as simple as different user rights for students and teachers is probably not enough.
It might make more sense to block all access to test and grade data from terminals accessible to students, and provide teachers with access to a segregated network section, ideally from systems in off-limits areas.
From this angle the main defense is physical – preventing or restricting access to cables and ports, for example by having terminals built in to special furniture which only exposes screen, keyboard and mouse.
This may not be foolproof, but it does at least put up some sort of barrier, making it harder for people to slip a device into place while your back is turned.
Kids are endlessly inquisitive so it will always be a challenge to keep them out of things they want to pry into, but it shouldn’t be beyond our capabilities.
Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/QruLAD98w2A/