Eleven US schoolkids expelled for hacking teacher accounts, bumping up grades

Filed Under: Featured

Hacker imageA group of teenagers from Orange County, California, have been expelled from school for breaking into teacher accounts to cheat on tests and adjust their grades.

The 11 youths, from Corona Del Mar High School in the Newport Beach area of Southern California, apparently used a hardware keylogger to snoop on their teachers' login and password details.

They then used the stolen login codes to access information on upcoming tests, and to change grades from earlier periods of their education.

They are believed to have acquired the keylogging device from a private tutor, who is also alleged to have taught them how to operate it.

The tutor, Timothy Lance Lai, is wanted for questioning by local police, who have searched his home but have so far been unable to locate the man himself.

The local district education board voted to expel all those involved, but stopped short of barring them from all schools in the district, at least in the cases of those children still living in the area - six of the eleven are thought to have moved away following the discovery of the hacking incident.

School administrators will now have to analyse 52,000 changes made to grade records in the past year to look for unauthorised adjustments, while locals suggest there may be many other people involved and have complained of a "culture of cheating" at the school.

The ever-increasing use of technology in education keeps raising new problems, from security and privacy viewpoints.

Children are being fingerprinted or tracked using ID cards, while their online social activities are being monitored and tracked to see what they are up to outside of school.

They are also more than capable of bypassing security, such as when LA schoolkids were handed iPads which were meant to be locked down but proved easily unlocked.

Storing highly sensitive data such as future test content and past gradings is also a glaring target for hacking into, and we have previously seen data being diddled to improve grades, thanks to leaked login info and keyloggers.

Diverse requirements and low budgets make school networks easier targets

School networks and computer systems tend to be harder to secure than those in business settings, combining low budgets for equipment, software and skilled administrators with diverse requirements and locations.

It would seem worth the effort to ensure important data such as grades and tests are well secured though. Something as simple as different user rights for students and teachers is probably not enough.

It might make more sense to block all access to test and grade data from terminals accessible to students, and provide teachers with access to a segregated network section, ideally from systems in off-limits areas.

Preventing keyloggers

Hardware keyloggers are notoriously hard to detect unless physically spotted, making them a common tool for everything from snooping on spouses to bank heists.

From this angle the main defense is physical - preventing or restricting access to cables and ports, for example by having terminals built in to special furniture which only exposes screen, keyboard and mouse.

This may not be foolproof, but it does at least put up some sort of barrier, making it harder for people to slip a device into place while your back is turned.

Kids are endlessly inquisitive so it will always be a challenge to keep them out of things they want to pry into, but it shouldn't be beyond our capabilities.


, , , ,

You might like

3 Responses to Eleven US schoolkids expelled for hacking teacher accounts, bumping up grades

  1. Richard Klimming · 239 days ago

    I personally don't believe they should have been expelled. Everyone's done stupid things in their life; these were just some teens who got encouraged by an adult to do the stupid things. It's not every day that a teacher tells you how to change other teachers' grades. However, that's not to say the teens should not be punished.
    I think a suspension and having to prove they are capable of making the grades they gave themselves would be punishment enough. Expelling them just forces them to go to schools for people that are too violent for public schools, which they will certainly never forget.

    • this is called cheating, or better yet, its called STEALING, FORGERY, FRAUD, and any other less negotiable terms. these may be intelligent children, but they exhibit classic criminal behaviors. time-out is good for K-6 but after that, THEY KNOW BETTER! and these brats knew exactly what they were doing.

    • ODA155 · 239 days ago

      I knew there would be someone making excuses for them... I personally think they should be expelled for the rest of the school year AND receive failing grades. If you do not attempt to fix the problem here... then where and when do you address it... stop? Just because a system or your house is not secure as you'd like does NOT give anyone the right or the privilege to enter unauthorized... what would your argument be if your house was broken into because you have cheap locks?

      "Expelling them just forces them to go to schools for people that are too violent for public schools, which they will certainly never forget."... too bad, good kids thrive under those conditions everyday, if they took the time to learn to hack into the system they could just have easily learned the work for which they were trying to get an undeserved grade.

      So, where is the "punishment"? Surely you don't think a suspension and harder school work is punishment... or do you?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.