Teenagers improperly gained control over the school’s student-information system from California to New Jersey. At least 10 states were affected by this hacking scheme. Students were changing grades with minimal knowledge of the system (Herold, 2018). Students were finding teachers passwords or login credentials making the process much easier to do. The failure comes from the school because the schools were not requiring teachers to have complex passwords, two-factor authentication or basic measures to protect their password or network (Herold, 2018). “The biggest challenge to maintain cybersecurity is not technology but people (Herold, 2018)”. Although, changing school records is nothing new to education because students have been changing their or someone else’s records for years in order to get to the top of their class or to make it into the best schools (Herold, 2018). Figuring out the best discipline for a child who does something of this nature but, not giving them too harsh of a sentence will be beneficial to the child because he or she is only a kid. By giving the kid prison time could be a very harsh way to punish the child making them possibly wanting to stay away from technology in general, but giving them enough punishment to make them not want to go against the rules again will be just enough punishment until they truly understand why.
There is a state law that makes it a crime to access certain computers or computing systems without authorization called the Computer Fraud and Abuse Act. Back in the 70’s both Steve Jobs and Bill Gates would have been punished based on this law but, it was not created until later (Herold, 2018). If either of them were punished based on this law, then there will currently be no Apple or Microsoft. There have been a few cases within the United States in which, students have changed grades and it resulted in a delay of announcing top student performers, changing of grades over a six-month period was another case that resulted in sentencing students to over 10-years in prison because students were using phishing schemes to obtain teacher credentials once a teacher opened the phishing email and used their correct login credentials their credentials would be stolen by the student who created the phishing email (Herold, 2018). This resulted in over a dozen student getting grade changes and felony counts being given after the investigation. “We’re telling kids that tech is the future and learning to code is where all the good jobs are, but it’s not surprising that they would use these tools to test limits, including with the school IT system they best know (Herold, 2018)”. Another case occurred when students used the schools student-information management system and a software program to submit to college applications and transcripts to improve their profile for IVY League Universities (Herold, 2018). After an investigation, students were suspended and college applications were rejected after they were accepted. Some children had to re-do school work where grades were changed and delay graduation because of all the issues that arise during the investigation process (Herold, 2018).
Hacker Prevention Methods:
- Train staff on good password practices
- Require two-factor authentication
- Only give people access to information who need it
- Patch software regularly
Overall, it is not idea for teachers to leave their passwords around children or even in public eye due to hacking issues of this nature. There are many kids who are not willing to just work hard for their grades so, they find ways around it like hacking the grading system to make them look better on paper by creating the A’s and/or B’s on their transcript in order to eventually get into top school’s. By following the Hacker Prevention Methods an organization will help decrease their chances of being hacked by students and others.
Â
Resource
Herold, B. (2018, June 12). Student Hacking highlight Weak K-12 Cybersecurity. EducationWeek. Retrieved from https://www.edweek.org/ew/articles/2018/06/13/student-hackings-highlight-weak-k-12-cybersecurity.html
MillerOnCyber 