May 3, 2013
18 Alaskan Teens Use Phishing Scam To Hack School System
Michael Harper for redOrbit.com — Your Universe Online
At least 18 Alaskan students are accused of using a phishing scam to gain control over the computers at their middle school. According to the Anchorage Daily News, these students hacked into the school-owned laptops after tricking a teacher into giving them an administrative password. Once inside, the unnamed students accessed their classmate´s laptops remotely using a feature built for teachers to monitor their students.
The Ketchikan school has now seized each of the 300 laptops loaned to students in order to identify any other students involved. Once the investigation is complete, the school district will determine the appropriate punishment for the adolescent cybercriminals.
In an interview with Ketchikan FM station KRBD, Casey Robinson, principal at Schoenbar Middle School, explained how the students were able to get administrator access and spy on their classmates. According to Robinson, these students used a trick most often used by the youngest of children: asking for a password to upgrade a piece of software.
“Students were manipulating their machines, so the teachers thought they were installing an upgrade of Java for example, and in the background something else was running that the teacher was actually logging into as well. And it only took one time,” explained Robinson.
Jurgen Johansen, the district´s technical supervisor, said the method used by the students to hijack the system has been used for many years. He also said he´s surprised this hasn´t happened sooner, but a few rookie mistakes made by the students blew their cover pretty quickly.
Once the students had access to the teacher´s account, they began making new administrator accounts for one another. With these accounts the students spied on each other and their peers. Some classmates noticed their laptops were acting unusual, as if being controlled by another person, and notified their teachers. Robinson said the students first hacked into the system last Friday and students reported the prank the next Monday.
"We've got some really good kids here," said Robinson in an interview with the Associated Press. "When they know something's not right, they let an adult know."
The school has since retrieved each of the 300 laptops that were available to students and have begun an investigation to determine what else these students did while they had access to administrative accounts. Robinson says that so far, they haven´t found any additional hardware or software issues.
“I don´t think there was any personal information compromised. Now that we have all the machines back in our control, nothing new can happen.”
Johansen said his IT team will be putting in a lot of overtime to complete their investigation and find each of the students involved in this hack. Though he said he was surprised this kind of attack hasn´t happened sooner, Johansen and the district are using this incident to review their loaned computer policies. This means the agreement signed by students and parents and the student code of conduct will likely have to be amended to prevent this sort of attack from happening twice.
“How we do business is definitely going to have to change when it comes to updating programs and resources on the machines,” said Robinson.
“Yes, something new is going to have to happen.”