Students Hacking School Systems

Students in Michigan have hacked into a school district’s computer system, changing grades and attendance records.

Superintendent of Orchard View Schools, Jim Neilsen, said in a statement on Facebook:

Dear Parents,

Late last week, we became aware of a data breach in PowerSchool, our student information system. At this time, the breach appears to be limited to the high school. We immediately launched an internal investigation and have found some unauthorized changes have been made to grades and attendance. The investigation is still ongoing. We have notified the parents of the students we know were involved. If you have questions or concerns, please contact me.

According to Neilson, a small group of students at Orchard View High School made unauthorized changes to attendance records and grades.

It is not yet known how the school official’s learned of the breach, or whether the students in question have faced any disciplinary action. However, it has been reported that the parents of the students in question have been notified.

This isn’t the first time students have attempted to hack into school systems to change grades.

In 2015 three Commack High School students were found to have hacked their school’s computer system and altered schedules and grades, according to police. Daniel Soares, Alex Mosquera and Erick Vaysman, all 17 years old, were arrested for the hack.

Detective Sgt. John Best said:

[Soares] entered into the school after hours, into classrooms, and installed hardware commonly referred to as a key logger, or keystroke logger, he installed it onto a computer that the teachers would use and he would go back a day or two later and retrieve the device after hours when the school was closed. . .Any teacher that logged onto that computer and accessed the school network from that computer, he had their password and username. And then, with that password and username, he was able to access the computer network at any time from any computer outside the network and access the teacher’s accounts.

In October 2018, two students, Jeremy Currier and Seth Stephens,  were reported to have taken over their school’s computer system – an attack carried out over a number of years. In 7th grade, the pair bypassed their middle school’s internet filters in order to watch YouTube on their lunch break. This seems innocent enough, but the hacking quickly escalated.

By the time they were caught more than two years later, they had managed to conduct a number of shady activities on the Rochester Community School’s computer network.

They had access to the passwords, logins, phone numbers, locker combinations, grades and lunch balances of 15,000 students. They could even view tests, answers and emails of the teachers. They also used school district servers to mine for cryptocurrency.

Jeremey said:

It wasn’t anything malicious, I mostly just wanted to figure out what else I could do.

Often students to engage in this kind of hacking can find themselves facing criminal charges. It has sparked some debate in the industry whether schools should be encouraging an outlet for teenagers with this kind of hacking ability. After all, being able to successfully hack a school system as a young teen is an impressive feat. These kids may grow up to be great white hat hackers, or they may spend a considerable amount of time in prison. Maybe schools should do more to nurture these skills through the right channels?