Hacking into a school's computer system and changing grades is not something especially new or novel. However, a 16-year old student named Matthew C. Beighey in Clifton Park, New York who attends Shenendehowa High School supposedly developed a computer application that kept teachers there from posting their final grades, a story in the Albany TimesUnion says.
The school's computer system used to keep attendenance and grades was easily hackable, the school's spokesperson seemed to admit in the story. To access the computer, teachers and administrators enter their user names and password per usual. However, user names are widely known as being a simple combination of letters of a teacher's first and last names.
In addition, if a user's password is entered incorrectly three times, the system locks that person out.
So Beighey wrote an application that correctly entered teachers names, and then tried to log-in using an incorrect password three times. Presto, he locked everyone out. Tech support had to be called to let the teachers and administrators back into the system.
Last year, says the TimesUnion, Beighey was accused of posting the personal information - including Social Security numbers, drivers' licenses numbers and home addresses - of 250 district employees on his personal web site. Apparently, he was also involved in another violation of the school district's acceptable computer use policy before that episode.
Beighey has now been charged with two misdemeanors: unauthorized use of a computer and third-degree identity theft.
With those credentials and publicity, the US government is probably sending him job applications.
And given all the publicity, I predict that other high school students this coming school term will try Beighey's modified denial of service technique at their schools, since most school computer systems likely operate with approximately the same approach to security as his did.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.