The February 2024 issue of IEEE Spectrum is here!

Close bar

High School Student Locks Out Teachers From Posting Grades

Exposes His and Probably Other School Systems' Poor IT Security Practices

1 min read
High School Student Locks Out Teachers From Posting Grades

Hacking into a school's computer system and changing grades is not something especially new or novel. However, a 16-year old student named Matthew C. Beighey in Clifton Park, New York who attends Shenendehowa High School supposedly developed a computer application that kept teachers there from posting their final grades, a story in the  Albany TimesUnion says.

The school's computer system used to keep attendenance and grades was easily hackable, the school's spokesperson seemed to admit in the story. To access the computer, teachers and administrators enter their user names and password per usual. However, user names are widely known as being a simple combination of letters of a teacher's first and last names.

In addition, if a user's password is entered incorrectly three times, the system locks that person out.

So Beighey wrote an application that correctly entered teachers names, and then tried to log-in using an incorrect password three times. Presto, he locked everyone out. Tech support had to be called to let the teachers and administrators back into the system.

Last year, says the TimesUnion, Beighey was accused of posting the personal information - including Social Security numbers, drivers' licenses numbers and home addresses - of 250 district employees on his personal web site. Apparently, he was also involved in another violation of the school district's acceptable computer use policy before that episode.

Beighey has now been charged with two misdemeanors: unauthorized use of a computer and third-degree identity theft.

With those credentials and publicity, the US government is probably sending him job applications.

And given all the publicity, I predict that other high school students this coming school term will try Beighey's modified denial of service technique at their schools, since most school computer systems likely operate with approximately the same approach to security as his did.

The Conversation (0)