A California teenager was arrested and charged with 14 different felonies after it was discovered that he launched a “phishing campaign,” to acquire teacher’s passwords and change grades. He did so by sending various emails in attempts to receive access to personal information.
The 16-year-old suspect was taken into custody last Wednesday after a two-week investigation by police. The investigation started when teachers in the Mount Diablo Unified School District began to report receiving peculiar emails that were later found to be part of the hacking attempt.
It worked like this: Teachers would receive an email that would then take them to a link that imitated the school’s personal portal. Once there, they would then be prompted to enter their login information. At least one teacher followed through with the login, and thus immediately gave the student simultaneous access to the districts IT network as well as their grading system. Once the student hacker gained access he changed the grades of himself and 10 to 15 other students, sometimes lowering them, sometimes raising them.
The local police department eventually got wise and was able to track the IP information to the student’s address. Once they arrived, a K-9 unit was able to sniff out a flash drive that may or may not have anything to do with the case. Honestly, the flash drive doesn’t need to have anything to do with the hack, because the student in question fessed up to the whole thing. He allegedly said, “It was like stealing candy from a baby.”
It really must be too, because this is far from the first time that a student has managed to bypass their school’s hilariously inept security system and do something like change grades. Earlier this month an Alabama high school student conducted a similar hack to change final grades. A 16-year-old in New Jersey student did the exact same thing in December 2017. Post-secondary institutions, despite having way bigger budgets to prevent things exactly like this, aren’t exempt either. A University of Iowa student was arrested by the FBI on hacking charges in November 2017. He allegedly lifted copies of exams and change the grades for himself and a few friends.
In all likelihood, 14 felony counts for a totally nonviolent and reversible crime probably won’t stick to a sophomore in high school. Regardless, this is just more evidence that schools should educate faculty on the value of setting secure passwords and raise the bar for digital security before someone goes phishing for more sensitive items like medical data or social security information.