A New Breed of Hackers: Students

Courtesy Kevin Wu via Unsplash

By Patricia Carls, Contributing Writer

Originally published March 17, 2020.

 

Cyber attacks are an increasing problem in the digital age. According to Tech Jury, these illicit activities have affected around 145 million Americans, and are predicted to cost the world $6 trillion annually by 2021. More worrisome, perhaps, is how America’s schools have become easy targets due to a lack of good cybersecurity protocols. The irony, however, is that it is the students themselves that are hacking their own schools.

 

A new breed of hackers

 

Rather than play the likes of Apex Legends, a few students are actually creating their own entertainment by hacking into their school’s systems. And this is becoming an increasingly common occurrence as shown by the following cases:

Bloomfield Hills: The case of the changing grades

 

Back in 2018, officials of Bloomfield Hills High School discovered a hi-tech ruse. Multiple students illicitly accessed the school’s MISTAR Student Information System, and then changed their and other students’ grades. They even tried to refund their lunch purchases. The school didn’t divulge the specifics of the case, but the likelihood is that the students used spear phishing on staff who had access to MISTAR.

 

Downingtown Area School District: Hacking for the win

 

Last year, a lone student from Downingtown Area School District breached the school’s student portal called Naviance. The breach, according to school officials, wasn’t malicious, as the hacker just wanted to gain a competitive advantage in the school’s Senior Water Games. Nevertheless, students were advised to change their passwords, while the school reinforced their system.

 

Bill Demirkapi: The high school hacker

 

For three years, Bill Demirkapi hacked two common pieces of software used by his school in Lexington, Mass.,Blackboard and Aspen (developed by Follett). Wired reports that Demirkapi was just a curious teenager, but one who uncovered some serious issues that could allow other hackers to gain access to student data through the software. Since then, Demirkapi reported his findings to Blackboard and Follett, and both have fixed said issues.

 

Bigger picture implications

 

These hacks are indicative of a larger, more pressing issue: that of cybersecurity. In particular, these cases underscore the huge cybersecurity gaps in educational institutions. Even more worrying is that this is happening at a time when there is an increased emphasis on the widespread nature of cyber attacks. A Maryville University report on cybersecurity points out that governments, financial institutions, and healthcare organizations are now heavily invested in securing their data. In fact, an article by CPO Magazine predicts that global spending on cybersecurity will reach $10 billion by 2027, which is further proof of how important it is in today’s digital landscape. The education sector needs to make this same investment, as a single cyber attack can expose vast amounts of personal data, such as the names and contact details of students and teachers to cybercriminals.

 

So far, these hacking incidents involving students have been rather innocuous. But the big picture implications of these cases shouldn’t be dismissed. That’s in light of a Michigan State University study that suggests a plausible connection between juvenile delinquency and more serious cybercrime tendencies in the future. In other words, there is a likelihood that student hackers could ultimately become full-blown, criminal hackers.

The good news is that the education sector is responding. For instance, the SANS Institute is encouraging students with hacking skills to learn about the cybersecurity industry in order to develop their skills for future careers. Some older students are even being given access to training programs used by full-time cybersecurity specialists. These young hackers will become the next line of defense in the coming years. These cases, therefore, need to serve as a wake-up call for America’s academic institutions: they must give cybersecurity the attention it warrants.