High schooler hacks his way to a higher GPA

Share on Twitter
Share on Google+
Share on LinkedIn
Share on Reddit
You’d think students smart enough to hack into their school’s IT system and change their grades wouldn’t need to hack into their school’s IT system and change their grades.
But, of course, smarts don’t automatically mean good grades. And in the hyper-competitive world of elite college admissions, good grades are frequently not good enough.
In this latest student hack, a 16-year-old senior at Tenafly High School, New Jersey, is being charged in juvenile court for allegedly breaching the school’s system, raising several of his grades (which then raised his overall GPA) and sending out college applications with the doctored transcripts.
The student isn’t being named, but NorthJersey.com reported that school officials discovered the breach, suspended the student and rescinded the transcripts.
And the incident also launched another discussion about the pressure to succeed.
Ashley Kipiani, who has tutored high school students for more than 15 years, told NorthJersey.com that the pressure to cheat, “is higher today as students aspire for a perfect grade point average, AP credits and a ticket into a top college.”
Sophos Home
Free home computer security software for all the family
Learn More
Given those incentives, it should not be a surprise that Tenafly is just one of many high schools and colleges targeted by students looking to hike their grades. Recent years are littered with similar stories:
The FBI arrested Trevor Graves, 22, a former University of Iowa wrestler, at the end of October and charged him with planting hardware keyloggers on several school computers. He allegedly compromised the information of 250 students, faculty and staff and changed his grades more than 90 times between March 2015 and November 2016.
Chase Arthur Hughes, 19, was arrested in September 2016, after allegedly using a professor’s account to access sensitive information, including employment history, credit, financial and medical information. He was accused of changing grades in two separate classes at Kennesaw State University, including bumping some students’ grades from an “F” to “A” and another from a “C” to “A”. For himself, police say, he changed his from a “B” to an “A.”
Roy Sun was sentenced to three months in jail in March 2014 after he was convicted of altering his grades – some from an F to an A – while he was a senior at Purdue University. Authorities said he and an accomplice, Mitsutoshi Shirasaki, broke into professors’ offices, installed keyloggers and then waited to hack into the university computer system until 10 minutes before professors’ deadline to submit their grades for the semester.
公司应该制定信息系统代码编写安全规范,规范开发人员对源代码访问权限的管理,有效保护公司信息资产安全。

国农科技完成重大资产出售 2016年净利增逾30倍
There are other past examples, of course, and there will surely be more. Business Insider reported in August that students don’t even have to do the hacking themselves.
(They) can access the Dark Web to hire a hacker to change their grades, attack their school’s network with a DDoS, buy drugs and more.
Still, one could argue that these hackers weren’t all that smart if they didn’t know enough to cover their tracks well enough to avoid being caught. In the Purdue case, authorities said the hackers changed professors’ passwords, failed to mask their IP addresses and weren’t “subtle” about the grade changes.
A large part of the problem, school and university officials have been admitting for years, is that academic systems are designed to be open, and are therefore less secure. At a 2014 SANS Security Leadership Summit in Boston, a panel of higher education IT officials said they try to keep things “reasonably safe,” but can’t be “dictators” about security.
Fitchburg State University information security officer (ISO) Sherry Horeanopoulos:
We work in an environment that is designed to be wide open and unguarded. Professors and students need access to resources that span the globe. So how do you take a top-down approach in a bottom-up environment?
Of course, it would help a lot simply to use basic security hygiene. In the case of the University of Iowa hack, the school didn’t use two-factor authentication (2FA) for its student management system, so the login credentials allowed Graves access to teachers’ accounts.
Indeed, using 2FA is no more “dictatorial” than locking office doors. It’s simple prudence.
很多大型企业被黑明显应是商业雇佣的黑客行为或国家支持的黑客行为,这种非常坚定的攻击者很老道,几乎所有的弱点都会被利用,防不胜防,还需多重防御体系。

猜您喜欢

商业间谍与黑客参与搜索专利大战 APT攻击让提升员工信息安全意识
公司应该加强对员工进行软件版权及许可证教育
网络安全法宣传视频系列001《网络安全法》背景知识
金正恩视察朝洲际弹道导弹发射车轮胎生产工厂
BABY-NICCA25 OPRFHS
信息安全不是意识形态“制脑权”的争夺