Schoolchildren Use Phishing Scam to Take Over Computers

Written by Sue Walsh on May 6, 2013

hackers at the schoolA group of 12 and 13-year old students at Schoenbar Middle School in Ketchikan, Alaska were able to take control of over 300 computers after crafting a phishing scam and  sending the emails to various teachers. The messages asked them to log in to accept a software update. When they did so, the students got their administrative privileges. It’s not clear what they did with their stolen powers or how they were caught, but the school’s principle says no data was compromised and personal information remained unseen.

“I don’t believe any hardware issues were compromised,” Casey Robinson, the principal, told community radio station Ketchikan FM. “No software issues were compromised. I don’t think there was any personal information compromised. Now that we have all the machines back in our control, nothing new can happen. How we do business is definitely going to have to change when it comes to updating programs and resources that we have on the machines.”

The group, which is said to be made up of at least 18 students, is presumably facing disciplinary action. The computers they accessed appear to all have been set up for student access only, so it doesn’t appear they tried to change grades or edit report cards. This goes to show just how easy it is to create and carry out a phishing scheme, and that even educated professionals such as teachers can, and do, fall for them. Simply educating end users isn’t enough. Networks should have strong filters in place and if appropriate, links in emails should be blocked completely. Use of blacklists can help you block known phishing sites, adding another layer of protection.

Comments

Lisa S. May 8, 2013

My gut feeling is that the kids did do some damage and principal just doesn’t want to disclose it. These days it’s so easy for kids to fool adults who are barely computer-literate, so probably it wasn’t very hard to trick the teachers into getting the ‘update’. If the attack was from the inside, this made it easier to bypass spam filters and this must have made it really easy to do.

Markkie May 16, 2013

Lisa is right. There may have been some data compromised, but it’s either the administration does not want to let the public know or they simply have no idea that damage was done. Principal Robinson is right to acknowledge that there is a need to review and change the way they update their programs. Nowadays, one does not have to be a geek or an IT expert to create a phishing campaign. To avoid similar incidents in the future, the school administration and its IT experts should find a way to address critical issues like security against technically knowledgeable students.

Chuck May 20, 2013

I really don’t know how or what to make of this story. On the one hand, I am glad to know that kids these days are more brilliant when it comes to PCs or anything related to technology. On the other side, I am deeply saddened they’re using such intelligence for the wrong reason. I have to attribute the issue with being young, but I’m hoping they’ll be corrected immediately.

  • (required)
  • (required)