3rd Grader Accused of Hacking Schools' Computer System

Gud writes "According to The Washington Post a 9-year-old was able to hack into his county's school computer network and change such things as passwords, course work, and enrollment info. From the article: 'Police say a 9-year-old McLean boy hacked into the Blackboard Learning System used by the county school system to change teachers' and staff members' passwords, change or delete course content, and change course enrollment. One of the victims was Fairfax Superintendent Jack D. Dale, according to an affidavit filed by a Fairfax detective in Fairfax Circuit Court this week. But police and school officials decided no harm, no foul. The boy did not intend to do any serious damage, and didn't, so the police withdrew and are allowing the school district to handle the half-grown hacker.'"

Re:More likely,

[Rary]

Some dumb teacher probably just left their admin password laying around on a post-it note, or hell even left some admin interface open unattended, and doesn't want to admit it. Therefor, "hacking"!

Actually, although TFA doesn't provide any details about how the "hack" occurred, they do differentiate between this and a similar case where someone merely obtained someone else's password. The implication of the article is that there was actual technical skill of some kind involved.

Re:More likely,

[commandermonkey]

ABS News has another article about the incident:

According to a search warrant, the computer savvy boy was able to get a hold of an administrator's password at Spring Hill Elementary to get into the Blackboard learning system

http://www.wjla.com/news/stories/0410/726170.html

Blackboard

[Arancaytar]

Is the proprietary online education platform with an apparent side job as a patent troll, if memory serves.

Given its closed nature, I wouldn't be surprised if their software is full to the brim of SQL injection, XSS and CSRF vulnerabilities that an interested elementary school student can exploit.

Re:More likely,

[fuzzyfuzzyfungus]

Oh, I've heard some real horror stories from colleagues who have worked in other districts. It sounds like there is some seriously mismanaged crap going on out there, horrible churn, completely unclear mission, near-nonexistent resources(obviously, schools don't need the newest and shiniest; but if admins are being forced to use their personal vehicles to drive from building to building because the "IT Director" won't approve any sort of remote management tools, or make even basic efforts in the direction of maintaining decent network uptime, that just doesn't make sense).

My personal experience, though, has been pretty benign. Some sub-optimal stuff(some of which I was able to get fixed, some not); but mostly the same dynamics you'll see in IT anywhere, just with a somewhat longer replacement cycle, lots of customish apps, and fewer 50k SANs.

Re:I got accused of "Hacking" also...

[profplump]

6/10. Next time remember that drive letters belong to DOS, that most of the Mac with built-in monochrome CRTs didn't have internal hard drives, that token-ring devices were typically connected to a MSAU that took offline hosts out of the loop, and that encryption was not readily available -- particularly whole-disk encryption that can be applied while running from the disk in use -- anytime that the computers described in common use. Also try to work in an offensive or controversial person or group name for maximum effect.

Re:Dade Murphy?

[severoon]

Whoops, I think there's a minor error in this summary and the headline of the article. It should read, Fairfax County public school system administrators criminally negligent in securing sensitive data. There, glad I fixed that...