Fairfax County Schools recently had a fairly significant breach of security. They thought their computers were being hacked.
They discovered unauthorised access to their Blackboard system, which is used for communication between teachers, parents and students. Someone appeared to have hacked into the system and was changing the teacher passwords at the Fall Church School in Virginia.
The school of course called in the local police. Imagine the school’s horror when they discovered during the subsequent investigation that the search for the “hacker” took police to the home of a 9 year old pupil at the school.
As it turned out the pupil had seen the teacher’s password on the teacher’s desk and took it home with them.
This password happened to have administrator rights which allowed them to enrol teachers in classes and change teacher’s passwords although it didn’t allow them to alter pupil’s grades or get into any other school systems.
“This was a case where an individual … got hold of a teacher’s password, and the passwords had administrative rights” said Paul Regnier, a school board spokesman.
So the would be hacker was not a hacker at all, merely an opportunist who took advantage of the teacher’s lack of attention to security.
“It was actually not a hack, unless you consider the fact that the 9-year-old took the teacher’s username and password from the desk a hack” said Michael Stanton, Blackboard’s senior vice president of corporate affairs.
Ok we get it, the school’s security was breached regardless of whether you call it a hack or not but more to the point who’s at fault here?
Why did the teacher leave the password lying around on a desk where anyone could have seen it?
Alright so the classroom was full of 9 year olds so it might have seemed safe enough when only pupils and other teachers might have come across it but it’s now clear that it wasn’t safe so the teacher has to accept some responsibility.
Secondly, it isn’t clear whether it was the pupil who stole the password who actually used it to access the site or if another member in the pupil’s home did it. In either case is the 9 year old a criminal?
What is clear is that there are lessons to be learned all round. Never, ever leave your password on view, even if you are stupid enough to write it down.
Never ever underestimate how capable the kids are as far as technology is concerned, they were born into it. Yes, even nine year olds are pretty tech savvy these days.
No comments:
Post a Comment