[ISN] Palm Beach County schools learn tough lesson: Hackers can always break in

From: InfoSec News (isn@private)
Date: Mon Mar 27 2006 - 22:19:02 PST


http://www.sun-sentinel.com/news/local/palmbeach/sfl-pgrades27mar27,0,2175689.story?coll=sfla-news-palm

By Marc Freeman 
South Florida Sun-Sentinel Education Writer 
March 27 2006 

Despite numerous measures to protect its computer network and prevent
hacking, Palm Beach County schools appear to be a victim again.

A recent breach under police investigation -- possible grade changing
by several students -- adds to a growing number of attacks on
seemingly defenseless schools and colleges across Florida and the
country.

The sobering reaction among national experts and educators: Students
and employees who want to cheat or attack computer networks are likely
to be successful, regardless of high-tech security features and
repeated warnings to abide by the rules.

"It's going to happen more," warns Greg Lindner, director of
technology for the 60,000-student Elk Grove Unified School District,
near Sacramento, Calif.

During the past two years, Elk Grove high school students hacked into
computers in three incidents, stealing personal information and
changing grades of three-dozen other students. The violators used
illegal hacking software and keystroke-recording devices.

"It captures [user] log-ins, their passwords, everything," Lindner
said, who hopes recent network enhancements are more effective at
blocking would-be hackers.

Palm Beach County School District administrators declined to discuss
details about their ongoing inquiry, but last week, in response to a
request under the state open-records law, released confidential
reports outlining their computer-security programs and procedures.

"We don't go out and publicize what we do and what we don't do for
obvious reasons," said Linda Mainord, district chief technology
officer. "We are trying to use best practices as associated with a
large computer installation."

In April, administrators produced a plan outlining investigative and
other security procedures to use after an incident. The blueprint
followed the case of a high school student from Palm Beach Gardens who
hacked into the district's computer systems in December 2003 and
January 2004.

Besides the incident-response guide, the district's Information
Technology department oversees 19 ongoing computer-security projects,
aimed at preventing attacks, documents show.

In another proactive measure, the district requires all of its
computer users to sign a form promising to avoid improper activity. In
the schools, character-building lessons and behavior programs are
aimed at preventing abuses, which helps curtail cheating and possibly
computer hacking, district spokesman Nat Harrington said.

"Everybody knows what the expectations are," he said. "Everybody knows
what the consequences are. That has cut down on a lot of incidents."

The district's measures to prevent computer crimes appear to follow
strict guidelines recommended by the International Society for
Technology in Education, a Washington, D.C., nonprofit organization
that advocates expanding technology in schools.

Leslie Conery, the group's deputy chief executive officer, said school
systems must develop and promote policies regulating the acceptable
use of computers. Second, the schools need to have an action plan for
what steps to take after an incident, including how to conduct
investigations and potential punishments for offenders.

In June, Palm Beach County prosecutors dismissed a computer-offense
charge against Ryan Duncan, the former student from Palm Beach Gardens
caught breaching the district's network. Officials said he avoided the
prospect of jail time because he did not attempt to crash the system
or change grades. As part of a plea deal, he agreed to produce a video
touting the evils of hacking, pay $2,025 in restitution and write an
apology letter.

While computer security is essential, it's also critical to convince
cheaters they shouldn't cheat in the first place, said Timothy Dodd,
executive director for The Center for Academic Integrity at Duke
University in Durham, N.C.

"A kid with computer skills with a conscience is not going to hack
into a transcript," said Dodd, whose organization helps college and
secondary-school educators stop "academic dishonesty."

Dodd blames society for leading some students to hack away without
fearing the consequences. There are "a terrible set of messages to
students to do whatever it takes to get ahead," he said. "We want to
fashion the mission that behavior with honesty matters."

Still, student computer hackers have been refining their illicit
skills ever since the 1983 film War Games. The problem has intensified
in recent years as teachers and administrators began using online
software to enter student grades and test scores.

"It's a challenge we've dealt with forever," Palm Beach County Schools
Superintendent Art Johnson said.

Copyright © 2006, South Florida Sun-Sentinel



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Mon Mar 27 2006 - 22:39:39 PST