http://www.sun-sentinel.com/news/local/palmbeach/sfl-pgrades27mar27,0,2175689.story?coll=sfla-news-palm By Marc Freeman South Florida Sun-Sentinel Education Writer March 27 2006 Despite numerous measures to protect its computer network and prevent hacking, Palm Beach County schools appear to be a victim again. A recent breach under police investigation -- possible grade changing by several students -- adds to a growing number of attacks on seemingly defenseless schools and colleges across Florida and the country. The sobering reaction among national experts and educators: Students and employees who want to cheat or attack computer networks are likely to be successful, regardless of high-tech security features and repeated warnings to abide by the rules. "It's going to happen more," warns Greg Lindner, director of technology for the 60,000-student Elk Grove Unified School District, near Sacramento, Calif. During the past two years, Elk Grove high school students hacked into computers in three incidents, stealing personal information and changing grades of three-dozen other students. The violators used illegal hacking software and keystroke-recording devices. "It captures [user] log-ins, their passwords, everything," Lindner said, who hopes recent network enhancements are more effective at blocking would-be hackers. Palm Beach County School District administrators declined to discuss details about their ongoing inquiry, but last week, in response to a request under the state open-records law, released confidential reports outlining their computer-security programs and procedures. "We don't go out and publicize what we do and what we don't do for obvious reasons," said Linda Mainord, district chief technology officer. "We are trying to use best practices as associated with a large computer installation." In April, administrators produced a plan outlining investigative and other security procedures to use after an incident. The blueprint followed the case of a high school student from Palm Beach Gardens who hacked into the district's computer systems in December 2003 and January 2004. Besides the incident-response guide, the district's Information Technology department oversees 19 ongoing computer-security projects, aimed at preventing attacks, documents show. In another proactive measure, the district requires all of its computer users to sign a form promising to avoid improper activity. In the schools, character-building lessons and behavior programs are aimed at preventing abuses, which helps curtail cheating and possibly computer hacking, district spokesman Nat Harrington said. "Everybody knows what the expectations are," he said. "Everybody knows what the consequences are. That has cut down on a lot of incidents." The district's measures to prevent computer crimes appear to follow strict guidelines recommended by the International Society for Technology in Education, a Washington, D.C., nonprofit organization that advocates expanding technology in schools. Leslie Conery, the group's deputy chief executive officer, said school systems must develop and promote policies regulating the acceptable use of computers. Second, the schools need to have an action plan for what steps to take after an incident, including how to conduct investigations and potential punishments for offenders. In June, Palm Beach County prosecutors dismissed a computer-offense charge against Ryan Duncan, the former student from Palm Beach Gardens caught breaching the district's network. Officials said he avoided the prospect of jail time because he did not attempt to crash the system or change grades. As part of a plea deal, he agreed to produce a video touting the evils of hacking, pay $2,025 in restitution and write an apology letter. While computer security is essential, it's also critical to convince cheaters they shouldn't cheat in the first place, said Timothy Dodd, executive director for The Center for Academic Integrity at Duke University in Durham, N.C. "A kid with computer skills with a conscience is not going to hack into a transcript," said Dodd, whose organization helps college and secondary-school educators stop "academic dishonesty." Dodd blames society for leading some students to hack away without fearing the consequences. There are "a terrible set of messages to students to do whatever it takes to get ahead," he said. "We want to fashion the mission that behavior with honesty matters." Still, student computer hackers have been refining their illicit skills ever since the 1983 film War Games. The problem has intensified in recent years as teachers and administrators began using online software to enter student grades and test scores. "It's a challenge we've dealt with forever," Palm Beach County Schools Superintendent Art Johnson said. Copyright © 2006, South Florida Sun-Sentinel _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Mar 27 2006 - 22:39:39 PST