4chan students hack district schools; Changed grades and $9,000 meals

4chan students hack district schools; Changed grades and $9,000 meals

Summary: 4chan hackers accessed a New Jersey school district's student data system, and changed grades and meal prices to $9,000, all in aid of a good laugh.

SHARE:
TOPICS: Security
30

Students managed to gain access to their school data system and change their grades, after the username and password of the school data system was published on 4chan.

The username "admin" along with the password, now changed, "poopnugget", allowed students to access the data system in the New Jersey school district to change their grades and other district wide settings.

One user took advantage by changing the school lunch prices to $9,000 and another changed the grading system so it only took 1 credit to graduate.

One of the hackers also accessed the emergency notification system, designed to send out text messages to students, staff and parents.

It didn't take long before what is presumed someone with a moral conscience contacted the school or changed the password to prevent any further harm.

But with dozens of schools connected to the same system, havoc could have easily been wreaked across the entire district.

It wouldn't surprise me to find the day after being classified as a 'snow day'.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

30 comments
Log in or register to join the discussion
  • RE: 4chan students hack district schools; Changed grades and $9,000 meals

    I wouldn't call this "hacking". Depending on how the credentials were obtained, it could be social engineering, but there was no skill required to pull this off.
    Real World
    • RE: 4chan students hack district schools; Changed grades and $9,000 meals

      @Real World Hacking is the unauthorised access of a computer system. Hacking is hacking.
      zwhittaker
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @zwhittaker By your definition, sitting down at someone's computer with their facebook logged in is hacking their facebook.
        Aerowind
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @Aerowind I'd say so.
        zwhittaker
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @zwhittaker 'Hacking' is a term for those revered for their good deeds in being technically computer saavy and ethical in their adept application to solve real-world problems. CRIMINALS act without authorization in their access, theft and maliciousness on OUR computers and/or OUR data.
        Joe_Wulf@...
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @zwhittaker
        That's just sad. That term has been watered down to be almost meaningless if that is the case.
        Real World
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @zwhittaker

        http://www.wisegeek.com/what-is-computer-hacking.htm

        According the the Geek.com technical dictionary:

        "Cracker - This is the common term used to describe a malicious hacker. Crackers get into all kinds of mischief, including breaking or "cracking" copy protection on software programs, breaking into systems and causing harm, changing data, or stealing. Hackers regard crackers as a less educated group of individuals that cannot truly create their own work, and simply steal other people's work to cause mischief, or for personal gain."

        "Hacker - This is someone that seeks to understand computer, phone or other systems strictly for the satisfaction of having that knowledge. Hackers wonder how things work, and have an incredible curiosity. Hackers will sometimes do questionable legal things, such as breaking into systems, but they generally will not cause harm once they break in. Contrast a hacker to the term cracker."


        A hacker is a person who is proficient with computers and/or programming to an elite level where they know all of the in's and out's of a system. There is NO illegality involved with being a hacker.

        A cracker is a hacker who uses their proficiency for personal gains outside of the law. EX: stealing data, changing bank accounts, distributing viruses etc.

        What the hacker does with their knowledge of systems within the definition of the law is what defines them as a hacker vs a cracker. It's then safe to say that all crackers are hackers, but not all hackers are crackers. This is an important distinction.

        The term cracker and hacker are used interchangeably (albeit incorrectly) largely due to the ignorance of the general populace, especially the media.


        Note: There are comments associated with this question. See the discussion page to add to the conversation
        tom@...
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @zwhittaker oh never mind
        2WiReD
    • RE: 4chan students hack district schools; Changed grades and $9,000 meals

      @Real World,
      Gaining knowledge of a password by social engineering and then accessing the computer would be hacking. Gaining knowledge of a password by having that first person (who did the social engineering) give it to you is NOT hacking. Social Engineering is one of the aspects of hacking.
      dfreeman@...
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @dfreeman@...
        Agreed
        Real World
    • RE: 4chan students hack district schools; Changed grades and $9,000 meals

      @Real World
      Remember this person changed the password from something else to poopnugget so I think this is a hack. Who hacked it is the question now.
      These 3rd party school automation systems appear to be not that secure since this not the only hack that has occurred on these systems.
      phatkat
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @phatkat Where in here does it say the password was changed?
        Aerowind
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @phatkat
        And that's what I'm saying. If I leave my password on a post-it, you log in as me, do something, then change my password, you're a hacker? It just doesn't seem right to classify someone who does that with the same people who discover and exploit SQL injections, buffer overflows, etc.
        Real World
    • RE: 4chan students hack district schools; Changed grades and $9,000 meals

      @Real World The kids at 4chan didnt exploit anything. They were given the login.
      Jimster480
  • RE: 4chan students hack district schools; Changed grades and $9,000 meals

    Well meaning but curious adults will "poke around" in computer networks given the chance, so I don't find it at all surprising that kids with such access would get into a little mischief or worse. I'm constantly amazed at the failure of school districts and similarly appealing targets to implement simple 2-factor authentication and one-time passwords. It seems like a lot of these bureaucracies rely on a lower level of security than a typical mom-and-pop insurance or real estate office.
    1DaveN
    • Nice...

      @DaveN_MVP Go right ahead...now blame it on the school system. I guess, these students responsible kids were just trying to show school district a lesson?!!!
      Nsaf
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @Nsaf

        I don't care who you blame it on - I'm not trying to justify anyone's behavior, just that it's the school district who end up living with the consequences. You've got locks on your doors, right? What about the fact that people simply shouldn't rob you? Why put effort into protecting yourself from someone else's behavior, when they should just be well behaved to begin with?

        I can't control the behavior of criminals or naughty children. What I can do is evaluate and mitigate the risks I'm exposed to from those individuals. And when I have an opportunity to lessen a risk, and I choose not to, being able to blame the bad guy is a lot less comfort than never having had the problem to begin with.
        1DaveN
    • Funding... or lack there of.

      @DaveN_MVP With public dollars on the line, I've often heard of schools getting budget cuts, or squeezes on their budgets...

      ...There's not a lot of room to buy a fancy security system, or do all the training for a paradyme shift...

      Oh, and remember... the bureaucrats have to obey the demands of the political masters, who generally are not aware of security implications.
      shryko
    • RE: 4chan students hack district schools; Changed grades and $9,000 meals

      @DaveN_MVP ... Yeah, the kids did nothing wrong because the school had the data on a computer, right? Their malicious actions are OK and fine with you? The victim is always responsible, right? I don't THINK so!
      tom@...
      • RE: 4chan students hack district schools; Changed grades and $9,000 meals

        @tom@...

        Tom, can you point out where I said I approved of their actions? I apologize for not making my point with sufficient clarity for you to understand it, but your moral indignation is not going to clean up the giant mess on the school's network. All I'm trying to say is that if the network had been better protected, they would have avoided this whole thing.

        Some people are in charge of security, and others are in charge of mayhem. The weaker the security, the better the opportunity for mayhem. Criminals commit crimes, and you and I are ill equipped to change that - hence the need to protect ourselves against it with, among other things, security devices.

        I'm sure the people whose network is hosed are very comforted to know that you don't approve of those who did it. And when it happens again, they'll be good and mad that the bad guys didn't listen better and learn their lesson.
        1DaveN