Cross-posted at the K-12 Cybersecurity Resource Center: https://k12cybersecure.com.

This article is based on the story originally reported on September 11, 2018 by the K-12 Cybersecurity Resource Center: “Like Moths to a Flame.”


As quoted in:

Chambers, Jennifer. “Student hacker shows holes in K-12 cybersecurity.” 3 October 2018. The Detroit News.

Student hacking incidents like the one in Rochester Hills highlight weak K-12 cybersecurity systems, according to Doug Levin, founder of the K-12 Cybersecurity Resource Center.

With the access the Rochester students had, Levin said the teens could have caused irreparable damage to the district’s systems.

“He and his friend could have deleted all the data on the school servers, infected it with malware. Taken data out and dumped it. They could have taken data and sold it. Changed their grades. Sent spoof emails from [the] superintendent and staff,” Levin said. “In many respects, these kids were quite restrained in what they did, given the access the district left open.”

Levin has documented seven incidents in Michigan [since 2016], including the breaches in Rochester Hills and…[Bloomington] Hills.

These…incidents are fairly common,” Levin said. “They do represent a threat to the private information of students, teachers and staff who’ve had ID stolen. Districts have been defrauded. Schools have [been] taken over [by] ransomware and had to pay ransom.”