So, a student has been arrested for hacking into a Wake county school to change his grades.
So, #wcpss student who hacked area school actually hacked #pearson‘s Powerschool?
Gee, your child’s data is safe, they said.
— A.P. Dillon – LL1885 (@LadyLiberty1885) February 3, 2016
The system he hacked into was Pearson’s Powerschool. And he did it SEVERAL TIMES.
CARY, N.C. — A Panther Creek High School student was arrested Wednesday in connection with a hack of the school’s computer system last fall, police said.2
Saivamsi Hanumanthu, 17, of Pilot Hill Drive in Morrisville, was charged with felony accessing government computers, felony breaking and entering and misdemeanor accessing government computers. He was released on a unsecured $15,000 bond to the custody of his parents.
Cary police began investigating unauthorized access to Panther Creek High’s computers on Oct. 13 and later determined that the system had been hacked into several times and that student grades had been changed.
Wake County school officials discovered that an email sent from one Panther Creek High teacher to another a few days before the initial hacking contained keystroke-tracking malware, according to a search warrant in the case.
The article goes on to say that Powerschool was hacked into three separate times.
I’ve noted a lot of issues with Powerschool since it was implemented both here and in other states. I’ve also noted issues with other Pearson products. Everything from the system going down to wiping out entire gradebooks, and from delayed report cards to DDOS attacks.
Now we have a high school student getting into it multiple times to change his grades.
But your child’s data is safe, they said…
Small wonder Pearson sold Powerschool last year to Vista Equities. NC went with the very pricey Powerschool because of the established relationship with Pearson, now they’ve sold it off.
As a point of interest, as an elementary parent, three years after Powerschool went live I still don’t have access to it, which is arguably a FERPA violation.
I have a big issue with the data collection and sharing going on in our public education system, I fight for this and many issues *actively*. Yet on this story, I draw from my IT background and must share:
Using keystroke malware is sort of the equivalent of copying someone’s house key that they left in their purse or coat pocket. The system wasn’t “hacked” it was socially engineered, it was infected with malware that wasn’t caught by an effective scanning/monitoring software, and it lacked network security and user authentication systems that WOULD have prevented this.
Unfortunately, as much as I’d like to take PowerSchool down, this story is more of an indictment on our IT departments AND the fundamental problem that our computer systems are VERY vulnerable and we don’t have the money to protect so much valuable information.
Pingback: Keeping Your Child’s Data Safe | Right Wing Granny