A young Bill Gates once drew the attention of girls in his class by hacking. He is now the richest person in the world, a philanthropist and also one of the most respected international industry leaders. Julian Assange and Edward Snowden, regardless of their motives or political alliances, have throngs of supporters of their cyber skills. Indeed, high school hacking into school networks or teacher's private accounts seem to be a rite of passage for budding tech-heads and programmers.
And recently, Jarryd Hayne was left red-faced after such a 'harmless prank'. The rugby league player for the Gold Coast Titans was making a presentation on online security when pornography appeared on the screen apparently by one of the students in the crowd. The punchline? His presentation was sponsored by internet security firm, Norton.
But beyond the pranks and the jokes and what may seem like harmless fun, lies a dangerous pattern of escalating attacks on schools. Over the last year, there have been numerous arrests worldwide for cyber security breaches in schools. The hackers? Students. Students who feel somehow invincible and anonymous behind their screens and who have undertaken audacious hacks, including sourcing private information stored by schools, are even altering examination results or final grades.
A hacker does not look or appear in a certain way. He or she can come from any socio-economic, cultural, racial or religious background. Teachers may be aware of students who spend a significant amount of time online or seem to have a proclivity for computers but many students who are technologically advanced choose to use their abilities for good not harm. The only trait that all hackers seem to share is that they are willing to manipulate computer systems, often in breach of the law.
In September this year, two teenage students from Chino Hills in the United States were arrested for allegedly hacking their school's system. According to an article on CBS Local, the pair attempted to change their grades as well as attacking data for other purposes. The investigation is ongoing and will be forwarded to the Juvenile Division of the District Attorney's office. In an unrelated American incident in Panther Creek, another teenager was charged with two felonies for hacking – accessing government computers and breaking and entering. If convicted, he could face more than four years in prison. Hacks of these kinds are also found in universities, with one Kennesaw State University student arrested for illegally accessing a school network. He did so to change grades, but also, alarmingly, to access the medical, employment and financial records of 36 professors at the University.
The penalties for breaching a school's system can be severe and can include jail time if it amounts to a criminal offence. If students are involved in hacking a more senior government agency, as one man has discovered, the penalties can be very severe and far reaching. Lauri Love, an English-Finish former student of Glasgow University has been charged with a list of cybercrime-related felonies in the United States. He hacked the US Army, Military Defense Agency and NASA among other agencies. American officials are seeking extradition for Love who has Asperger's Syndrome. A conviction for all charges would result in a 99-year sentence.
Students involved in hacking could be charged with 'unauthorised access to, or modification of, restricted data', or 'unauthorised impairment of electronic communication.' These offences were introduced to the Criminal Code by the Cybercrime Act 2001 (Cth). The first penalty results in a maximum of two years imprisonment, the second has a maximum term of ten years. There are an array of other cyberhacking offences that could apply to hacking conduct. And, as we have seen, associated offences such as breaking and entering can also apply where school facilities have been entered unlawfully.
With the end of year examinations and school report marks nearly here, now is the time to be vigilant about your school's cyber security. There are two very clear ways of increasing the protection of your systems:
1: Ensure your systems are secure and that teachers and other staff, volunteers and guests are provided with guidance on how to protect their data from attack.
2: Educate students on the privacy expectations regarding online usage. This lesson is important for a school context and to protect your own information but it will also protect students from incriminating themselves outside of school.
There are sites set up specifically for budding student hackers and sites that assist schools to deal with student hackers. There are even books available for schools that provide tips to help avoid hacking and/or to educate children regarding the issues associated with hacking. A quick Google search reveals dozens of easily accessible websites, blog sites, on-line documents and books available for students and schools.
Schools need to realise that many budding student hackers often know more about computer technology than many teachers and parents. Student hackers, as we have already noted, develop a sense of anonymity and impunity from the law, especially if their minor forays into hacking go unnoticed. It is imperative that schools have clear policies and procedures regarding the use of and access to their IT and online environments. It is also essential for parents and students to know, understand and accept that there are serious penalties that may apply to students who attempt to hack into or manipulate school IT systems and that these penalties involve more than just school sanctions. They may involve the Police.
Refer to our article Privacy Update: compulsory data breach notifications to be introduced for more information on the privacy laws applying to a potential misuse of personal information due to a hacking incident.