Two students from Bloomfield Hills High School are the main suspects of a recent hack discovered at the school this week.
The two broke into the school's MISTAR Student Information System portal where they changed grades, attendance records, and attempted to refund lunch purchases.
The hack came to light after a school employee logged into his account a noticed an error. School officials investigated the issue and discovered the hack.
The two students are said to have used a vulnerability in the school portal to carry out their hack. They tried to disguise their identity by modifying the records for 20 students.
Dire repercussions announced in a YouTube video
But according to a YouTube video posted by Bloomfield Hills High School superintendent Robert Glass, school employees with the help of forensic data experts managed to track down the two culprits.
"As a father myself, my heart aches for the parents of the students who will be learning a very hard lesson," Glass said in the YouTube video.
"The consequences for these young individuals is likely to be severe. Cyber hacking is a federal crime and we're working with the proper authorities to determine the appropriate discipline and legal ramifications," Glass said. "Due to student privacy laws, we're not able to disclose more information but we can assure you that we're working within the full extent of the Student Code of Conduct and the full extent of the law."
The YouTube video was shared on the high school's website, as a warning for other students. The website now also shows a popup with a written message from the school's management.
According to the message, school officials are preparing password resets for parental accounts.
Vulnerability in school system fixed
Bloomfield Hills High School officials said they've also patched the vulnerability students used to get into their MISTAR system.
Officials are also looking into the changes made to attendance records and lunch balances, but their top priority is on the changes made to grades, especially with the semester coming to an end in a few weeks.
Overall, we're seriously impressed with the way the high school's staff handed the hack. They've hired a forensic investigator, set up a dedicated FAQ page, prepared password resets, and got the superintendent to apologize in a YouTube video, à la Equifax. Much better and clearer at communicating the incident's details than many Fortune 500 companies.
Comments
Amigo-A - 3 years ago
Children do not have enough money even for food. School officials should be fined or applied to them a criminal case about corruption in school.
mAL_rEm018 - 3 years ago
I think the situation was handled perfectly. Why do you mention "school officials" corruption?
RuudHanegraaf - 3 years ago
So how does changing their grades help with buying lunch?
"I'll have one BLT sandwich please."
"Okay, one BLT sandwich coming up. That'll be one B- please."
"Oh. I only have a D+ on me."
"Well, then maybe study harder or hack the school system. Next!"
Lunch money, poverty or corruption has nothing to do with this.
pacohope - 3 years ago
Summary: stick to the facts. Opinion and what impresses the authors are not the reasons we come here for the news.
This was a good article until it got to the part about "Overall, we're seriously impressed..." because incident response and threat response is about proportionality and good use of resources. IF this was a fortune 500 company, AND it was attacked by actual criminals, AND this was their response, maybe that would be a good thing. But this was some children who made a bad decision and a school district that sounds like it is being vindictive because it has been so embarrassed. They literally sound like they want to ruin these kids' lives with a federal prosecution that will hamper the kids' ability to ever get a decent job. This is what we call a "teachable moment". This response is not compassionate or educational. Children at that school have now learned how cruel the administrators can be. Hardly a life lesson we want to teach: how to be cruel. Moreover, we all know that schools do not have enough resources to do their jobs well. It is a misuse of those limited resources to prosecute this duo so harshly. School administration money will go to lawyers instead of computers for the kids.
So rather than being "impressed", maybe you should have been "disappointed" that schools can manage this sort of disproportionate response to children when Fortune 500 companies struggle to execute this kind of response in situations where it's called for. Even then, knowing as many Fortune 500 companies as I do, I think you'd struggle to get data backing that up. An awful lot of stuf does NOT hit the news because, in fact, they handle it just fine.
campuscodi - 3 years ago
Chill out internet warrior
NickAu - 3 years ago
Kids will be kids, Boys will be boys.
Federal charges my a**, Why when I was their age the penalty for something like that would have been the cane, maybe some detention and punishment from my parents and of course we were too poor to afford punishment and had to walk to school bare foot in 3 feet of snow.
coxdenis32 - 1 year ago
The school year has just begun, and I have already started getting bad grades. But over the last week, I started using the site https://samplius.com/free-essay-examples/social-media/ which helped me incredibly, and now the scores are getting higher and higher every time. So I advise you not to forget this academic year to use this site that helps students.