UK's Data Watchdog Warns Students Are Breaching Their Schools' IT Systems (bbc.com)
- Reference: 0179248006
- News link: https://news.slashdot.org/story/25/09/15/0150246/uks-data-watchdog-warns-students-are-breaching-their-schools-it-systems
- Source link: https://www.bbc.com/news/articles/c203pedz58go
> Since 2022, the the Information Commissioner's Office (ICO) has investigated 215 hacks and breaches originating from inside education settings and says 57% were carried out by children. Other breaches are thought to come from staff, third party IT suppliers and other organisations with access. According to the new data, almost a third of the breaches involved students illegally logging into staff computer systems by guessing passwords or stealing details from teachers.
>
> In one incident, a seven-year-old was involved in a data breach and subsequently referred to the National Crime Agency's Cyber Choices programme to help them understand the seriousness of their actions... In another incident three Year 11 students aged 15 or 16 unlawfully accessed school databases containing the personal information of more than 1,400 students. The pupils used hacking tools downloaded from the internet to break passwords and security protocols. When questioned, they said they were interested in cyber security and wanted to test their skills and knowledge. Another example the ICO gave is of a student illegally logging into their college's databases with a teachers' details to change or delete personal information belonging to more than 9,000 staff, students and applicants. The system stored personal information such as name and home address, school records, health data, safeguarding and pastoral logs and emergency contacts.
>
> Schools are facing an increasing number of cyber attacks, with 44% of schools reporting an attack or breach in the last year according the government's most recent Cyber Security Breaches Survey.
"Youth cyber crime culture is a growing threat linked to English-speaking teen gangs," the article argues, noting breaches at major companies to suggest it's a kind of "gateway" crime.
The ICO's principal cyber specialist tells the BBC that "What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure."
[1] https://www.bbc.com/news/articles/c203pedz58go
More recycling (Score:2)
If you have ever heard the sound of a modem with an acoustic coupler, raise your hand. Whoooo... were they ever slow.
In my freshman year at university of waterloo, there was a rumour that if you could hack into the compsci system, you could get a summer job.
Haha, does that sound precious now, or what?
Re: (Score:2)
BSD 2.8 (or 9 or 10) had a security hole where it was possible to read the tty input queue from memory. With a suitable program and enough time you could watch as a computer center staff member typed in the root password. From there it was just a matter of covering your tracks in the log files.
This is as old as computers and modem (Score:2)
I did it as a teenager and I'm close to retirement.
There's even a [1]movie about it [wikipedia.org] from that time period.
[1] https://en.wikipedia.org/wiki/WarGames
Is this 1983? (Score:2)
Sounds like the script from the classic War Games movie from 1983.
Teenage gangs and gateway crime? (Score:2)
Was there any example of a gang even mentioned? No. Crime? It is as much crime as crawling over a fence to get some apples. No need to overblow it out of proportions. What needs to be done instead - proper, basic security measures. Main one - proper password handling by teachers, who shoud be at least at basic IT level. Secondly proper IT staff and software, not something that can be hacked with a screwdriver or Notepad. Children will play, just like pups will dig and bite until they grow up and understand.
Crappy IT security creates opportunity (Score:2)
And as long as too many "decision makers" get away with bad IT security decisions, this will only get worse. With some LLM assistance (via an easy jail-break), even semi-skilled people can hack badly secured IT installations. This is not a surprise in any way. It is just one more effect of the race to the bottom that IT and IT security is taking, lead by cretins like Microsoft.
Re: (Score:2)
The solution is obvious.
We need to create a vibe coding program and mandate that all code be secured with AI. Repeating "Make it secure" multiple times in the Rules file will make it so.
Re: (Score:2)
I want to hire you as prompt engineer! - Sorry I meant [1]types-question guy [youtu.be].
[1] https://youtu.be/20TAkcy3aBY?t=583