Have you noticed a sudden increase in your son’s or daughter’s grades? Do you wonder how they can do so well at school when they seem to spend most of their time playing online games? Well, maybe there’s a simple explanation. You see, there’s a new trend making the rounds among some students these days. It’s a trend that is becoming more popular now that graduation is approaching. This latest trend is hacking the school’s computer network to change grades. Why bother studying if you’re guaranteed to be a top student?
As most students who’ve been caught admit, hacking into the school’s network was surprisingly easy. Sixteen-year-old David Rotaro hacked his school’s network and admitted, “it was like stealing candy from a baby… It was like beginner level.” He claimed it only took five minutes to write the phishing email that began the hack. What he didn’t say was how long it took him to make the fake login page. Rotaro used a time-honored defense: He wanted to point out the school’s cybersecurity vulnerabilities. Sure. And, as is often the case in these stories, his parents had no idea he even possessed such hacking skills.
According to the 2018 Hacker Report, about 46% of hackers (we’re talking white hat hackers here) are below the age of 24. Since 25% of all hackers are students, we can assume that most of those under 24 fall into this category.
According to the report, there are a number of reasons why these hackers hack.
However, students wouldn’t hack a school to make money (13%), so we can eliminate that as a source of motivation. We can also eliminate that they would hack to advance their careers (12%) or do good in the world (10%). No, most would hack to have fun or show off. They may also like the challenge. David Rotoro hacked his school to raise the grades of his friends and lower those of his enemies. The fact that he didn’t change his own grades seems to show that he was trying to gain the praise of his peers.
Hacking to get passwords, alter records, or steal upcoming exams has been on the rise as well. Here are some hacks that have occurred in just the last month.
Bloomfield Hills High School – Students changed grades and attendance records. They also refunded lunch purchases.
W.S. Neal High School – Students changed grades and rankings of students. School cannot determine who the valedictorian is.
Gadsden High School – 55 students were found to have changed the grades of 456 students. They were in the system for at least 3 months.
Oakton High School – All student passwords changed.
University of Georgia – Student takes over a professor’s account and changes his grades.
Florida Virtual School System – All records and passwords of students and teachers hacked.
And here’s the bad news. There are probably many more cases that are yet to be discovered or were discovered but not reported.
A Note to Parents
There are a number of YouTube videos that claim to teach students how to hack their grades. Most are fake. They simply show students how to change the HTML code on the page they are looking at so that the grade appears to have changed. Once refreshed, the original grade reappears. So why use this hack? The answer: to fool parents. If a student’s parents are concerned about a particular grade and ask to see it on the student’s internet grade page, the student can change the grade via HTML manipulation and show the fake grade to their parents. So, if you are confronted with a suspicious grade on your son’s or daughter’s computer, simply refresh the page. If the grade has been tampered with, the original one will magically appear. Busted.
How Such Hacking is Actually Done
David Rotoro probably knew what he was doing. He sent phishing emails to all of the teachers which told them they had to change their passwords. Supposedly, most of these emails were caught by spam filters. However, one teacher opened the email and followed the link to a fake login page. Rotaro must have installed a keylogger or a RAT (Remote Access Trojan) so he could record or watch the login. It only takes one victim because, after that, he had the keys to the kingdom. In other words, he was allowed to freely roam the part of the grade site that was only accessible to teachers. Alternatively, he could have taken over the teacher’s email and sent more believable phishing emails to other teachers, thereby compromising them. Why was he caught? He made an amateur mistake and did not hide his IP addresses. They were easily traced back to him. As one student disturbingly commented, “so the kid wasn’t smart enough to at least use a VPN? I change grades all the time but I’m smart about it.”
But how did he manage to get the hacking tools necessary to pull this off? That’s pretty simple. You can get them online for free. The DarkComet RAT, for example, has been around for years. It can perform many malicious actions, such as turn on a victim’s microphone and webcam. It also comes with a keylogger to capture passwords and credit card information. It is readily available for download and even has its own legitimate website. How is this possible? Because it is advertised as a remote access tool. In other words, you could use it to access your home computer remotely. Sure, it has malicious potential but… Free keyloggers are also widely available. They are legitimately used by parents to monitor their child’s online behavior or by employers wanting to keep an eye on employees.
So, all of the tools for hacking grades are just waiting to be used by enterprising students. I’ve been monitoring discussions on this topic on some forum sites and was surprised at how many people confessed to hacking their schools. Some methods were quite complex but others were surprisingly simple, like installing a keylogger on the teacher’s computer from a flash drive when the teacher left the room.
Though many of the exploits used are relatively simple, there are some that are too complex for most students. Fortunately, for the aspiring grade hacker, there are step by step online instructions on how to hack into a school’s server and, in this particular example, steal the final exam.
As the hacking instructor writes, “so for today, we’ll look at how to break into your school’s server to download the final exam file with the answers onto your computer. Just think of the benefits to your academic record, your Call of Duty skills, and your popularity when you show up at school with the final exams days ahead of the finals!” Yeah, that about sums it up. Of course, this all comes with a disclaimer, “this is for demonstration/entertainment purposes only. Please do not break into your school’s server and steal exams as it’s illegal and very likely will get you kicked out of school.” And he then gives the details of the hacking. Of course, you shouldn’t actually do this hack, but if you do, he advises you not to make your grade too high because that would look suspicious. Interestingly, this type of hack may escape all detection and has likely been performed with the school never learning a thing about it.
This exam-stealing exploit, as well as any grade-changing exploit, could easily be monetized. How much would a failing student pay to get a passing grade? My guess is quite a lot. How much would a student with a gaming addiction pay to get a final exam in advance and give themselves more gaming time?
The good news is that most students are not as computer savvy as the adult world thinks they are. Only a small percentage of students would actually know how to perform a hack of their school’s network. Fewer still would want to take that risk. However, the demand for getting grades changed or getting advanced copies of exams probably exists. There is an opportunity here for the enterprising student and they may be beginning to take advantage of it.