Student Hacker Breaks into PA District Network and Steals Data

• By Dian Schaffhauser
• 05/28/08

##AUTHORSPLIT##<--->

A Pennsylvania school district will be hosting a community-wide "cyber information session" in the wake of an early May computer breakin. On May 9, a student hacked into the Downingtown Area School District network from a classroom computer and copied files that included dated personal information and Social Security numbers of school employees and community members, according to a letter to the district community. The student then "bragged" about having the information to several other students and shared the data with one other student.

The district stated that it believed the conduct of the student, a 15-year-old ninth grader, was motivated by "an irresponsible interest in determining whether [he or she] could infiltrate the network and circumvent the safeguards. The District does not believe that the purpose of the breach was identity theft or to use any information acquired."

Both students who had access to the data have had their home computers and a flash drive confiscated for examination by the county's computer crime unit. The student who performed the original break-in has also been charged with three felony counts and one misdemeanor.

In the meantime, the district has set up a blog to communicate progress and news about the case. According to that blog, the superintendent of the district has authorized several security enhancements:

• The district's central office server will be segregated from the network to ensure that students have access only to student servers.
• All permissions will be removed from the district's central office server.
• Authorization to access the staff and community files will be limited.
• All generic login permissions will be eliminated. Generic permissions were often used by community members attending district workshops.
• A full-time network security specialist has been assigned to oversee file privileges.
• The process of logging incidents, and response to those incidents, is being reviewed and updated.
• More frequent and intensified security audits of the network and files will be implemented.

Also, the district will host a cyber safety presentation featuring a security expert, a Secret Service agent and a county detective to provide information about computer-related security concerns.

Get daily news from THE Journal's RSS News Feed

---

About the author: Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at [email protected].

Proposals for articles and tips for news stories, as well as questions and comments about this publication, should be submitted to David Nagel, executive editor, at [email protected].