For the future.
It appears that this is a great career day exercise. These students are future NSA employee's. The fact that they got caught simply means that more training is needed, perhaps college?
A group of students have been kicked out of a California high school over charges that they hacked teachers' computers in order to change their grades. The Newport-Mesa Unified School District said that it had voted to expel 11 students in connection with charges of grade tampering and unauthorized access to teachers' …
If you cheat in a exam and get caught then expect to be failed. These students tried to cheat in all their exams and were caught. They were lucky in that the school system is just forced to just pass them on to another school. They won't find things so easy when they are in the real world and get fired from a job if they do the same,
Frankly, before we get to the students, this reads as a litany of failures of the school IT supplier.
They failed to do stuff that is being done as standard practice even in the relatively underfunded British state education system. For crying out loud, even primary schools around these parts can keep the teacher's system's fully separated from student's ones. In fact, I beleive doing so is a contractual requirement to the IT suppliers.
Ahhh, school day hacking. I started out on networked BBC micros with shared network storage. Our disk quotas were pitiful, 32kb is not enough for a young boy so I would regularly take part in a two man scam.
The decoy heads to the technicians room, ensures he is logged in to his terminal and then distracts the technician for 5 minutes with non computer talk. The accomplice heads back to the main lab, and POKEs the network address of his beeb to that of the technicians - et voila, instant privilege escalation (things were a lot easier back then). Quota upgrades all round, only got busted when we had sold 20MB of space on a 10MB disk,,,
The beebs didn't last that long, soon we were on to PCs, with some ghastly RM rebranded netware network. The security on this was abysmal, type in a valid username in to the login box, hit enter and then hammer "escape" repeatedly - half the time it logged in. I quickly trained users in this, and how to log in to a particularly non PC literate teachers account, where we stored all the games. Anyone came towards the room, everyone hits alt+tab..
Eventually the games became too much, they glued up the floppy drives and reformatted everything - well, or so they thought. Fortunately, one of my disciples had the foresight to back everything up to the print server, games were restored within hours. We eventually got around the floppy drives by quickly dismantling one PC during lunch, and detaching the FDD cable and power and looping them to the back of the case, where we removed a PCI shield. We could then covertly hook up a FDD externally as and when we needed.
If I was a kid today, I'd probably be in jail by now...
I think my first foray in darker parts of the forest was coding a network monitor in 6502 machine code on the Beeb to sniff for "*I AM" login strings and display the username+password for everyone on the network. Very easy to give anyone superuser privileges when you know the administrators logins, Worked a treat until CCHD twigged and the Econet was tweaked to encode them rather than transmit in plaintext.
If a guy can get a personal visit from a bunch of DHS flunkies simply for wearing a Glass in a cinema complex, imagine what these kids would have had to endure for the actual misuse of computers had the teachers called the FBI instead of the cops.
America. Land of the Free (to be intimidated by the authorities), Home of the Brave(ly ignoring constitional infringements because terrorists).
When I were a lad...... the only way to cheat on an exam was to either sneak into the teachers staff room and steal the used Roneo master copy from a bin OR ask an older sibling for their old test results as certain teachers at my school rarely changed the tests from year to year.
* We called them Roneos, exactly what they were I have no idea.
I'm quite surprised that nobody here has offered any technical solutions for this grade changing problem. If I was a teacher I would keep a paper record. You enter the marks into the computer system, then immediately print out the marks. You might even have another staff member sign off as a witness to those records to cover your behind. Take those records home for safe keeping. Then, at the end of the term, or whenever the marks are officially released, mind you, after they become public, not before, you check them against your paper records. If any marks don't match up you have irrefutable evidence that tampering has occurred in the interim, and all it has taken you is the time to print the records and the time to check them. With the proliferation of computer hacks and break-ins by students, I consider it sheer carelessness and/or laziness that teachers don't keep a hard copy to check against computer records. Even the most computer illiterate teacher should be capable of that. Are teachers really that naive to the ways available to students to cheat? Maybe somebody should establish an extended learning course for teachers to make them aware of all the new ways (and old). We already have sites to check for plagiarism. What's the point of issueing marks if it's so easy to game the system? We might as well just give them all a pass and push them on through, like some some people claim we are doing anyway. Frankly I'm not surprised that so many American firms are top heavy with East Indians. They had to work to get where they are. America, we need to try harder. Sorry.
And before you all flame the hell out of me, I know the cheaters are a small minority and some of them are even teachers, but there are still too many. And while this is not exactly undermining the whole system, it is certainly not improving the system, and we we all know how desperately it needs fixing if we don't want the rest of the world to leave us in their dust.
well it wasnt made clear exactly what security was in place or what they did to get round it , apart from some key logging, so we cant really suggest anything
I think your paper solution , whilst probably effective is a bit yesterday (to say the least) and will generate hundreds of hours of extra work . and paper.
And it only solves one issue - it wont secure test papers or the schools bank details.
I fully agree with your final statement; it does address only one issue, but I must strongly dispute your time and paper claim. Since you already have to enter the marks into the computer anyway, how much more time does it take to hit the print button? As for the amount of paper, depending on the number of students per class, (we're talking high school here, not university with hundreds per), I'm sure one classes' marks would fit on one, or a maximum of two sheets of paper. Multiply that by the number of classes a teacher has and you still only generate a folder's worth of papers. The only additional time required is that needed to check the marks posted. Any teacher that can't be arsed to do that just affirms my judgement of their laziness, harsh though that judgement might be. Sorry.
The printed record idea is good and can be made to work without much work too. Print all the marks densely on paper along with a calculated checksum. At a later stage, simply recalculate the checksum based on the current stored results and compare with the original. If it does not match, then you can start comparing results, but otherwise ignore. The checksum can be a represented as a bar code or QR code, so you don't even need to type/compare it longhand.
Teachers rank behind only doctors in their aversion to computer knowledge, at least here in the US.
I have yet to see an American teacher or doctor willing to learn the slightest bit about those "devil machines" and they will fight it harder than you'd believe.
As I warned one school about their inadequate security setup: "When the students hack into this system, if you're very lucky all they'll do is change their grades" - for which I was sacked as a consultant. Six months later, what I'd predicted happened, with the result that a bunch of confidential data was leaked.
Biting the hand that feeds IT © 1998–2019