back to article Shock revelation as massive American presidential election hack confirmed

A student government election in California has taken a bizarre turn after one of the candidates admitted to hacking fellow students in an effort to fix results. According to local news site Berkeleyside, the unnamed student at Berkeley High School took advantage of weak passwords and default credentials to get into the email …

  1. Anonymous Coward
    Anonymous Coward

    I clicked the Bait

    Seriously though, Google apps for Education takes many of the same loose security and privacy practices and applies them to small children.

    Also the account management tools are a joke(Bulk updates? HAH type them in one by one or use an API, not much in between).

    Think of the children!

  2. Bill Gray

    LBJ would be proud

    "...unusual voting patterns ...The votes were being cast by students alphabetically, at odd hours, and all at once."

    In 1948 (I think), Lyndon Johnson lost his run for the US Senate in Texas by a whisker. A few days later, a box of ballots turned up in a small town. Oddly, all the ballots were for LBJ. And everybody who signed in to vote did so in alphabetical order. And with the same handwriting.

    Maybe this kid read Robert Caro's biography of Lyndon Johnson?

    1. Mark 85 Silver badge

      Re: LBJ would be proud

      In Chicago, you don't need to go that trouble as apparently the dead at times in the past, rose up from their graves on election day to cast their votes.

      1. Quinch

        Re: LBJ would be proud

        Well, considering how much politicians summon the silent majority, it shouldn't be surprising they'd rise up.

        http://smbc-comics.com/index.php?id=3812

      2. davenewman

        Re: LBJ would be proud

        As satirised on TV in an episode of Give My Head Peace, where Uncle Andy and Cal were taking the names of dead people from gravestones until the dead rose for their graves and chased them out to the sounds of Michael Jackson's Thriller.

      3. Swarthy Silver badge

        Re: LBJ would be proud

        "Vote Early and Often for the candidate of your choice!"

  3. Dan 55 Silver badge

    Don't even need 2FA to make it more secure

    While Google for Education does allow for two-factor authentication, the option must be enabled by an administrator, and while most kids these days have smartphones, getting multi-factor set up for an entire school district (Berkeley High School alone has 3,000 students) may not be practical.

    The question is can you set up an option to force a password change on first login? If you can there's something wrong at Berkeley Unified School District (apart from the initial too easily-guessable password), and if you can't there's something wrong with Google for Education.

    1. Waseem Alkurdi Silver badge

      Re: Don't even need 2FA to make it more secure

      Exactly. But suppose that option isn't available ... the password should've been "Berkeley_ae8fye78fyr" instead of "Berkeley_2142".

      Pseudorandom strings aren't hard to generate.

      1. Bill Gray

        Re: Don't even need 2FA to make it more secure

        "...Pseudorandom [passwords] aren't hard to generate."

        I hadn't even thought about this problem until you mentioned it. But it would make sense to me to assign _random_ passwords, provide them to the students, then do the usual storage of salted, hashed passwords... there are, I'm sure, "best practices" for default passwords.

        The system used does let you conveniently tell everybody : "your password is Berkeley_, followed by your student ID." Most people are willing to give up security for a little convenience, and will soon have neither.

    2. Anonymous Coward
      Anonymous Coward

      Re: Don't even need 2FA to make it more secure

      <quote>The question is can you set up an option to force a password change on first login? If you can there's something wrong at Berkeley Unified School District</quote>

      That just means that mumblehundred students never touched the system at all even though it's mandatory. Working in higher ed IT, I find that entirely plausible.

    3. jelabarre59 Silver badge

      Re: Don't even need 2FA to make it more secure

      They may *think* all kids are carrying smartphones around full-time, but I can tell you my daughter isn't one of them. We *do* have a cheap TracFone for her to use for those specific occasions where she may need it, but the rest of the time it stays HOME.

      1. Mike 16 Silver badge

        Re: Don't even need 2FA to make it more secure

        That works well, until the district decrees that the _only_ way to get homework assignments, required reading, and scheduled exams (not to mention the only way to turn in homework) is "The Portal", managed, as with corporate equivalents, to provide maximum annoyance and ridicule for the masses, and endless fun (and kickbacks) for the administration.

        Soon, not having your child's every thought sent to a privately run (but government mandated) data center for pre-crime analysis and ad targeting will be deemed child abuse.

  4. chuckufarley

    The Internet ate my homework...

    ...and all I got was this lousy job digging ditches and a password reset!

  5. Marketing Hack Silver badge
    Devil

    Was the offending student Russian??

    Damned Russkies! The next thing you know they will be surreptitiously changing the theme of this year's prom!!

    1. Anonymous Coward
      Anonymous Coward

      Re: Was the offending student Russian??

      But everyone like Cossack theme!

  6. TG_RED

    Sounds like two new operatives for Bernie Sanders' campaign...

  7. NozeDive

    What's a Millennial...

    https://www.pewresearch.org/fact-tank/2019/01/17/where-millennials-end-and-generation-z-begins/

    Millennials are aged 23-38, so perhaps the article was referring to the staff/faculty at the school.

    Generation Z is aged 7-22

    1. Marketing Hack Silver badge

      Re: What's a Millennial...

      Well, a 23 year-old high school student would go a long way towards explaining why the brute force password hack worked so well...

    2. Anonymous Coward
      Anonymous Coward

      Re: What's a Millennial...

      Millennials are aged 23-38

      So a Millennial could be born in 1981? I think you're in Gen Y territory there. The clue is in the name.

      1. doublelayer Silver badge

        Re: What's a Millennial...

        The definition is supposed to be people who came of age around 2000, meaning the people in their 20s and 30s now. But people really like having categories that have no reason to exist and are completely arbitrary, hence names of generations that have to cover every year.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019