Sunday, Mar. 27, 2005
Teenage hackers wreak havoc
By LEE WILLIAMS
Starrs Mill High School officials were left in a lurch after two students hacked into the schools computer network March 18 and caused problems with the schools e-mail server and a Web site called MyGradeBook.com.
Fayette County Board of Education spokeswoman Melinda Berry-Dreisbach confirmed the incident Friday.
The hackers disrupted connection to the schools e-mail server and MyGradeBook.com, which is an electronic grade book. The Web site also is used to track attendance.
The Citizen learned about the incident through a source who asked that no names be used.
According to the source, an 18-year-old student had set up a proxy server at his home so he could access his computer from school.
During a computer networking class, the source said, the hacker shut down at least five school computers, including Starrs Mills e-mail server.
The disruption prevented some teachers from getting notification of an impending afternoon fire drill, the source said.
Criminal charges were avoided by the hacker, the source said, when the student agreed to detail to school officials what he did and how.
The hacker was given three days of out-of-school suspension and lost his position as a student technical aid, the source said.
The school system refused to go into details about the incident, except to say in response to a reporters e-mailed questions, The school has handled the situation appropriately in accordance with the countys policies.
Berry-Dreisbach would not say what, if any, disciplinary measures were taken regarding the students.
The federal Family Educational Rights and Privacy Act of 1974 or FERPA prohibits school officials from discussing disciplinary actions taken against students with anyone except for a students parent or legal guardian.
However, according to the boards Code of Conduct policy, a student who deletes, obstructs, interrupts, alters or damages the computer network in any way causing the malfunction of a computer network, programs or data without permission could be suspended or expelled.
Berry-Dreisbach indicated the school did not have to spend money to correct the problem.
The expenditures to fix the problem were in personnel time only, Berry-Dreisbach said.
To date, no arrests have been made in the case.
When contacted Wednesday night for comment, School Board Vice Chairman Lee Wright said he was not familiar with the facts of the situation.
Starrs Mill High School Assistant School Principal John Boucell said everything is back to normal at the school.
We are doing some upgrades and updates to make sure this doesnt happen again, Boucell said. He was not able to compromise any confidential information on the MyGradeBook.com Web site, grades or attendance.
Lee Bailey, the county network administrator for the Fayette County School System, is expected to make changes on other school networks to ensure other Fayette County schools dont fall prey to computer hackers.
Boucell said the incident did not disrupt the fire drill. He said everyone knew about the fire drill.
Boucell would not say if the student involved a tech-aid. But he indicated that the incident involved a student who was entrusted with sensitive information regarding the computer network.
One student was the brains behind the project. The other student involved simply chimed in.
We did have a student that breached the security of the local area network, Boucell said. It was a student who was entrusted with certain information and had an exceptionally good working knowledge of how computers and networks operates. He was a very bright student.
School officials, however, were able to detect some inconsistencies.
We have the ability to detect unusual activity and we did, he said.
Boucell said he does not think the student intended to disrupt the e-mail server or MyGradeBook.com. Nonetheless, he will no longer have access to sensitive computer network information.
I dont think he was trying to access the gradebook program, he said. I think the results of what happened effected the gradebook and the e-mail server. I think what he was doing was not malicious, but what he was doing was knowingly against policy.
Copyright 2004-Fayette Publishing, Inc.