13-year-old Alaskan middle school students hack classroom computers by using phishing on their teachers

Students on Computer

In Ketchikan, Alaska a group of 18 students (aged 12 to 13 years) attending Schoenbar Middle School were able to hack into various computers after exploiting teachers to gain admin access. After taking control of various computers remotely, the hackers played pranks on other students.

Teachers were alerted about the issue when classmates complained that their computers were not working properly.

How did the students go about getting admin access? It’s pretty clever actually.

Naturally, computer software needs updating. If you’ve ever updated software in Windows then you know the system asks for admin rights (and associated password) to alter important files, specifically through the UAC. Students basically took advantage of the process. They tricked their teachers into entering the admin passwords by running a program that made the teachers think the computer needed updating; the teachers happily supplied the required password which gave the students the required login credentials. In other words, they used phishing to gain the passwords.

Once the students had the password, they didn’t need it again. “And it only took one time,” said the Principal of Schoenbar, Casey Robinson.

According to the school district’s technical supervisor, Jurgen Johansen students used the exploit to “spy” on each other and control classmate’s computers remotely.

“I don’t believe any hardware issues were compromised. No software issues were compromised. I don’t think there was any personal information compromised. Now that we have all the machines back in our control, nothing new can happen.”

Apparently 300 computers were seized by technicians so that they can analyze what the students were doing with them. They’re also going to use the machines to figure out who was responsible, and who participated in the hacking scheme.

Obviously, disciplinary measures are planned for the students involved, although Robinson says the district will take a peek at the computer-use agreements that students and parents signed before being issued a laptop. It’s likely that the participants will no longer have access to computers during their time with the school.

I’m not saying it’s the teachers fault at all here, but don’t you think they should take at least a little responsibility for not double checking before they offered login credentials? Hopefully the parents of these children will also understand the implications of their actions and discipline them accordingly.

As for the security protocols at Schoenbar, and how teachers handle software updates, Robinson says the process must change.

“How we do business is definitely going to have to change when it comes to updating programs and resources on the machines. Yes, something new is going to have to happen.”

What do you think? Although I find this story slightly amusing, I also think it shows something about a lot of our youth today who were raised around such technology. I suspect this won’t be the last time we hear a story like this. Share your thoughts on this story in the comments below.

[via KRBD, BBC News, image via Kelly Fraas]

Related Posts

  • miger

    We must penalize these students they say even remove their computer privileges. That is really thinking in reverse. Maybe they should replace them IT group with these kids. Maybe create a new class session for innovative computer uses. If the school can’t come up with a positive message from this situation, maybe the whole adult staff needs to be replaced with some who cam lead these inventive kids.

  • Seeing students develop new skills and learn information can be rewarding. At the same time, however, teaching also may be stressful. Some schools have large classes and lack important teaching tools, such as computers and up-to-date textbooks. Most teachers are held accountable for their students’ performances on standardized tests, which can be frustrating.

  • Louis

    Kids will be kids, people ! When I was 12, my friends and I found out that in buildings under construction, the pre-installed electricity boxes had little round discs meant to be pushed out later to thread the wiring through.

    Just so happened these little round discs were exactly the same size and thickness of coins used to buy cold drinks etc from public vending machines, and we couldn’t resist, even though we weren’t really little criminals lol

    … so after many successful raids we were caught, and in those good old days we all received a bloody good caning, and that was the end of it.

    This is in the nature of a 12 year old, I would have been worried if these kids did NOT do something as natural as that heheh

  • The kids should get some community service hours at a minimum. I also think if they came forward now rather than having to be tracked down the punishment should be more lenient. Learning to admit your mistakes and move forward is an important lesson in life. Maybe they could work with the teachers and IT department to learn from this to limit it happening in the future.

  • greg

    I don’t think they fooled “all the teachers” since it only took one to get the password.

  • Merlin

    Heheh…, we did something like that too in our IT lessons. Some 30 years ago.
    We got a teacher to input the ‘admin’ credentials of the mainframe.
    Then all of a sudden the thing started to act ‘weird’. He didn’t have a clue about what was going on.

  • Seamus McSeamus

    Poor wording on my part. I should have said “wise”, as in wise enough not to hack into the school’s computers even though they had the ability to do it.

  • Frank

    Don’t you think you’re adoring or supporting little criminals?
    In the age of 12 it is surely cool to prank a teacher. But one could also know the limits.
    I do not want to see them sincerely punished (a pedagogical punishment was very appreciated though) but that folks like you adore them? WTF?

  • Donna

    [@Seamus McSeamus]
    I don’t know, they fooled “all the teachers”? That’s pretty smart to me. Or the teachers are not smart yet> LOL…

  • Seamus McSeamus


    Definitely tech savvy, just not very smart yet. Something I probably would have done at their age if we had computers way back then. Hopefully they will grow up to use their powers for good and not evil!

  • Donna

    I think it shows how smart the kids are and how tech savvy too. I seriously feel the teachers that so nonchalantly just keyed in their passwords should get an F in tech 101. Most importantly, Not allowing the kids to have Lap Tops/PCs in the classroom is doing nothing but hurting their education. Not a very wise decision on the school board’s part.

  • Switch-kun

    Ha, I’d grab every data I could find off these computers. Could be useful one day, don’t ya think? Tons of private emails, files, and what not, think of the large amount of data you can extract! It’s terrifying!

  • Mike

    At a former job in a large company, IT almost seemed annoyed when one double-checked an update inquiry. Reap what you sow . . . .

  • RealBull

    Not only the teachers are responsible in some way, but also the school. I’m sure the school was negligent by not educating the teachers about issues such as these.

  • Ashraf

    [@Briley Kenney] Too bad they can’t drive themselves to those jobs, LOL

  • Briley Kenney

    [@Ashraf] Seriously. I wonder how many of these kids will get job offers from this news?

  • Ashraf

    I wish I was this awesome when I was 13.