+ Post New Thread
Results 1 to 11 of 11
Internet Related/Filtering/Firewall Thread, School Hacking in Technical; Locally, everyone's been obsessing with this story over the last few days. Not being overly familiar with the technical side ...
  1. #1

    Join Date
    Jan 2011
    Location
    North Wales
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    School Hacking

    Locally, everyone's been obsessing with this story over the last few days.
    Not being overly familiar with the technical side of things, all I really know is that they have SIMS running on an RM CC3 Network, and have just launched their Hosted SIMS Learning Gateway (which is now suspended).

    I find it hard to believe that any pupil would manage to compromise a piece of software like SIMS, it's pretty professional software.

    Colwyn Bay's Eirias school 'hack' claims investigated

    Education officials say the allegations about hacking records are under investigation

    An investigation is underway at Colwyn Bay's Eirias High School into whether computer records of pupils have been stolen.

    It follows claims posted on the internet by someone claiming to be a pupil and having accessed the records.

    The head teacher said no download of student data has been achieved by the alleged hacker.

    However, Phil McTague said they are continuing to investigate the allegations in conjunction with police.

    In internet postings to two so-called computer 'hacking' message boards, the individual stated: "Hey guys, I'm pleased to say that I have successfully hacked my school.

    "I have downloaded everyoes (sic) reports, and am now working through a long list of revenge stuff.

    "I'm thinking of trying to sell the information like this, any idea how to do it?

    "Any ideas for what I can do next? Bros, you should be worshiping me!"

    The postings also have an image of alleged records that have been downloaded.

    In a statement from Eirias High School, staff confirmed that they had been informed of the alleged security breach.

    "We are dealing with the issue as a matter of urgency and a team of specialists from Conwy Education Service is assisting us with our investigation," said the statement.

    "To date we cannot confirm the allegations."

    It is understood that North Wales Police have also been informed of the developments.

    In January, the school was reported to the Information Commissioner over a complaint that personal information on a pupil was made public through a YouTube video.
    From BBC News - Colwyn Bay's Eirias school 'hack' claims investigated

    A quick search for the hacker's quotes leads you to the original posts on the hacking forums and their screenshots of what is definitely SIMS data and a report (and is real).

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,092
    Thank Post
    1,428
    Thanked 1,692 Times in 1,265 Posts
    Blog Entries
    2
    Rep Power
    362
    definitely a SIMS Learning Gateway report on a pupil...looks like the format one of my feeder schools use.

  3. #3

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,092
    Thank Post
    1,428
    Thanked 1,692 Times in 1,265 Posts
    Blog Entries
    2
    Rep Power
    362
    Also, the thread the guy posted it on, had his name, and he got owned by all of his forum "buddies"...lol

  4. #4

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    114
    I find it hard to believe that any pupil would manage to compromise a piece of software like <snip>
    But what about a pupil managing to compromise a teachers credentials?

  5. #5
    Jamman960's Avatar
    Join Date
    Sep 2007
    Location
    London/Kent
    Posts
    959
    Thank Post
    173
    Thanked 191 Times in 153 Posts
    Rep Power
    45
    Not suprising really, sims could do with a way to enforce password complexity etc when using database security rather than active directory to authenticate - no-one know's how secure each users passwords are and sims dosen't even differentiate between case so mixing case is entirely useless.

    Also I don't know about everyone else but I find that our typical end users don't understand or care about the importance of keeping MIS data secure, when I first started here the majority of sims passwords were "password" and I'm not entirely convinced they are much more secure now despite having a policy in place requiring users to choose more secure passwords(will be moving to AD integrated soon me thinks).

  6. #6

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,092
    Thank Post
    1,428
    Thanked 1,692 Times in 1,265 Posts
    Blog Entries
    2
    Rep Power
    362
    I told out lot that due to a configuration error anything other than the default password is hands out with new users corrupts everything, worked like a charm, and they remembered their passwords too.

  7. #7

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,237
    Thank Post
    218
    Thanked 387 Times in 288 Posts
    Rep Power
    158
    Proves to me that all the effort and complexity of our county implementing 2 factor authentication is well worth it. I imagine that it isn't a hack just a login details grab (bets on a post-it note somewhere).

  8. #8

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,463
    Thank Post
    524
    Thanked 1,993 Times in 932 Posts
    Blog Entries
    23
    Rep Power
    575
    Well, it looks like to forum mentioned has gone offline, also my guess that this is not 'hacking', but rather either locating the aformentioned Post-It note or simply watching the teacher type in their password on several occasions and working it out piecemeal.

  9. #9


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,207
    Thank Post
    218
    Thanked 812 Times in 694 Posts
    Rep Power
    274
    Quote Originally Posted by Dos_Box View Post
    Well, it looks like to forum mentioned has gone offline, also my guess that this is not 'hacking', but rather either locating the aformentioned Post-It note or simply watching the teacher type in their password on several occasions and working it out piecemeal.
    or possibly even the teacher saying it out loud as they type

  10. #10
    RobMongoose's Avatar
    Join Date
    Jul 2010
    Location
    Tyne & Wear, UK
    Posts
    36
    Thank Post
    3
    Thanked 3 Times in 3 Posts
    Blog Entries
    1
    Rep Power
    8
    Quote Originally Posted by TechMonkey View Post
    Proves to me that all the effort and complexity of our county implementing 2 factor authentication is well worth it. I imagine that it isn't a hack just a login details grab (bets on a post-it note somewhere).
    Seems like the most likely explanation to me....

  11. #11
    ComputingData's Avatar
    Join Date
    Nov 2008
    Location
    Preston
    Posts
    104
    Thank Post
    6
    Thanked 11 Times in 11 Posts
    Rep Power
    12
    All you need to know is that nothing is secure, everything can be hacked.

    Even RSA have recently been hacked:
    RSA hacked, data exposed that could 'reduce the effectiveness' of SecurID tokens -- Engadget

    imho schools shouldn't use wireless networks and the pupil management system should be on a completely closed computer. Wireless networks are fairly easy to hack (under 20 mins using an automatic device) if they use WEP, WPA may be just as easy to hack any day soon. Once on a wireless network you use a network card that acts in promiscuous mode to intercept all network traffic, grabbing passwords, data, etc as it goes from one ip address to another.

    Also imho, you should not buy a certain brand of router from a certain manufacturer, this is like a red flag to a bull. This particular brand is use by most military organisations, governments and banks - they are quite famous. There are IP wardiallers out they that specifically look for the charactistics of data replies for this brand. If you do use that brand, be prepared to have a member of staff looking 247 for zero day hacks.

    Cloud networks are a very attractive 'hack' - once you take over a cloud network then you generally have access to all the data for all the customers of that cloud network. imho if you want to keep your data secure, encrypt it before it get to the cloud network or don't use one.

    Again, all you need to know is that nothing is secure, everything can be hacked!

SHARE:
+ Post New Thread

Similar Threads

  1. Students Sign Up For Computer Hacking
    By CPLTD in forum IT News
    Replies: 3
    Last Post: 20th November 2009, 11:26 AM
  2. Hacking .pst files
    By zag in forum Windows
    Replies: 3
    Last Post: 10th October 2008, 10:50 AM
  3. Hacking batteries
    By FN-GM in forum General Chat
    Replies: 4
    Last Post: 19th August 2008, 07:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •