Computer hacking

Student arrest underscores hacking threat, but Miami-Dade says grading system is secure

 

dsmiley@MiamiHerald.com

It used to be that a cheating student hoping to stealthily change a grade might try to use a few strokes from a pen or marker to make an “F” look like a “B.” Or if they were ambitious, an “A.”

But in the digital age, as schools and universities abandon paper grade books for electronic ones, some system-gaming students have grown savvy about altering their scores through mouse clicks and keyboard strokes. That has put school and university officials across South Florida and the country on the defensive.

The latest example of e-cheating emerged Thursday, when Miami-Dade Schools police arrested a student accused of accessing the school’s grading system at Dr. Michael Krop Senior High. According to an arrest report, senior Jose Bautista admitted to changing the grades of four Krop students.

It’s not entirely clear how the 18-year-old — who police said confessed to his principal — was able to change the grades, though it doesn’t appear to have been accomplished through a complicated hacking scheme. District spokesman John Schuster said Bautista “allegedly accessed information that he used to access the [electronic] grade book.”

“The grade book is secure,” Schuster said.

Still, a school board-approved audit published in March shows that the alleged incident at Krop wasn’t a first-time incident. According to auditors, 8 percent of more than 200 Miami-Dade teachers interviewed about their use of the district’s electronic grading system said they had experienced or knew of a situation where grades were “inappropriately” changed in recent years.

School Board Member Martin Karp said he hopes to have a conversation with district officials before Wednesday’s school board meeting about what happened at Krop, which is located in his district.

“If the integrity of the system can be compromised like this it’s a big concern,” said Karp. “And what are the steps being taken to make sure something like this doesn’t happen moving forward?”

That’s a question school and university officials around the country are asking as more schools find evidence they’ve been hacked, often at the hands of their own students. At Florida International University, two students and an alumnus were arrested in December and accused of stealing and selling tests from one professor for $150 a pop after allegedly accessing the professor’s email account.

Computer systems for Broward schools have also been hacked by students on at least three occasions since 2006.

Elsewhere in the U.S., recent hacking victims include Purdue University, and Corona del Mar High School in California, where 11 students were reportedly expelled after using keyloggers to record and steal teachers’ passwords and change grades.

“We’re seeing data breaches left and right,” Khaliah Barnes, director of the Electronic Privacy Information Center’s Student Privacy Project, said in reference to hacks of all types. “It underscores that schools really need stronger security safeguards when they’re using electronic records.”

Miami-Dade district officials insist their Electronic Grade Book, which is used by more than 21,000 employees to enter grades for 350,000 students, remains secure, though the recent audit found some holes in the safety net. Auditors, for instance, found that users who simply closed their browsers and forgot to log off left their accounts open, and that teachers could be unaware of changes made to their own grades by other users.

Schuster wrote in a statement that the district is implementing the audit recommendations. And when presented with the audit in March, Superintendent Alberto Carvalho noted that the few grade book breaches confirmed were the result of slip-ups, such as teachers having passwords stolen, as opposed to the work of sophisticated hackers.

Florida International University’s Information Security Officer Charles Young said people are often the weakest link in security systems. Young wouldn’t talk about the alleged hacking incident at the university, but he said FIU has responded with new security measures and made a security awareness training mandatory for anyone with a university email.

He said the university’s systems remain secure and that he wasn’t aware of any other attempted hackings, though he acknowledged hacking is a widespread problem.

“I would suggest there are a lot more of these types of events that don’t make the media than do,” he said. “We continue to do what we can to make things better and make sure these types of things don’t happen in the future.”

As for Bautista, the Krop student, police charged him with eight felony counts. Miami Herald news partner WFOR-CBS 4 reported that he was placed on house arrest by a bond court judge. Attempts to reach him through phone numbers listed on the police report were unsuccessful, and his attorney, public defender Melissa del Valle, declined to comment.

Read more Schools stories from the Miami Herald

Miami Herald

Join the
Discussion

The Miami Herald is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

The Miami Herald uses Facebook's commenting system. You need to log in with a Facebook account in order to comment. If you have questions about commenting with your Facebook account, click here.

Have a news tip? You can send it anonymously. Click here to send us your tip - or - consider joining the Public Insight Network and become a source for The Miami Herald and el Nuevo Herald.

Hide Comments

This affects comments on all stories.

Cancel OK

  • Marketplace

Today's Circulars

  • Quick Job Search

Enter Keyword(s) Enter City Select a State Select a Category