May 5, 2014

Student arrest underscores hacking threat, but Miami-Dade says grading system is secure

With a recent audit showing electronic grades are sometimes changed inappropriately, district says it is beefing up anti-hacker measures.

It used to be that a cheating student hoping to stealthily change a grade might try to use a few strokes from a pen or marker to make an “F” look like a “B.” Or if they were ambitious, an “A.”

But in the digital age, as schools and universities abandon paper grade books for electronic ones, some system-gaming students have grown savvy about altering their scores through mouse clicks and keyboard strokes. That has put school and university officials across South Florida and the country on the defensive.

The latest example of e-cheating emerged Thursday, when Miami-Dade Schools police arrested a student accused of accessing the school’s grading system at Dr. Michael Krop Senior High. According to an arrest report, senior Jose Bautista admitted to changing the grades of four Krop students.

It’s not entirely clear how the 18-year-old — who police said confessed to his principal — was able to change the grades, though it doesn’t appear to have been accomplished through a complicated hacking scheme. District spokesman John Schuster said Bautista “allegedly accessed information that he used to access the [electronic] grade book.”

“The grade book is secure,” Schuster said.

Still, a school board-approved audit published in March shows that the alleged incident at Krop wasn’t a first-time incident. According to auditors, 8 percent of more than 200 Miami-Dade teachers interviewed about their use of the district’s electronic grading system said they had experienced or knew of a situation where grades were “inappropriately” changed in recent years.

School Board Member Martin Karp said he hopes to have a conversation with district officials before Wednesday’s school board meeting about what happened at Krop, which is located in his district.

“If the integrity of the system can be compromised like this it’s a big concern,” said Karp. “And what are the steps being taken to make sure something like this doesn’t happen moving forward?”

That’s a question school and university officials around the country are asking as more schools find evidence they’ve been hacked, often at the hands of their own students. At Florida International University, two students and an alumnus were arrested in December and accused of stealing and selling tests from one professor for $150 a pop after allegedly accessing the professor’s email account.

Computer systems for Broward schools have also been hacked by students on at least three occasions since 2006.

Elsewhere in the U.S., recent hacking victims include Purdue University, and Corona del Mar High School in California, where 11 students were reportedly expelled after using keyloggers to record and steal teachers’ passwords and change grades.

“We’re seeing data breaches left and right,” Khaliah Barnes, director of the Electronic Privacy Information Center’s Student Privacy Project, said in reference to hacks of all types. “It underscores that schools really need stronger security safeguards when they’re using electronic records.”

Miami-Dade district officials insist their Electronic Grade Book, which is used by more than 21,000 employees to enter grades for 350,000 students, remains secure, though the recent audit found some holes in the safety net. Auditors, for instance, found that users who simply closed their browsers and forgot to log off left their accounts open, and that teachers could be unaware of changes made to their own grades by other users.

Schuster wrote in a statement that the district is implementing the audit recommendations. And when presented with the audit in March, Superintendent Alberto Carvalho noted that the few grade book breaches confirmed were the result of slip-ups, such as teachers having passwords stolen, as opposed to the work of sophisticated hackers.

Florida International University’s Information Security Officer Charles Young said people are often the weakest link in security systems. Young wouldn’t talk about the alleged hacking incident at the university, but he said FIU has responded with new security measures and made a security awareness training mandatory for anyone with a university email.

He said the university’s systems remain secure and that he wasn’t aware of any other attempted hackings, though he acknowledged hacking is a widespread problem.

“I would suggest there are a lot more of these types of events that don’t make the media than do,” he said. “We continue to do what we can to make things better and make sure these types of things don’t happen in the future.”

As for Bautista, the Krop student, police charged him with eight felony counts. Miami Herald news partner WFOR-CBS 4 reported that he was placed on house arrest by a bond court judge. Attempts to reach him through phone numbers listed on the police report were unsuccessful, and his attorney, public defender Melissa del Valle, declined to comment.

Related content



Editor's Choice Videos