Help hacking learner makes school safer
Students hack their own school, because education is lagging behind security. Some schools use hackers to plug holes in their own network.
Just before the summer of 2017, there were incidents at various schools in which students were able to gain access to the shielded, secure part of the school network. This is also the case at the Hyperion Lyceum in Amsterdam, where a 4-year-old VWO student retrieved the passwords of three teachers for digital grade administration using a keylogger, a small USB stick that registers keystrokes. Together with three fellow students, he adjusted test grades for various subjects. In this way, failures became satisfactory. An observant teacher smelled danger and signaled the school management. “If you hear that the Pentagon is also being hacked, then you should not have the illusion that this will never happen to you as a school,” says Rector Elly Loman of the Hyperion Lyceum. Still, the school has taken extra security measures to make life more difficult for hackers. *Also read the 9 tips against hacking Lecturers who want to log in to the grade administration have recently entered an extra security code.
Sandra Schink photographed young people at a hackathon in the German city of Hamburg in 2017. (source: Flickr)
Very sensible, says Job Vos, privacy expert at Kennisnet, the public organization that supports schools in the field of ICT. “You often see that a hacking student has free rein as soon as he has passed the first barrier of the secure network. So provide multiple security layers. " Vos does not have hard figures about the poor computer safety of schools, but notices almost every day that schools are not paying enough attention to this problem. "Sometimes I secretly hope for a major incident with far-reaching consequences that will make education face the facts."
Sometimes I hope for a major incident that forces education to face the facts
According to Petra Oldengarm of Hoffmann Bedrijfsrecherche, the educational world is lagging considerably behind other sectors when it comes to ICT security. In her position as Director of Cyber Security, she has regular contact with educational organizations. "It is not that schools do not necessarily want to invest in IT security, but rather spend the money on education." A fallacy, she thinks. “Because the damage after, for example, an attack in which the computer network of a school is shut down, can be enormous. Imagine that you have planned an important test week at that very moment. Ordinary teaching is also impossible because you do not have access to computers and IWBs. Besides the fact that it costs a lot of money, everyone falls over you at such a moment: students, parents, the press. ”
It often happens that a lecturer writes down his login details in his agenda
Oldengarm points to another development that is forcing schools to improve security measures. In May 2018, the new European privacy legislation, the General Data Protection Regulation, will come into force, which sets strict requirements for the security of personal data. "Since schools have sensitive information about students in their systems, they have to meet those requirements."
Image: Sandra Schink - Flickr
In addition to good ICT security policy, there is still a lot to be gained for schools in terms of awareness, says Vos. “The yellow with login name and password on the monitor is still my favorite example of what not to do. But the slightly less serious blunder of a teacher who notes his login details in his diary is still common. ” Oldengarm also has examples of unsafe behavior. She knows schools where teachers download confidential information about students from the network to their laptop or PC, at work or at home. Oldengarm: "You can have a good information security policy, but as an educational organization you must also ensure that employees handle the vulnerable information and systems safely and that goes beyond just awareness."
There is a romanticized image about hackers, while a hack is really much more than a prank
As a school, it is a good idea for students to change the perception of hackers. Vos: “There is a romanticized image of hackers, while a hack is really much more than a mischief. You can adjust that image by paying attention to this subject in the lessons, just as you do with bullying, for example. Sketch how much stress and problems a hack causes a school, and how much money it costs. ”
Image: Sandra Schink - Flickr
Oldengarm would like to see schools involve their students in the subject in a playful way. "Organize a hack marathon, for example, in which students try to penetrate your system under supervision." Vos is also a great supporter of this. He knows schools that form special ICT classes to jointly test the ICT systems and make them safer. This immediately underlines the social function of schools, says Oldengarm. “The strange thing is that these often smart students are also the people who can later start working in this market. The question then is: are you going to nail them to the pillory or try to adjust them so that they use their skills in the right way. ” Vos agrees: “In the US, the Ministry of Defense was hacked once. When they found out who was behind it, they didn't pick him up but offered him a job. You have to think in that category. ” Still, he acknowledges that there are degrees. "Someone who deliberately breaks in to boost his or her own and fellow students' grades, you have to be harder to do."
It doesn't feel right when your own students betray your trust like that
The Hyperion Lyceum has also opted to apply gradations in punitive measures. “The pupil who played an active role in the whole has been expelled from school after careful consultation,” says Rector Loman. "With that we wanted to send the signal that his actions were really not acceptable." Ultimately, the Hyperion found another school for him. There he started with a clean slate in August. Intensive talks were held with the three other students who played a less active role and were suspended for a few days.
Loman looks back on that period with mixed feelings. "It doesn't feel good when your own students betray your trust like that, but I am satisfied with the way we handled the situation." In doing so, the school has opted for openness. For example, all students and parents were informed about the incident, without mentioning names. As a result, it was picked up by the media. “We had calculated that, but it was a bit of a shock when we saw the headlines and reactions on Twitter. But afterwards it quickly became old news and the storm died down again. ”
Image: Sandra Schink - Flickr
Kennisnet advises schools to be open and transparent. Vos: “It almost always comes out, because hackers often openly boast about their hacking performance. There is a good chance that it will reach the newspaper via-via. At such a time, make sure that you as a school are well prepared by arranging some things in advance and putting them on paper. "
The Dutch Data Protection Authority states that the question is not whether you will ever have to deal with it, but when.
Rector Loman hopes not to experience a hack anymore, but does not dare to put her hand in the fire for it. "We now have that extra security, but there will be something in the future that can be used to circumvent it." Vos confirms that every school can be confronted with a hack. “The Dutch Data Protection Authority even states that the question is not whether you will ever have to deal with it, but when. Yet you can prevent a lot of suffering with a good policy. ”
Also read the 9 tips against hacking.
