K12 | Bach Seat

Tag Archive for K12

RB | October 2, 2012

Texas School ID Cards Track Students

Updated 07-27-13 According to Chron, Northside Independent School District Texas spokesman Pascual Gonzalez said the microchip-ID program turned out not to be worth the trouble.

Updated 01-19-13 The student lost her lawsuit against the district. The student and her family had sued the district, claiming that her first amendment rights were being violated (she claims the RFID tag is “the mark of the Beast”), but the school removed the RFID chip from her ID and the court found that that was a reasonable accommodation.

Updated 12-02-12 A self-described teen-aged Anonymous hacker claims to have hacked the website of Texas’s Northside Independent School District in support of a student who refuses to wear an RFID ID badge according to the San Antonio Express-News. The district’s site was never compromised, Northside spokesman Pascual Gonzalez said.

In a statement posted on Twitter, the teenaged hacker wrote: “Now it is your school and your rules, but you seen what I did to your website, and have a simple deal for you, weather you accept it or not, is up to you,” the statement reads. “If you still want to do this tracking idea on the students, at least have a meeting with each and every students parents, so they know what is going on.”

Updated 11-21-12 It is not surprising to me that Wired is reporting that the school district is being sued over the program. According to Wired, the family claims that the student refuses to wear the badge because it signifies Satan.

A Texas school district is putting tracking chips into new, mandatory student IDs to keep tabs on students’ whereabouts while on campus. According to Sophos’ Naked Security blog, Texas’s Northside Independent School District‘s John Jay High School and Anson Jones Middle School are performing a pilot test of the technology.

FOX 29 TV in Texas reports that students will be required to wear the cards on a lanyard around their necks and will be charged a fee for losing them. Their location will be beamed out to electronic readers throughout the campuses.

The one-year pilot program, which will cost the district $261,000, is also expected to increase attendance, and could bring an extra $2 million to the district in state funding as a result, District spokesman Pascual Gonzalez said. He stated that the program will be re-evaluated next summer.

In a letter to parents, school administrators stated that the ID cards will store no personal information and that they’ll work only on school grounds. “Think how important this will be in the case of an emergency,” the letter reads. “In addition, the ‘smart’ student ID card will be used in the breakfast and lunch lines in the cafeteria and to check out books from the library. Because all students will be required to wear their ‘smart’ ID, staff will be able to quickly identify Jay students inside the school.”

FoxNews reports that a coalition of privacy and civil liberties organizations and experts have called for a moratorium on the technology, including the American Civil Liberties Union.

The Sophos blog reports that some parents are protesting, comparing the tags to RFID tags used to track cattle. Steven Hernandez, a father of a student who attends the school and the only local parent to attend a protest late last month, told KSN News that the new badges amount to “a spy chip”.

His daughter, Andrea, a sophomore, told KSN that she’s decided to wear her old photo ID even though students were told the new micro-chip ID is mandatory: “It makes me uncomfortable. It’s an invasion of my privacy.”

Northside ISD’s Gonzalez rejected that criticism, saying the pilot program and the “smart” ID cards have been used successfully in Houston’s Spring Independent School District for at least the past five years. “This is non-threatening technology,” he said. “This is not surveillance.”

rb-

There is a great deal of bluster around this article on the blog. Look around people, your passports and driver’s licenses have RFID tags. What about proximity card readers? Have you checked the Visa in your wallet? Isn’t near field communications (NFC) the hot topic in the VC world?

I will bet a cookie that some of the same folks blustering about ID tags also favor gutting public education funding, yet the object to efforts to increase alternate sources of revenue for Texas schools by using chips in student ID cards.

San Antonio NISD Schools Tracking Kids with RFID pilot program (blacklistednews.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2012, ACLU, IOT, K12, M2M, Privacy, RFID, Spychips, Wireless

RB | September 20, 2012

2 comments

Students – Insider Threat At K12 Schools

I have spoken to several tech people outside of K-12 lately. When the topic of information security comes around, they talk about how much they are focusing on the “growing insider threat” their employers face. I always smile because those of us in K12 have always faced a hostile internal threat, students. Here are a couple of examples of how students can be an insider threat at school.

student hackers changed grades At Colorado’s Jefferson County K12 Schools KUSA reports that administrators are investigating reports that student hackers got into Golden High School’s computer system and changed grades. Investigators are looking into whether students inside the school hacked the campus portal system. A student said, “People started giving themselves A’s.”

Golden High School students told the media that the hackers changed the grades for themselves and others just before winter break and the end of the first semester.

Administrators do not even know how many grades were changed. It could be low as 15 students or as high as 200. The district will not say if any students were caught or how many are suspected of hacking into the system.

Jefferson County Schools Superintendent Cindy Stevenson told local TV her staff is working hard to find out how it happened. When they do, she says security will be improved.

Berkeley High School

Prestigious Berkeley High School in Berkeley CA succumbed to the student insider threats. The media reports nearly three dozen students were suspended and face expulsion for hacking into the K12 school’s attendance system, an act that could lead to criminal prosecution according to SFGate. At least four students used an administrator’s stolen password to clear tardies and unexcused absences from the permanent records of 50 students, offering the service or the password for a price, Principal Pasquale Scuderi said.

The hackers erased from the system hundreds of cut classes and tardies from October through December, and charged classmates $2 to $20 for the illicit help, Scuderi told the SFGate.

Orange County K12 schools

The student insider threat struck K12 schools in Orange County, California. Omar Khan a former student of Tesoro High School, pled guilty to charges of having installed spyware on his high school’s computers and having used the collected passwords to get access to the grading system and change his grades according to CSO Online.

Khan and another student, Tanvir Singh were arrested for breaking into the school’s assistant principal’s office at night. Khan’s goal was to destroy the evidence that he cheated on a statistics test by stealing it.

Khan had faced a maximum of 38 years in prison on the felony burglary and public-record tampering charges is expected to be sentenced to 30 days in jail, 500 hours of community service, and ordered to pay about $15,000 in restitution.

The article says Khan admitted he was guilty of breaking into school offices and installing spyware on computers and then using the passwords to change some of his grades and that of 12 other students.

He also acknowledged that he changed his transcript grades to appeal rejection letters from the University of Southern California, the University of California, Berkeley, and the University of California, Los Angeles.

Nevada salutation

PC World reports that in Pahrump, Nevada, K12 schools Tyler Coyner, Pahrump Valley High School’s 2010 salutation with a 4.54-grade point average, was arrested as the ringleader in a group of 13 students who have been charged with conspiracy, theft, and computer intrusion. The article states that Coyner somehow obtained a password to the school’s grade system and, over the course of two semesters, offered to change grades in return for cash payments.

According to PC World, ten juveniles have also been arrested for having profited from Coyner’s offer to bump up their grades. It turns out that Coyner, somewhat foolishly – chose to make himself the one that profited most from his scheme. In fact, the 4.54-grade point average that made him the school’s salutation is the result of his own grade manipulation.

rb-

Looks like Coyner is gotten a head start on his dream of becoming a Wall Street hedge fund trader by facing criminal charges as a student insider threat at school.

Category: Uncategorized | Tags: 2012, Hack, High school, Insider threat, K12, Password, PII, Security, Student

RB | July 31, 2012

Comments Off

Mommy Hacker

Time Magazine reports that a Pennsylvania woman faces six felony charges for hacking the computer system at her kids’ schools. Catherine Venusto, 45, hacked into the Northwestern Lehigh School District computer system and altered the grades of her two children, ABC News reports. Venusto had worked at the district as an administrative office secretary from 2008 through April 2011. A year before she quit, Venusto, of New Tripoli, PA had been accused be being a hacker. She reportedly changed her daughter’s failing grade to a medical exception. And in February 2012, she was accused of changing her son’s 98 to a 99.

Third-degree felonies

Ms. Venusto was arraigned on three counts of unlawful use of a computer. She was also charged with three counts of computer trespassing and altering data. All six of those charges are third-degree felonies. Pennsylvania State police say Venusto admitted changing the grades, saying she thought her actions were unethical but not illegal.

When ABCNews.com attempted to contact Ms. Venusto at her current job as an event coördinator at Lehigh University, a school employee said her employment ended Wednesday. Venusto’s lawyer, Thomas Carroll, declined to comment.

“I’m concerned on numerous levels,” said Jennifer Holman, Northwestern Lehigh School District’s assistant superintendent. “When we say systems, there were three different systems violated…There were 10 different users that at some point had their email violated.”

PA State police investigate the hacker

Ms. Holman told ABCNews.com that she first realized something was wrong when a teacher asked why superintendent Mary Ann Wright was in that teacher’s online grade book. Once Wright explained she was never in the grade book the investigation began. Administrators and state police looked for whoever used Wright’s username and password without permission.

PA State police discovered Venusto used Wright’s credentials 110 times to access the district’s online grading system, according to the District Attorney’s office. Venusto also allegedly accessed nine other faculty members’ email accounts without permission. She also accessed the human resources “H-drive” to view “thousands of files associated with district policy, contract information, employee reports, and personnel issues.”

Superintendent Wright released a statement in anticipation of Venusto’s arraignment.

“We deeply regret this incident and that this unauthorized access occurred, and we sincerely regret any inconvenience this may cause,” Wright wrote. “We are doing everything we can to prevent this from happening again, and new security procedures are in place to better assure that our systems are protected from such attempts.”

The court set bail at $30,000. Venusto will not have to pay the bail unless she does not appear in court for her preliminary hearing. Venusto could face a maximum of 42 years in prison or a $90,000 fine, according to District Attorney’s office spokeswoman Debbie Garlicki, who said the maximum penalty on each count is seven years or a $15,000 fine.

rb-

The mommy hacker’s defense is “I thought it was immoral but not illegal”. I will mention in passing the declining parenting standards which are creating a bunch of narcissistic and self-absorbed generation that has no consciousness to what right and wrong is.

The Administration and IT departments both bear the blame for this intrusion. Some easy-to-implement best practices could have shut the mommy hacker down quicker. They should have required regular password changes. They could have broken the bank and installed an intrusion protection system.

Those of us who work in K-12 understand that security is only important after an incident.

Category: Uncategorized | Tags: 2012, Data breach, Insider threat, K12, Password, Pennsylvania, School Data Breach, Security

RB | April 24, 2012

Comments Off

States Collect More School Kid Data Than Needed

States often collect far more information about school students than necessary and fail to take adequate steps to protect their privacy, a national study by Fordham University concludes. The Washington Post reports that dossiers go far beyond test scores, including Social Security numbers, poverty data, health information, and disciplinary incidents.

The study from the Fordham University Center on Law and Information Policy casts light on data systems created at the urging of the federal government to track student progress. One finding: States often fail to spell out protocols for purging records after students graduate.

“Ten, 15 years later, these kids are adults, and information from their elementary, middle, and high school years will easily be exposed by hackers and others who put it to misuse,” said Fordham law professor Joel R. Reidenberg, who oversaw the study. States, he told the Washington Post, “are trampling the privacy interests of those students.”

The movement toward statewide databases with unique student identifiers, rooted in the standards-and-testing movement of the 1990s, has grown significantly in this decade under the federal No Child Left Behind law and is getting a fresh push this school year from the Obama administration. The article says federal officials want to link student test scores to teacher files to help evaluate instruction. They also envision systems that track students from pre-kindergarten through college, to help raise college completion rates.

Nearly all states, have built or are planning virtual education “data warehouses,” aided by federal funding. Advocates say the warehouses have strong privacy protections, but they acknowledge potential shortcomings according to the author.

“Is there data collected that’s not necessary anymore?” asked Aimee Guidera, executive director of the Data Quality Campaign, based in the District, which is funded by the Bill and Melinda Gates Foundation, among others. “Probably.” She cited Kansas and Tennessee schools as leaders in establishing rules for data control.

But a larger concern, Guidera said, is that states often lack “a strategic, thoughtful way of connecting information and using it to answer questions.”

The Fordham study canvassed public information on state data systems and compliance with federal privacy law writes the Washington Post. Among the findings, at least 23 states note reasons for withdrawal from schools such as jail, illness, or mental health issues. At least 22 count student absences. At least 29 track whether students are homeless.

The study also found that at least 16 states use or allow the use of Social Security numbers to identify school students and at least 10 note whether a student is a single parent. Another finding: Florida, Kentucky, New Jersey, and North Carolina track the date of a student’s last medical exam.

The Washington Post says Fordham recommended that states tighten protocols to keep data anonymous, with special provisions for those in local schools who need to know more; that they articulate reasons for collecting data and jettison what is unjustified; and that they appoint officers to oversee compliance with state and federal privacy laws.

Charles Pyle, a Virginia Department of Education spokesman, said data are protected through policies and programming that prevent unauthorized access. The data help the states comply with NCLB, he said, and help pinpoint student needs. “You need a statewide system to keep track of the kids,” Grover Whitehurst of the Brookings Institution, told the paper. He oversaw education research for President George W. Bush’s administration and claims, “Otherwise, they fall off the screen.”

rb-

The lackadaisical attitude toward data security and privacy I see in K-12 amazes me. This article tells me it’s a national problem. – Why don’t I feel any better about that?

Has The No Child Left Behind Act Failed? (familyfocusblog.com)

Category: Data protection | Tags: 2012, Bill Gates, K12, No Child Left Behind Act, Privacy, Social Security number, Standardized test

RB | February 14, 2012

Comments Off

Schools Riskiest for Computer Theft

Absolute Software Corporation (ABST), is a Vancouver, Canada-based computer security and end-point management firm. The company founded in 1993 provides firmware-based, computer theft recovery, data protection, and secure computer life-cycle management systems identified the top 10 target areas for the theft of mobile computers.

The maker of LoJack for Laptops told ITnewsLink that the top 10 list reveals that consumer computers are more likely to be stolen while at school or home. The list is based on theft reports filed to the Absolute Theft Recovery Team by Absolute customers over a one-year period. With the holidays approaching, Absolute is warning that the risk of computers being stolen from the home is higher than what many consumers perceive.

“The trends in this list may surprise some computer owners. They often think of security issues only when they are on the move,” said Mark Grace, vice president of consumer business at Absolute Software. “However, with schools and residences topping the list of places computers are stolen, owners need to be extra cautious, particularly around the holidays when home burglaries often increase.”

Top 10 Places Consumer Computers Are Stolen

1. K-12 Schools
2. Residential Properties
3. Automobiles
4. Businesses/Offices
5. Universities and Colleges
6. Hotels and Motels
7. Restaurants and Cafes
8. Stores and Shopping Malls
9. Public Transit (includes taxis, buses, trains, etc)
10. Airports (terminals, security checkpoints, storage areas and airport restaurants

rb-

The Absolute software offers several advantages. When a device is reported stolen a signal is sent that freezes the computer and displays a custom message for whoever finds it. In order to prevent identity theft unauthorized users cannot access the content on the computer, and even delete files, including the operating system. If a computer is stolen, the Absolute Theft Recovery Team will work with local law enforcement to recover it.

Detroit Public Schools Uses Absolute Software to Help Dismantle Organized Criminal Ring (prnewswire.com)
5 Scary Notebook Recovery Stories: Guns, Drugs and Identity Theft (notebooks.com)

Category: Uncategorized | Tags: 2012, Absolute Software, ABT, Identity Theft, Information privacy, K12, PII, Security, Theft

« Older Entries Recent Entries »

Bach Seat

Tag Archive for K12

Texas School ID Cards Track Students

Students – Insider Threat At K12 Schools

Berkeley High School

Orange County K12 schools

Nevada salutation

Mommy Hacker

Third-degree felonies

PA State police investigate the hacker

Schools Riskiest for Computer Theft

Related articles

Meta