Local authority races to upgrade its system security as the second teenager in five months breaches its network defences, copying 55,000 records
An American schoolchild has successfully hacked into an educational network and saved records of 55,000 people to a flash drive.
The 15 year-old Pennsylvania student breached security on the network, which belongs to the local education authority, and retrieved names, addresses and social security numbers.
Police said on Wednesday they had arrested the student, who could not be named because of their age, and charged them with four offences of unlawful duplication and theft.
The authority, Downington Area School District, said it thought the hack, which took place on 9 May, was motivated by wanting to gain access to the system for "irresponsible interest", rather than for criminal intent. Police believe the stolen data was passed by the hacker to just one schoolfriend.
The student has been sent home and had their computer and flash drive seized by police. They will later face the four charges in a juvenile court.
It's not the first time the authority has been hacked by a youngster. A 16 year-old successfully broke into its network in December last year before decrypting a file using password cracking software. Since then, students have managed to circumvent the authority's filtering software, Websense, in order to download games to school servers.
In a statement, the authority said it would tighten its security by segregating its central server from the rest of the network. It added that it would remove generic login permissions, which it had offered to members of the community attending school workshops. It also said it would review its logging and auditing procedures.
See original article on scmagazineus.com