Riverside student accused of hacking school computer, changing grades
Riverside student accused of hacking school computer, changing grades
by Brian Rokos
A 15-year-old high school student could face a felony charge after he tricked teachers into providing their computer login information and then changed grades — his for the better and others’ for the worse — according to Riverside police.
The ruse, known as “spearphishing,” is increasingly common, said the investigator on the case, Riverside police economic crimes Detective Brian Money. Computer users need to have their guard up to avoid being victimized, he said.
Money said he has sent a juvenile court petition to the Riverside County Probation Department, asking the boy to be charged with computer intrusion. The student is not being publicly identified because he is a minor.
Money declined to identify the school, but it is believed to be Encore Junior/Senior High School for the Arts in downtown Riverside. Wednesday, Julia Dolf, an administrator at Encore, said she would not answer questions about the grade changing. Thursday, Jessica Meyer, the dean of academics, did not return two voice messages seeking comment left for her at Encore’s Hesperia office, where she was working that day. The school was closed Friday.
The teen created an email account that made it appear that his emails were coming from a high-ranking member of the school’s administration, Money said. The emails requested four teachers’ usernames and passwords for school computers. Had the recipients clicked on the administrator’s name, they would have seen that the extension (such as gmail.com or yahoo.com) did not come from a school account, Money said.
“It’s relying on the fact that folks may not check or scrutinize when a suspicious request is made,” Money said.
But the recipients apparently did not check in this case, Monday said, so they forwarded their login information to the student. The student entered the school computer and altered his grades.
“Oddly, he probably would not have been noticed if he had left it there,” Money said.
But the student also made some classmates’ grades worse and added comments such as “Sleeps in class,” the detective said. Those students noticed the changes and complained to administrators, who then called police, Money said.
It’s unclear what administrators at Encore are doing, if anything, to prevent a reoccurrence. Tim Walker, assistant superintendent for pupil services at the Riverside Unified School District, which chartered the public school, said district officials have not been contacted by Encore. Districts have little involvement in the day-to-day operations of charter schools, Walker said.
Other Southern California schools have been victims of grade-changing scandals in recent years. In 2015, tutor Timothy Lance Lai, 29, pleaded guilty to 20 felony counts of fraud involving a computer after he changed grades at Corona del Mar High in Orange County.
Prosecutors said Lai broke into the school and placed a USB device capable of recording keystrokes on a teacher’s computer. Lai used that information to change grades. Eleven students were expelled.
Around 2011, students at Palos Verdes High in Los Angeles County attached keyloggers to four teachers’ computers after breaking into their classrooms. In 2008, students at Tesoro High in Orange County hacked into computers to change grades. Two were convicted of felonies, and one went to jail.
Spearphishing has been going on for years and often targets victims who transfer money electronically, such as escrow companies. Money estimated that he has investigated a handful of cases in which municipal governments were victimized. The criminal, posing as a vendor or employee, sends victims emails containing an invoice or a request to wire money to an account.
“They just send the money out. Once the money is in that bank, it’s as good as gone,” Money said.
The detective estimated that 90 percent of spearphishing victims could have avoided trouble with one simple step.
“If they are asking for any sort of information — username and password — go low tech. Pick up the phone and ask about it,” Money said. “You have to be a little more savvy than just blindly sending people information.”
All credit goes to Brian Rokos Originally published on https://www.dailynews.com