15-Year-Old Arrested in Canada for Hacking School Website

[tipo]

A 15-year-old teenager from Ontario has been arrested and charged with criminal offenses after breaking into Thames Valley District school board's website and exposing the passwords of thousands of students.

The kid made headlines in the local press two weeks ago, after he openly admitted to the hack. He claims that he did it in order to make a point, after teachers failed to listen to his warnings about the student portal being insecure.

"I did it to prove to people that their information isn’t as secure as they

think, and so they should use different passwords for things, and to get the message across that the website was insecure, because the teachers sure didn’t listen to me," he wrote on Facebook.

Posting a list of passwords belonging to 27,000 high school students online, was clearly not a good idea, as it got the teenage hacker suspended indefinitely from school and arrested.

Many of the affected students took the issue lightly and others declared themselves impressed by the teenager's hacking skills.

"The severity of hacking into someone's computer can't be tolerated and should not be looked upon as being idolized," commented City of London police Constable Dennis Rivest for the London Free Press.

He was charged with intercepting a computer function, fraudulently obtaining computing services, using a computer with intent to commit a computer offense and using a password to commit a computer offense.

Under normal circumstances, these charges carry a maximum combined punishment of ten years in prison. However, in cases involving minors judges have broad discretion over sentencing.

The biggest concern following the breach was that students might have used the compromised passwords for other online services as well. At least one girl reported that her Facebook account was hijacked and abused by unknown individuals, as a result of the incident.

link

[DKT27]

About couple of years ago, one of my friend (aged 13 at that time) hacked into his school's site, defaced it, took some information, showed them that their site is vulnerable and should improve. Didn't misuse any data though. Took me about few months to convince him that black hat hacking is not good. Would also have landed in trouble if he haven't had stopped. This is what happens when knowledge is not absorbed from a right place/source or at a right time.

[HX1]

Well you are right for bringing it up.. and I don't recommend 'punking the world's systems..' but.. Some of this 'Black Hat' hacking is what can keep a developer from making some serious mistakes... and allowing systems and websites from being laid open to vulnerability.. so truth is what you do with what you know.. Black White.. Grey... Rainbow... no hat at all.. Many tools that can be used to enable safety as well as being conscientious about the factors.. instead of not acknowledging the kid and treating him like 'some stupid little boy...' Situation like this.. where that little boy brings down your whole rickety enterprise... In a way I think that he did them a favor.. for all future interactions and the mentality that will now be forced upon those individuals who allowed this situation to exist.. password can be changed.. Identity theft cannot.. which can start with school records.. and depending on the setup... this can bleed through the entire network... an exploitation can be a very bad thing for them..

Kids like this find these issues.. and some of them are the next generation to bring us the next offering and generation of solutions..

They should have conferred.. IMO..

The only mistake I see that the kid made above was posting the information online.. or publicly.. but in a way at his age his reasoning probably lead to thinking that he would be ignored anyway.. And technically when schools claim they are teaching children to be safe .. yet walk around doing the same mistakes they have always made.. and do not comprehend even the simplest of ideals pertaining to it.. HOW in the hell can you really say they are educating anyone.. Just a point.. and to be blind at a verbal warning of knowledge.. and evidence of something to this effect ... Maybe they should charge the school with negligence in handling personal information..