K-12 schools fight to stymie kid hackers

It's enough to make you long for the days of spitballs in the classroom. When today's K-12 students act up, they increasingly are going high-tech by using the school's network to launch denial-of-service attacks, sending harassing e-mails or breaking into databases to try to change their records.

With public schools now widely equipped with LANs and high-speed Internet access, IT administrators have to cope with students who run amok in many ways. Some infractions, such as attempts to get to pornography sites, might force administrators to temporarily yank a child's network access as punishment. But some types of incidents, such as hacking and e-mail threats, even end up with students being booted out of school or in trouble with the law.

"The main problems start developing around 7th or 8th grade," says Lee Sleeper, technology manager at Bullard Independent School District in Texas, which has 1,650 students who get a password and account to access a multi-Gigabit fiber network and the Internet. Each 8th- to 12th-grader also gets an e-mail account.

The network troublemakers - perhaps 5% of the older students - are often bright but have fallen sway to the notion that network misbehavior, especially hacking, is "cool," Sleeper says. "I'm trying to identify the 'little darlins' who are so creative and get them on my side."

Like most school districts in the country, Bullard uses Web-filtering software to block access to inappropriate Web sites, whether it be pornography, games or hate sites.

Students and parents are asked each year to sign an acceptable-use policy, which states that the student won't wrongfully exploit the network. According to the Department of Education, which last month released statistics about K-12 networks in a report, 83% of schools had such contracts.

The Department of Education notes 48% of public schools also let students access the Internet outside of regular school hours.

But just because the Bullard district's students sign the acceptable-use policy doesn't mean all's quiet on the network front.

Students still try forbidden searches. One case Sleeper is trying to sort out concerns a high school girl who says she didn't try to access porn sites - that someone stole her password. Usually, the punishment would be temporarily disabling the transgressor's account after consulting with teachers and other staff, but stolen password allegations make resolving these incidents far more difficult.

Upping the ante

Network hijinks get worse.

"A neighboring school district had a student who miraculously had no absences," Sleeper says. This prompted suspicion among school staff. It turned out the student appropriated a clerical account and changed the school records. The case led to criminal charges.

Sleeper says schools have to teach responsibility and ethics in technology use and offer the tools of the modern world, but in every generation, there are times when "the whole interest in life is in circumventing the system."

Philip Scrivano, management analyst at the Bakersfield, Calif., Fiscal Crisis & Management Assistance Team (FCMAT), agrees. His organization gets state funding to assist California schools through various troubles, including network-related ones.