Meet the Students Who Might Hack Your Schools

Article Tools
  • PrintPrinter-Friendly
  • EmailEmail Article
  • ReprintReprints
  • CommentsComments

Close your eyes and imagine what a juvenile cybercriminal looks like. You're probably picturing a super-tech-savvy, loner teen typing away in a basement.

But new research concludes that many young hackers tend to have the same qualities as other children who engage in more traditional troubled behavior out in the real, offline world.

What's more, male and female students have different motivations for hacking.

Society has the idea that "a hacker is a lone kind of sophisticated computer user," said Thomas Holt, a cybercrime expert at Michigan State University. He is the lead author of the study, which examines cybersecurity crimes within a broader pool of worldwide data on juvenile delinquency collected in 2007, the most recent year the data could be analyzed.

"But in reality," he said, "hacking doesn't have to be that complicated. It can be guessing someone's password to get into their email account. The entry points appear somewhat similar to traditional delinquency, which tells us that hacking may not be as unique as it's often thought to be."

That means when principals, teachers, and superintendents are trying to figure out which of their students may have the potential to get into trouble online, they may want to focus on not only the tech-savvy youths but also the kids who are getting into problematic behaviors at an early age, Holt said.

School district chief technology officers definitely grapple with the issue of student hackers, said Amy McLaughlin, the cybersecurity director for the Consortium for School Networking. And it's not necessarily a new phenomenon, she added, referencing "Ferris Bueller's Day Off," a 1986 movie in which the title character illegally enters his school's computer system to change his attendance record.

"A lot of the time it's not about being super clever, it's about being opportunistic," she said.

So if a student happens to be a teacher's aide during a free period, he or she may have access to a password and username and be tempted to use it—or be pressured by a peer to do so, McLaughlin said. What's more, there are times when a student might have only intended to have a little fun and break into a school's network without realizing the breadth of what they've gotten access to or what the consequence might be for changing or probing sensitive information.

"Students don't necessarily have all of the decisionmaking capabilities of an adult," she said. "That's why they are still in school."

Boys vs. Girls

Indeed, low self-control is one of the biggest predictive factors in whether students are likely to turn to cybercrime, Holt and his fellow researchers found. That was true for both boys and girls in the study.

Boys are more likely to become hackers if they use drugs, spend a lot of time watching television, or play a ton of computer games. And girls are more likely to turn to cybercrime if they hang out with peers who shoplift or engage in other types of petty theft. They're also more likely to become hackers if their friends like to frighten or intimidate people "just for fun."

That means, for girls, the pathway to cybercrime is "much more about their peer group," Holt said.

Boys are also more likely to hack if they have their own computer or smartphone. That kind of access to technology doesn't matter as much for girls, the study found. And in general, boys are more likely to turn to cybercrime than their female counterparts.

"There may be something unique about being a boy and having access [to a computer] that isn't necessarily there for girls," Holt said. That could be because, back in the 1980s and 1990s, using a computer was considered "boy-centric" behavior, he said.

"We've seen a very small representation of women in the hacker community, and in computer science," said Holt. "It's been a slow sea change."

McLaughlin agreed that educators shouldn't dismiss the potential of girls to engage in cybercrime. There "tends to be a bias that hacking is male activity, and it really isn't," she said. Girls "are just as capable and clever" and, in fact, more likely to "fly under the wire" because of the stereotype that they won't get into trouble online.

Environmental Factors

Other risk factors are environmental, Holt's study found. Student hackers of both sexes are more likely to have parents who are of higher socioeconomic status (meaning the family owns their own vehicle). Or the kids may have had additional involvement in piracy, for instance, obtaining movies online illegally.

Hackers may also be more likely to live in small towns or rural areas where there are fewer activities and less structured time, the study suggests.

Of course, students with little self-control might not be so great at cybercrimes that require a lot of time and effort beyond just guessing a password or finding one written on a Post-It note.

"They may hack; they may not be very good at it," Holt said. "If you're a low-impulse-control kid, you're not going to sit around and figure it out. Kids with high self-control might be more patient" and able to pull off more complicated cybercrimes.

One example of a disruptive cybercrime that didn't take much technical know-how to pull off: A 15-year-old high school student in Riverside, Calif., could face potential felony charges after he tricked teachers into handing over login details and passwords and then used that information to change his and other students' grades, The Press-Enterprise reported.

The student created an account that made it seem as though his emails were coming from a ranking school official. In the messages, he asked teachers for their usernames and passwords for school computer systems. Once the educators turned over the information, the student changed his own grades. He also lowered others' grades and added comments like "sleeps in class," the paper reported. His peers noticed the changes and alerted school officials.

So what can schools do to help mitigate the risks from teenage hackers? Holt suggests educating all students about the issue.

"Cyberawareness campaigns become important," he said. "Some of these simple hacks may be targeting their classmates."

What's more, there's "value in teaching kids that cybercrime will get you in trouble, and here's what you can do to protect yourself."

That advice goes for school staff, too, McLaughlin said. Chief technology officers should monitor their systems for unusual behavior, so they can respond quickly, she said. And they need to train staff to secure their passwords and lock their computers when they aren't in use.

Then there's the big question of what, exactly, to do with students who are accused of hacking their school's computers or other types of cybercrimes, especially of the more sophisticated variety. Cybersecurity experts urge schools to try to redirect these students to healthier and more productive online activities at any early age.

Danielle Santos, the program manager for the National Initiative for Cybersecurity Education, suggested that schools emphasize "the ethics piece" of hacking early on in students' educational careers. And she said schools should provide would-be juvenile cybercriminals with safe outlets to "explore that area of technical expertise that they already have and want to develop."

Schools should connect students who seem to have an interest in cybersecurity with mentors—in higher education and the workforce—who might be able to show them how they could channel their interest into a career, she said.

Related Blog

In fact, experts who study the future of work and technology trends expect that teenage hacking could continue to be a problem in the future. How big a problem? A recent report from the Cognizant Center for the Future of Work suggests that there will be a need for more "juvenile-crime rehabilitation counselors," who try to persuade student cyberhackers to put their technology talent to more productive use, in the not-too-distant future.

"For any student that is identified as engaging in those behaviors, there's an opportunity to help that student make different decisions," McLaughlin said. After all, cybersecurity professionals, with high-paying jobs, are trying to figure out how hackers think so they can thwart them. Students need to learn that "they can leverage and use those skills in a positive and legal way."

Vol. 39, Issue 08, Pages 1, 15

Published in Print: October 9, 2019, as Meet the Students Who Might Hack Your School District
Notice: We recently upgraded our comments. (Learn more here.) If you are logged in as a subscriber or registered user and already have a Display Name on edweek.org, you can post comments. If you do not already have a Display Name, please create one here.
Ground Rules for Posting
We encourage lively debate, but please be respectful of others. Profanity and personal attacks are prohibited. By commenting, you are agreeing to abide by our user agreement.
All comments are public.

Back to Top Back to Top

Most Popular Stories

Viewed

Emailed

Recommended

Commented