School Climate & Safety

Meet the Students Who Might Hack Your Schools

By Alyson Klein — October 08, 2019 6 min read

Close your eyes and imagine what a juvenile cybercriminal looks like. You’re probably picturing a super-tech-savvy, loner teen typing away in a basement.

But new research concludes that many young hackers tend to have the same qualities as other children who engage in more traditional troubled behavior out in the real, offline world.

What’s more, male and female students have different motivations for hacking.

Society has the idea that “a hacker is a lone kind of sophisticated computer user,” said Thomas Holt, a cybercrime expert at Michigan State University. He is the lead author of the study, which examines cybersecurity crimes within a broader pool of worldwide data on juvenile delinquency collected in 2007, the most recent year the data could be analyzed.

“But in reality,” he said, “hacking doesn’t have to be that complicated. It can be guessing someone’s password to get into their email account. The entry points appear somewhat similar to traditional delinquency, which tells us that hacking may not be as unique as it’s often thought to be.”

That means when principals, teachers, and superintendents are trying to figure out which of their students may have the potential to get into trouble online, they may want to focus on not only the tech-savvy youths but also the kids who are getting into problematic behaviors at an early age, Holt said.

School district chief technology officers definitely grapple with the issue of student hackers, said Amy McLaughlin, the cybersecurity director for the Consortium for School Networking. And it’s not necessarily a new phenomenon, she added, referencing “Ferris Bueller’s Day Off,” a 1986 movie in which the title character illegally enters his school’s computer system to change his attendance record.

“A lot of the time it’s not about being super clever, it’s about being opportunistic,” she said.

So if a student happens to be a teacher’s aide during a free period, he or she may have access to a password and username and be tempted to use it—or be pressured by a peer to do so, McLaughlin said. What’s more, there are times when a student might have only intended to have a little fun and break into a school’s network without realizing the breadth of what they’ve gotten access to or what the consequence might be for changing or probing sensitive information.

“Students don’t necessarily have all of the decisionmaking capabilities of an adult,” she said. “That’s why they are still in school.”

Boys vs. Girls

Indeed, low self-control is one of the biggest predictive factors in whether students are likely to turn to cybercrime, Holt and his fellow researchers found. That was true for both boys and girls in the study.

Boys are more likely to become hackers if they use drugs, spend a lot of time watching television, or play a ton of computer games. And girls are more likely to turn to cybercrime if they hang out with peers who shoplift or engage in other types of petty theft. They’re also more likely to become hackers if their friends like to frighten or intimidate people “just for fun.”

That means, for girls, the pathway to cybercrime is “much more about their peer group,” Holt said.

Boys are also more likely to hack if they have their own computer or smartphone. That kind of access to technology doesn’t matter as much for girls, the study found. And in general, boys are more likely to turn to cybercrime than their female counterparts.

“There may be something unique about being a boy and having access [to a computer] that isn’t necessarily there for girls,” Holt said. That could be because, back in the 1980s and 1990s, using a computer was considered “boy-centric” behavior, he said.

“We’ve seen a very small representation of women in the hacker community, and in computer science,” said Holt. “It’s been a slow sea change.”

McLaughlin agreed that educators shouldn’t dismiss the potential of girls to engage in cybercrime. There “tends to be a bias that hacking is male activity, and it really isn’t,” she said. Girls “are just as capable and clever” and, in fact, more likely to “fly under the wire” because of the stereotype that they won’t get into trouble online.

Environmental Factors

Other risk factors are environmental, Holt’s study found. Student hackers of both sexes are more likely to have parents who are of higher socioeconomic status (meaning the family owns their own vehicle). Or the kids may have had additional involvement in piracy, for instance, obtaining movies online illegally.

Hackers may also be more likely to live in small towns or rural areas where there are fewer activities and less structured time, the study suggests.

Of course, students with little self-control might not be so great at cybercrimes that require a lot of time and effort beyond just guessing a password or finding one written on a Post-It note.

“They may hack; they may not be very good at it,” Holt said. “If you’re a low-impulse-control kid, you’re not going to sit around and figure it out. Kids with high self-control might be more patient” and able to pull off more complicated cybercrimes.

One example of a disruptive cybercrime that didn’t take much technical know-how to pull off: A 15-year-old high school student in Riverside, Calif., could face potential felony charges after he tricked teachers into handing over login details and passwords and then used that information to change his and other students’ grades, The Press-Enterprise reported.

The student created an account that made it seem as though his emails were coming from a ranking school official. In the messages, he asked teachers for their usernames and passwords for school computer systems. Once the educators turned over the information, the student changed his own grades. He also lowered others’ grades and added comments like “sleeps in class,” the paper reported. His peers noticed the changes and alerted school officials.

So what can schools do to help mitigate the risks from teenage hackers? Holt suggests educating all students about the issue.

“Cyberawareness campaigns become important,” he said. “Some of these simple hacks may be targeting their classmates.”

What’s more, there’s “value in teaching kids that cybercrime will get you in trouble, and here’s what you can do to protect yourself.”

That advice goes for school staff, too, McLaughlin said. Chief technology officers should monitor their systems for unusual behavior, so they can respond quickly, she said. And they need to train staff to secure their passwords and lock their computers when they aren’t in use.

Then there’s the big question of what, exactly, to do with students who are accused of hacking their school’s computers or other types of cybercrimes, especially of the more sophisticated variety. Cybersecurity experts urge schools to try to redirect these students to healthier and more productive online activities at any early age.

Danielle Santos, the program manager for the National Initiative for Cybersecurity Education, suggested that schools emphasize “the ethics piece” of hacking early on in students’ educational careers. And she said schools should provide would-be juvenile cybercriminals with safe outlets to “explore that area of technical expertise that they already have and want to develop.”

Schools should connect students who seem to have an interest in cybersecurity with mentors—in higher education and the workforce—who might be able to show them how they could channel their interest into a career, she said.

In fact, experts who study the future of work and technology trends expect that teenage hacking could continue to be a problem in the future. How big a problem? A recent report from the Cognizant Center for the Future of Work suggests that there will be a need for more “juvenile-crime rehabilitation counselors,” who try to persuade student cyberhackers to put their technology talent to more productive use, in the not-too-distant future.

“For any student that is identified as engaging in those behaviors, there’s an opportunity to help that student make different decisions,” McLaughlin said. After all, cybersecurity professionals, with high-paying jobs, are trying to figure out how hackers think so they can thwart them. Students need to learn that “they can leverage and use those skills in a positive and legal way.”

A version of this article appeared in the October 09, 2019 edition of Education Week as Meet the Students Who Might Hack Your School District


Classroom Technology Webinar Making Big Technology Decisions: Advice for District Leaders, Principals, and Teachers
Educators at all levels make decisions that can have a huge impact on students. That’s especially true when it comes to the use of technology, which was activated like never before to help students learn
Professional Development Webinar Expand Digital Learning by Expanding Teacher Training
This discussion will examine how things have changed and offer guidance on smart, cost-effective ways to expand digital learning efforts and train teachers to maximize the use of new technologies for learning.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Student Well-Being Webinar
The Social-Emotional Impact of the Covid-19 Pandemic on American Schoolchildren
Hear new findings from an analysis of our 300 million student survey responses along with district leaders on new trends in student SEL.
Content provided by Panorama

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

School Climate & Safety Former NRA President Promotes Gun Rights at Fake Graduation Set Up by Parkland Parents
A former NRA president invited to give a commencement address to a school that doesn’t exist was set up to make a point about gun violence.
Lisa J. Huriash, South Florida Sun-Sentinel
2 min read
David Keene, chairman of the American Conservative Union, speaks during the CPAC meeting in Washington on Thursday, Feb. 10, 2010.
David Keene, the former president of the NRA, promoted gun rights in a speech he thought was a rehearsal for a commencement address to graduating students in Las Vegas. The invitation to give the speech was a set up by Parkland parents whose son was killed in the 2018 massacre at Marjory Stoneman Douglas High School.
Bill Clark/CQ Roll Call via AP
School Climate & Safety Opinion The Police-Free Schools Movement Made Headway. Has It Lost Momentum?
Removing officers from school hallways plays just one small part in taking down the school policing system.
Judith Browne Dianis
4 min read
Image of lights on police cruiser
School Climate & Safety Spotlight Spotlight on Safe Reopening
In this Spotlight, review how your district can strategically apply its funding, and how to help students safely bounce back, plus more.

School Climate & Safety Video A Year of Activism: Students Reflect on Their Fight for Racial Justice at School
Education Week talks to three students about their year of racial justice activism, what they learned, and where they are headed next.
4 min read
Tay Andwerson, front center, Denver School Board at-large director, leads demonstrators through Civic Center Park on a march to City Park to call for more oversight of the police Sunday, June 7, 2020, in Denver.
Tay Andwerson, front center, Denver School Board at-large director, leads demonstrators through Civic Center Park on a march to City Park to call for more oversight of the police Sunday, June 7, 2020, in Denver.
David Zalubowski/AP