Montgomery Blair High School's Online Student Newspaper
Sunday, October 22, 2017 9:53 am
Latest:
Tags: print
April 22, 2010

Computer security strengthened

by Warren Zhang, Managing News Editor and Ombudsman
In January, eight Churchill students were caught illegally changing grades of 46 other students. According to Blair systems specialist Anne Wisniewski, MCPS has implemented and in the process of implementing new security measures to prevent similar incidents in the future.

Leah Muskin-Pierret
Students at Churchill obtained teacher passwords which enabled them to edit grades through the county’s computer network.
Wisniewski said that the Churchill students used a device called a keylogger to retrieve the passwords that enabled them to change the grades. "The keylogger looks like a USB drive and runs a program that records everything entered," she said.

One of the new security measures that MCPS would like to implement, according to Wisniewski, is to force staff members to change their passwords over a predetermined period of time.
"MCPS took a long, lingering look at the password policy," she said. "We would like to have more policies, however they can't because [Windows] Server 2003 doesn't allow the granularity to allow them to change their passwords every week."

Wisniewski explained that the current software used by MCPS does not allow system administrators the ability to force password changes for only a subset of the users. According to Wisniewski, this means that if the system administrator wanted to force staff members to change the password, every other user would also have to change the password, unfeasible for elementary school students. "We had to set things up so that they work with kids," she said.

A possible solution to the problem is upgrading county software to Windows Server 2007, which, Wisniewski said, does allow administrators to force password changes only on staff members. "These problems will go away when we upgrade [to Server 2007]," she said. "Right now, we rely on people to change their passwords. People will be forced to change passwords."

However, Wisniewski mentioned that MCPS will be implementing a new program, Oracle myID, soon which will allow system administrators to force password changes for staff members without necessitating an upgrade to Server 2007.

"The software allows you to manage accounts through another database," she said. "It will cause problems for us, but not that many."

Wisniewski said that MCPS will be implementing myID soon and that this program may cause the county to delay upgrading the server software until a later point in time.

MCPS director of public information Dana Tofig said the real issue with the hacking incident did not lie with the county's network security. "The issue at hand is the poor, unethical decisions made by a small group of students to steal information and change grades," he said. "As a result, they brought a lot of unwarranted negative attention to the majority of students at Churchill and throughout MCPS who earn their grades through honest, hard work and determination.

Tofig said that as it stands, the MCPS network is robust and capable of preventing many security breaches. "There is already a tremendous amount of security around all data systems at MCPS and these systems prevent hundreds of attacks on our systems each week," he said. "We will take measures to try to prevent [keyloggers] from running on our computers, but want to do so in a way that doesn't limit the effective use of technology."

According to Tofig, while past grade changing incidents have occurred, keyloggers have never been used. "There have been grade-changing incident at MCPS in the past, but none that I am aware of that used this specific type of technology," he said.

Tofig stated that the students that perpetrated the Churchill hacking incident have received punishments. He also said that this incident has not affect college admission decisions for other Churchill and MCPS students.



Share on Tumblr

Discuss this Article

Silver Chips Online invites you to share your thoughts about this article. Please use this forum to further discussion of the story topic and refrain from personal attacks and offensive language. SCO reserves the right to deny any comment. No comments that include hyperlinks will be posted. If you have a question for us, please include your email address or use this form.
 

  • alumnae3 on March 30, 2011 at 4:32 AM
    If this had happened @Blair, Wheaton, Kennedy, Blake there would so much uproar, the names woulda been released. But bc it happened @ rich anglo wealthy upcounty churchill no names were released.

    At Blair we work our *sssed off to pass, yet still get harped on negatively.
Jump to first comment