PELHAM — A student trying to make the grade at Pelham High School has been disciplined.
The student, who hacked into the school's computer system in order to change grades, was caught. What that student's punishment is remains confidential, according to school officials.
Superintendent Henry LaBranche confirmed the hacking incident yesterday, but would release few details.
A school official familiar with the incident said it involved changing grades and that administrators are looking into whether other students were involved.
"Discipline has been meted out," LaBranche said.
The hacking incident was brought to the attention of school officials about two weeks ago. "I'll acknowledge this taking place," LaBranche said.
The superintendent was reluctant to release more details in order to discourage future hacking attempts and protect school security.
"We have no interest in opening a gateway to students for this to be easy for them," LaBranche said.
"The board was informed immediately and the administration has taken appropriate action," School Board Chairman Brian Carton said.
School administrators are reviewing the attack on the computer system to consider what steps to take, such as upgrading the firewall, to prevent future hacking.
"This reminds me of 'Ferris Bueller's Day Off,'" said Eli Morse, president and CEO of Salem-based Morse Technologies, which consults on computer security with companies and local government agencies.
That 1986 movie, starring Matthew Broderick, has Ferris Bueller hacking into the school computer system to change grades.
"Yes, I've seen this before, not only with schools but among all sorts of industries," Morse said. "Anything is hackable."
Morse wondered whether the incident involved an attack from inside or outside the Pelham system.
"If it was from the outside, you have to devise a firewall to protect against that," he said. "There's a vulnerability at the gateway level."
But there are other layers to security.
"Once you penetrate that, there should be a database that tracks grades, which has its own security," Morse said.
"One of the most common ways kids do this is hopping on the teachers' machines when they go to the bathroom."
An automatic locking process that closes the computer when the teacher leaves it inactive for more than 30 seconds can block that problem, Morse said. Best security practices also include changing passwords every 90 days, using complex passwords — alphanumeric, at least seven characters, upper and lower case — and locking out after repeated password failures.
"Having these in place and enforced is critical," Morse said.
School districts and companies need security policies in place and see they are followed, he said. Morse concedes while necessary, system security is sometimes inconvenient. People forget to change passwords or even the passwords themselves, he said.
"When it comes to implementing them, we get push-back," Morse said.
• • •
Join the discussion. To comment on stories and see what others are saying, log on to eagletribune.com.