Posts Tagged ‘Catherine Venusto’

Hack the School and Find a Job!

October 7, 2012 Leave a comment

Do you remember Catherine Venusto, the super mom who accessed illegitimately her kids’ school systems to change their grades?  Using the passwords obtained while working as secretary for the same school district (Northwestern Lehigh School District), she was able to access the systems 110 times in 2012 (and 2012) changing the grades.

The half-dozen felony counts she was arraigned on as a consequence of her actions, where not enough to prevent other school hackers to follow the same example.

The latest episode happened in Italy (Technical Institute Marzotto in Valdagno, near Vicenza), where a gang of 10 school hackers (including five minors) have been reported for illegitimately accessing their teacher’s computer, stealing the drafts of the tests and in several cases altering the grades.

The intrusions started during the last school year and could have been undetected If the hackers, maybe feeling too much comfortable with their actions, exaggerated with their improvised “prediction capabilities”. In particular, as in the best tradition, the gang included a dunce, whose grades passed from 3 to 9 (on a 10 points scale proper of the Italian graduation system). This was enough to raise the attention of the school principal and the teacher who reported the gang to the authorities.

The subsequent investigation discovered a file script installed in the (unattended) teacher’s computer capable of stealing the password.

There are several questions raising from this episode:

My first feeling is that, although the school is increasingly adopting new technologies, its approach is still obsolete and not adequate to the digital rage of the native digitals. I am afraid this is the classical “tip of the iceberg” and I wonder how many similar episodes are happening undetected.

My second feeling comes from the inconvenient conclusion of this affair: a local company has offered to provide legal assistance to the material author of the tool used for the intrusion (a student of Indian origin), promising him a job in his IT department. This unhappy decision has obviously raised many controversies: is it correct to emphasize and reward similar behaviors? The implicit message is easy: take an illicit “shortcut” and you will be rewarded.

Unfortunately, I believe that such similar shortcuts, which are generally widespread in Italy, played an important role to bring us to our current crisis condition. Hence they should be discouraged from the beginning, and the digital world makes no exception.

July 2012 Cyber Attacks Timeline (Part II)

August 3, 2012 1 comment

Click here for Part I.

The Dog Days are nearly here. Weather forecast are announcing for Italy one of the hottest summers since 2003, and the same can be said for the Infosec temperature, although, July 2012 has been very different from the same month of 2011, which was deeply characterized by hacktvism.

Instead looks like that hacktivists have partially left the scene in favor of cyber criminals who executed several high profile breaches also in the second part of the month: Maplesoft, Gamigo, KT Corporation and Dropbox are the most remarkable victims of cyber-attacks, but also other important firms, even if with different scales, have been hit by (improvised) Cyber Criminals. One example for all? Nike who suffered a loss of $80,000 by a 25-year improvised hacker, who decided that exploiting a web vulnerability was the best way to acquire professional merchandise.

But probably the prize for the most “peculiar” cyber-criminal is completely deserved by Catherine Venusto, who successfully changed her sons’ grade for 110 times between 2011 and 2012.

As far as the Hacktivism is concerned, although we were not in the same condition of one year ago (a leak every day kept security away), this month has offered the massive leak of the Australian Provider AAPT, with 40 gb of data allegedly stolen by the Anonymous.

Last but not least, a special mention for the cyber espionage campaigns, that had an unprecedented growth in this month: Israel, Iran, Japan, the European Union and Canada, are only few of the victims. Iran gained also an unwelcome record, the first nation to be hit by a malware capable of blasting PC speakers with an AC/DC song…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…


Get every new post delivered to your Inbox.

Join 3,788 other followers