Endpoint

5/17/2018
11:25 AM
100%
0%

California Teen Arrested for Phishing Teachers to Change Grades

The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.

Bet nobody in your high school got in trouble for this: a 16-year-old hacker was arrested in Concord, California for launching a phishing campaign to steal teachers' login data and change grades. The student, whose name was withheld because he's a minor, faces 14 felony counts.

His attack targeted teachers in the Mount Diablo Unified School District, who received emails containing a link that redirected them to a malicious site designed to look like the school's portal, according to Gizmodo. Those who clicked the link were prompted to enter their credentials, which were then recorded on the site. At least one teacher logged in and gave the student everything he needed to access the district's IT network and school's grading system.

Once in the system, he raised or lowered the grades - including his own - of ten- to 15 students. Local law enforcement received reports of the suspicious emails and launched an investigation with help from a Contra Costa County task force and US Secret Service. Officials obtained search warrants for IP addresses linked to the malicious site and traced it to the student's address.

This student isn't the first to try to phish his way to an "A." Others in New Jersey, New York, Alabama, and Louisiana have launched similar campaigns.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Google to Delete 'Secure' Label from HTTPS Sites
Kelly Sheridan, Staff Editor, Dark Reading,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2598
PUBLISHED: 2018-05-23
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
CVE-2018-1124
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution ...
CVE-2018-1126
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVE-2018-11396
PUBLISHED: 2018-05-23
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
CVE-2018-8176
PUBLISHED: 2018-05-23
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.