ICO Warns of Cyberattacks on Schools Caused by an Increase in Student Hackers -

Post Views: 333

ICO Warns of Cyberattacks on Schools Caused by an Increase in Student Hackers

The Information Commissioner’s Office (ICO) of the United Kingdom issued a warning on Thursday that student hackers who are driven by dares are responsible for a growing number of cyberattacks and data breaches that impact educational institutions.

It cautioned that children who break into their school’s computer systems may be preparing themselves for a lifetime of cybercrime and encouraged parents “to have regular conversations with their children about what they get up to online.”

In the 215 insider threat breach reports from the school sector between January 2022 and August 2024, the privacy authority claimed it found “a worrying pattern,” with students responsible for 57% of the occurrences. These instances were probably motivated by “dares, notoriety, financial gain, revenge, and rivalries.”

The warning comes as reports of young, English-speaking cybercriminals participating in cyberattacks have garnered media attention in recent years. Four people, three of whom were adolescents, were detained by the National Crime Agency (NCA) in July on suspicion of participating in a number of ransomware assaults that targeted British retailers.

According to the privacy watchdog, “about 5% of 14-year-old boys and girls admit to hacking, and teen hackers are typically English-speaking males.”

Given that one in five British children between the ages of 10 and 16 has participated in illicit internet behavior, the NCA’s primary goal is to steer tech-inclined kids away from crime and toward lawful initiatives. A seven-year-old was the youngest person the NCA reported having been sent to its Cyber Choices program.

According to the ICO, inadequate data protection measures, such as personnel accessing data without a valid reason, devices left unattended, or students using staff devices, were responsible for some of the 215 breaches in the education sector.

According to the regulator, insiders “used sophisticated techniques to bypass security and network controls” in only 5% of incidents.

Three Year 11 pupils, or around 10th graders, were among the cases the ICO disclosed. They used tools they got from the internet to hack their school’s information management system.

The agency also noted that two of the students acknowledged they “belong to an online hackers forum.” “When questioned, the students admitted being interested in IT and cyber security, and that they wanted to test their skills and knowledge,” the regulator said.

According to the ICO, a student “viewed, amended, or deleted personal information belonging to more than 9,000 staff, students, and applicants” at their college after gaining access to its systems through a staff login in another case that was reported to the police.

According to Heather Toomey, the principal cyber specialist at the ICO, “what begins as a dare, a challenge, or a little fun in a school setting can ultimately lead to children taking part in damaging attacks on organizations or critical infrastructure.”

She continued, “It’s critical that we understand the next generation’s interests and motivations in the online world” to keep kids out of trouble with the law and help them pursue fulfilling jobs in an industry that always needs experts.

Indian Stance on Rise in Student Hackers

As we all have witnessed recently, a number of students have sent Bogus Bomb Threats via email to the official email addresses of various schools in Delhi NCR. We can nicely say that the students of the current era have started exploring several mediums of exposing themselves to the world of dark web and hacking activities.

Hence, in order to test their newly learnt hacking activities, these Script Kiddies test them on the very schools in which they study currently, in the lure of taking a break from their schools without any pressure from their parents, teachers, or principals. Delhi Police and NCR Police of respective states have arrested many students with the same case scenarios and released them later after giving them strict warnings for the same mischief they have performed just for fun.

How To Stop Such Activities from Taking Place?

There are several ways by which a person can nicely stop these activities from taking place, as per a renowned cybersecurity expert, Mr. Mohit Yadav.

Some of them are given below:

Educational Programs

Cybersecurity Awareness: Teach pupils about the ethical use of technology, emphasizing the value of cybersecurity, the repercussions of illicit activity, and responsible internet use.
Ethical Hacking Courses: Give people the chance to practice ethical hacking in a safe and regulated setting. This can direct their attention toward moral endeavors like cybersecurity defense and penetration testing.
Online Safety Workshops: Organize workshops that address understanding privacy rights, identifying phishing attempts, and safe online practices.

Network and Device Monitoring

Network Traffic Monitoring: Install intrusion prevention and detection systems (IDS and IPS) to keep an eye on odd network activities. This can assist in spotting and stopping harmful activity.
Access Control: Use multi-factor authentication or other robust authentication methods for gaining access to school networks or systems.
Firewall Protection: To prevent unwanted access to the school’s internal systems, make sure your firewall setups are strong.
Activity Logs: Examine server, router, and other device activity logs on a regular basis to spot any indications of illegal activity.

Content and Device Restrictions

Limit Script Access: Limit school systems’ access to scripting languages like Python, JavaScript, or Bash unless specifically required. This stops hazardous programs from being launched on the network by script kiddies.
Use Web Filtering: Use web filters to prevent access to forums, software repositories, and known harmful websites where hacking tools can be downloaded.
Limit Administrative Privileges: Limit pupils’ capacity to install or execute illicit software by limiting administrative access to school systems to authorized staff only.

Promote Ethical Hacking and Competitions

Capture the Flag (CTF) Events: Limit school systems’ access to scripting languages like Python, JavaScript, or Bash unless specifically required. This stops hazardous programs from being launched on the network by script kiddies.
Cybersecurity Clubs: Use web filters to prevent access to forums, software repositories, and known harmful websites where hacking tools can be downloaded.
Collaborations with Professionals: Limit pupils’ capacity to install or execute illicit software by limiting administrative access to school systems to authorized staff only.

Parental and Teacher Involvement

Parental Awareness: Teach parents how to keep an eye on their kids’ internet activity and assist them in comprehending the dangers of online threats.
Teacher Training: Educate educators on how to spot and handle indications of hacking or attempts to get around network security.

Legal and Ethical Guidelines

Clear Consequences: Clearly define the school’s rules and expectations for behavior when using the internet. Make certain that kids comprehend the moral and legal ramifications of malevolent behavior.
Report Channels: Establish a way for staff or students to anonymously report cybercrimes or questionable activity.

Technical Countermeasures

Antivirus and Anti-malware Software: To identify and stop any harmful software, make sure all school systems have up-to-date antivirus and anti-malware software.
Encryption: Protect important school data from modification or unwanted access by encrypting it.
Patch Management: Update operating systems, apps, and software frequently to fix security flaws that script kiddies could take advantage of.

Engagement in Positive Hacking

Bug Bounty Programs: Students can disclose security flaws and receive incentives by taking part in reputable bug bounty programs. Encourage them to do so.
Cybersecurity Mentorship: Establish a mentorship program so that students can get real cybersecurity skills and knowledge by working with seasoned ethical hackers.

Psychological Approaches

Create a Supportive Environment: Establish a Supportive Environment: Encourage an atmosphere in which kids are motivated to participate in constructive, upbeat activities. This may lessen the motivation to engage in harmful behavior in an effort to attract attention or elevate one’s standing.
Peer-to-Peer Education: Promote peer-led learning so that more seasoned, older students can guide younger ones in constructive technological endeavors like cybersecurity or programming.

Penalize Malicious Activities

Clear Penalties for Misuse: Provide severe sanctions for students who hack, such as a temporary or permanent ban from using school IT resources and, if required, legal consequences.
Restorative Actions: Instead of only using punitive measures, try to offer students an opportunity to turn their lives around, such as cybersecurity training or ethical hacking.

Ultimately, you can have a fully-fledged Cybersecurity Awareness Session offered by highly credible penetration testers with many years of classic work experience in sorting out many concerns of varied IoT devices among several IT infrastructures in more than 1,200 organizations across the globe. For more info, you can give them a call at their hotline mobile number, +91-9513805401, and have a word with them regarding their best prices for several VAPT Services and other crucial activities as mentioned on the Official Website of Craw Security.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.

₹21 Cr “Goseva Trust” Scam in Mathura Takes Advantage of People’s Trust in Cow Services