What if I told you that your kid might be suspended from school for Cyberbullying even though they never did anything of the sort? And now you, as a parent, need to drop everything to prove their innocence.
This is not some teenage movie, nor some trick. What I am about to tell you happened to a friend of mine. It has a happy ending and a few important lessons to be learned about Cyberbullying, hacking (or what is not hacking), and privacy education.
A while ago, a good friend of mine got a call from her daughter’s school, informing her that her daughter is about to be suspended from school for a week.
She was told the following:
- All the kids in her daughter’s class got an assignment and worked online together on a shared presentation in Google classroom
- After the work was completed, someone deleted the presentation and wrote nasty words about some of the kids and the teacher.
- The School determined my friend’s daughter was responsible for this “Cyberbullying” based on Google slide’s editing history.
As a parent or someone hearing that, it’s fair to assume the school is right, your kid did something terrible, and how you react to that depends on the person you are, I guess.
But what would you do when you confront your child about their actions, but they insist it was not them?
After days of calls and emails from school, days during which that girl was still considered the “usual suspect,” this was what was discovered:
- All students have a known format for both username and password, so it is easy to log in as another student.
- Students are not asked to change their passwords. On the contrary, they are asked not to in order to reduce the number of lost passwords the school’s IT department has to handle.
- The assignment was completed from home, and following multiple requests, the school agreed to check the IP. They discovered the ISP (Internet Service Provider) and the location, which led them to a different student, logging in from the same IP with a different username, who was responsible for the changes to the presentation.
This incident was treated as hacking, but this is not a hacking case.
The hacking definition is: “The gaining of unauthorized access to data in a system or computer.”
In this case, no one had to gain the username and password, and they already had it.
The most important take from this story is privacy education, and specifically how to manage your password.
Passwords are not meant to be easy to guess or known to everyone, and we don’t share passwords with friends.
Schools should teach students how to use and work with computers, and they need to teach students the importance of privacy and password protection.
Many are familiar with cyberbullying, using social networks to spread rumors against others.
Children need to know that impersonating another person online, so they get caught and blamed, is another form of cyberbullying.
It is up to us to educate our friends and family on the importance of passwords and why we keep them private. We should also remember that cyberbullying has many faces and forms, aiming to condemn all of them.
About the author:
Chen Siedner has been a cyber security expert for more than 15 years, specializing in anti-fraud, white-hat hacking, risk and product management, and has worked for well-known cyber firms such as CheckPoint, PingIdentitiy, TrustWave, and Cybereason. She is a mother of two, spending her night shifts protecting her family from cyber threats, and her day shifts protecting the rest of the world.