 |
 |
LUCAN, Ont. - He flunked out of a gifted program at a London high school.
Now, he spends almost all his spare his time on computers -- sometimes writing code for new software, other times searching for his father.
He's a 15-year-old hacker, who says this week he broke into the Thames Valley District school board's website in less than an hour, exposing the passwords for 27,000 high school students and the board's weak security system.
"It could have been a lot worse. There were sites where marks could have been changed, personal information exposed," he said Friday in his Lucan home, as the teenage online world buzzed about the security breach.
Instead of breaking into more sensitive sites, he chose one where marks and timetables were revealed but no changes could be made.
"If it had been an employee portal, it would have been completely different.
|
It would have opened up a world of trouble with people able to change marks, personal information exposed," he said.
His point, he added, was to draw attention to what he sees as a problem with the board's weak website security system and its refusal to listen to his suggestions to improve it.
"It was not intended to be malicious, it was intended to get my message across," he said. "I know I will definitely pay a price, but I do not see myself going to jail."
While he reluctantly agreed to be identified, QMI Agency decided not to do so to afford him the same rights he'd receive under the federal Youth Criminal Justice Act were he charged, because police have been notified about the incident.
A slight youth, short for his age but confident-sounding, he said he was at home when, about 5 p.m. Wednesday, he got into the board's site through the Lucas secondary school website.
The hack was done in less than an hour.
He was then called into the office at Medway high school at 11 a.m. Thursday and told he was suspended indefinitely, he said.
He's had no contact with police, but his mother spoke with them, he said.
"I will tell them them the way it is. There is no sense now trying to cover things up. That will get you nowhere," he said.
While the board is reviewing its security, the response from students has been "overwhelmingly" positive, he said.
"I went to school Thursday and a guy came up, gave me a hug and said, 'dude you're a hero'." he said.
His Facebook page is still getting messages praising his actions and he's had more than 100 Facebook friend requests, in support.
"I am a bit like an icon, a celebrity right now," he laughed. "I am glad there is positive feedback. It is almost all universally positive. For kids our age, going against the establishment is a big thing."
The youth has been interested in computers and technology as long as he can remember. But it was in Grade 6 when he got serious about his passion. Even at that young age, he was "writing code" for computer programs, he said.
"I just love it, it is my major hobby. I taught myself mostly," he said, adding he dreams of a career as a software engineer or in the military working in the technology field. He attends Sea Cadets at HMCS Prevost in London.
As for how his suspension went over with his mother, he said: "She's mad at me. Right now, we're not talking much."
He lived in London's Old South before his mother moved to Lucan with her boyfriend several years ago. But he wants to reconnect with his father.
"My dad, I never met him. My mom left before I was born but I am trying to get caught up. He's my dad and I feel like I should. I met my granddad on that side. He seems like a nice person," he said.
Along with searching for family, he's also looking to find his way in the education system he embarrassed.
From JK to Grade 3, he went to Lucan public school, skipping Grade 2. He then went to school in Biddulph from Grades 4 to 6. In Grade 6, he attended the gifted program at University Heights and then in Grades 7 and 8 at Orchard Park, both in London.
He went to Lucas for the gifted program in Grades 9 and 10 and, after failing there, was sent to his home school, Medway.
"I am smart, but I am lazy. I just did not hand in assignments or do homework. I am working now on getting over my lazy streak, but when I sit down all I want to do is go on the computer," he said.
As for the hack, he said he posted student passwords on a link from his Facebook site.
Since many students use the same password for Facebook, Hotmail or even bank accounts, they were left scrambling to change passwords.
"I feel sorry about that, if this affected them somehow," he said. "If someone accessed their information, I apologize -- that was never my intention. There was no maliciousness intended at all," he said.
Still, it's a lesson people should use different passwords for different programs, he added.
The Grade 11 Medway student is now suspended indefinitely from class as the board and London police investigate the security breach.
"It was worth it. I did it to make a point, I told them it was a problem and they ignored me," he said. "I got my message across. The board is reviewing and will put in more security."
He said he was shocked the board didn't encrypt its website pages and passwords, a relatively simple step which would make hacking into it tougher.
"I have made apps for website encryptions -- it is simple, it is not hard at all," he said. "The most simple web developer will use encryption. I am now writing a blog software program that uses encryption, and I am 15."
That computer work would includes helping the board to beef up its security, if it's interested, he said.
"If they ever contacted me about helping with security, I would be glad to help -- you never know."
E-mail norman.debono@sunmedia.ca, or follow NormatLFPress on Twitter.