Children Hacking Their Own Schools for 'Fun', Watchdog Warns

A disturbing trend has emerged in schools across the country, with children hacking into their own IT systems for entertainment or as part of daredevil challenges. The Information Commissioner's Office (ICO) has issued a stark warning about this "worrying trend", which it claims is posing a significant threat to the security of educational institutions.

"What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure," warned Heather Toomey, Principal Cyber Specialist at the ICO. "We are seeing a growing number of cyber-attacks originating from inside education settings, and it's essential that teachers understand and recognise this 'insider threat'."

The ICO has investigated 215 hacks and breaches in education settings since 2022 and has found that the majority - 57% - were carried out by children. The most common methods used by these young hackers include guessing passwords, stealing teacher's details, or exploiting vulnerabilities to gain access to staff computer systems.

One alarming example highlighted by the ICO involved a seven-year-old student who was referred to the National Crime Agency's Cyber Choices programme after being involved in a data breach. The child had accessed sensitive information without permission and was subsequently educated about the seriousness of their actions.

In another incident, three Year 11 students aged 15 or 16 broke into school databases containing personal information of over 1,400 students. They used hacking tools downloaded from the internet to bypass security protocols and gain access to the systems.

The ICO also revealed that one student had managed to illegally log into their college's database using a teacher's details, changing or deleting personal information belonging to more than 9,000 staff, students, and applicants. This breach exposed sensitive data such as name, home address, school records, health data, safeguarding logs, and emergency contacts.

Schools are facing an increasing number of cyber attacks, with 44% of schools reporting an attack or breach in the last year according to the government's most recent Cyber Security Breaches Survey. The ICO is urging educators to take immediate action to educate students about online safety and cybersecurity best practices.

The rise of youth cybercrime culture has been linked to English-speaking teen gangs, with young hackers being arrested in both the UK and the US for high-profile hacking campaigns against major companies such as MGM Grand Casinos, TfL, Marks and Spencer, and Co-op. Jaguar Land Rover recently fell victim to a cyber attack, with hackers claiming responsibility.

The ICO's warning serves as a stark reminder of the importance of prioritizing cybersecurity in educational institutions. As the threat landscape continues to evolve, it is essential that schools and teachers stay vigilant and proactive in protecting their students' personal data and sensitive information.