UPDATE: Post updated at 5:24 p.m. with new information from SPS.
- VIA FLICKR
- A type of key logger
Seattle Public Schools spokesperson Teresa Wippel confirmed that someone has been stealing teacher passwords and altering grades, but added that there was no way to be sure yet it was the handiwork of students.
Wippel said that the district has found out that “grade book grades (not final grades) were changed.” “We do not know by whom … But we know when, and from where,” she said.
Wippel added that the district was investigating the issue. The Stranger reported on an anonymous tip earlier today which included a memo from SPS’s Chief Information Officer Jim Ratchford warning employees about a security compromise to their network log-in credentials.
Wippel said that someone had used key loggers to get unauthorized access to district systems. “These things that they insert into the USB port works the same way as the things inserted into cash machines, so that when the password is entered, it captures every key stroke.”
Wippel said that the first time it came to the attention of the school district was when a teacher at Ingraham High School became suspicious about a password problem 10 days ago. “She was having trouble logging in,” Wippel said. “But we only found hard evidence, as in the actual device itself on a computer at Ingraham, within the last day.”
The district is still investigating the seriousness of the compromise, Wippel said, adding that so far it involved the Easy Grade Pro grade books, which teachers use to enter initial grades. SPS teachers usually use two different kinds of grade books: Easy Grade Pro and eSIS, where parents can log in and see the grades. The eSIS system has not been compromised, Wippel said.
“So the next step is for teachers to double-check their grades to make sure that nothing has been changed,” she said. The district has no idea how many computers have been compromised by key loggers. Wippel said that teachers have separate computer workspaces assigned to them, “but I am sure there’s lots of computer sharing,”
Wippel said that Ratchford and his team were investigating preventive measures to avoid future problems like this. The first thing that they researched involved a security device that would cost $45 per computer. “The preventive measures are pretty expensive,” Wippel said. “We are continuing to research them.”
When I asked Ratchford whether any software-based key loggers had been used, he said that SPS was “in the process of assessing the situation. [We] do not have details at this point and no pictures. We are monitoring the system activity for unusual behaviors. Therefore, no one should be able to access SPS computers without authorization.”
We all know that key loggers are not sophisticated ways to hack a computer. Usually kiosks and lab machines are locked down by group policy which prevents non-administrator users from installing programs. If the district was allowing anyone except teachers to have enough privileges on these machines to be able to install programs like key loggers, then I am not really surprised this happened.


To any students looking at breaking into any Windows computer (with or without Active Directory Service in use) check out Ophcrack and “Offline NT Password and Registry Editor”
That sure looks like a physical keylogger, which doesn’t require any software at all. Even if the machine is 100% locked down, it does nothing to stop a hardware-based keylogging device like the one pictured.
Wait, so the article starts by saying it was a physical device inserted between keyboard and computer, and ends with sagacity about allowing the installation of keylogging programs.
Which is it?
If it was a physical USB keylogger, then the access restrictions on the software end of things would have no bearing on whether someone could accomplish this. It would literally be as simple as running your fingers along the keyboard cable to the back of the pc, and quickly plugging the keylogger inbetween. it just captures the stream that runs along the Data wire and stores it on a little chip to be read later when the dongle is recovered.
@ 3 hi, I have asked SPS to provide more info on what kind of key loggers were used. Will update when I hear back.
This is not complex hacking this is kiddie crap. The school district IT department is surprised by this? This is a joke right? We pay real people in a IT department FOR A SCHOOL DISTRICT who didn’t think this would happen?
Sadly, even with hacked grades many of these kids will be turned away by our in-state universities.
@5, she SAID what kind. USB. They plug into the same USB port the keyboard is using, then the keyboard plugs into them. You have a picture of one right in your article. You can buy them online from Sears.
Hey, it worked for Ferris Bueller.
It just says “inserted into a USB port”. It seems ambiguous. It could be like the one shown (which is just a picture from Flickr, btw), and probably is, but it could also be a thumb drive or something that exploits the autorun feature. I’m not clear on how such a keylogger might work, but it may not even need administrator power to log keystrokes of a non-administrator. They also could have keylogged or socially engineered the password of an administrator and went from there.
But yeah, it’s probably like the one shown. It just goes to show you that physical access to the machine trumps all other security measures. Their towers should probably be locked in their desks so people can’t access the back panel, but technically you could sniff the wire itself, too.
The school district I work in modifies one of the drawers in our desk so the actual tower of the computer is inaccessible to the students. You need a teachers key to open the drawer and it re-locks every time it’s closed.
It’s pretty clear that we’re talking about physical keyloggers, not software keyloggers. They’ve found devices like this, although probably a cheaper brand. Bhattacharjee probably missed the distinction between the two methods.
Someone has to physically retrieve the keylogger from the target computer to harvest the credentials. Who knows if they were using just the one, and rotating it between computers, or if there’s several.
Yeah, when they say “usb keylogger”, and googling “usb keylogger” immediately brings up dozens of examples of a particular kind of device you can buy at Sears or anywhere for $70, and requires no technical know-how or install access or software at all, just five seconds physical access, I think Occam suggests that that’s what it is. Otherwise she would have said “keylogging program”.
A halfway-competent kid could even install that thing while the teacher was watching; just say “oh [tap tap tap] I think your keyboard is unplugged, let me check” and dip under the desk.
Seriously. This (stuff) was on MTV years ago–it was a segment on some program–Pranks and Controversies or something like that.
SPS is dumb, dumb, dumb. A school district in one of the–supposedly–most educated cities in the US, and this is still happening in 2011. (Near Microsoft, et al., no less . . .)