Cat and mouse mischief

Pupil hackers are breaching schools' computer firewalls to access forbidden material.

Pupils are finding ever more ingenious ways to look at forbidden websites and wreak havoc on school computer systems. Using a proliferation of "proxy bypass" websites, they are getting through firewalls and gaining access to forbidden material.

Software and techniques for cracking passwords are also improving, allowing them to hack into parts of the school system that should be off-limits to them.

Networks have become even more vulnerable as pupils increasingly have access via their laptops.

In one school, a teacher found that a pupil had hacked into her email account and sent a message to her boyfriend dumping him.

In another, a Year 10 pupil downloaded software to hack into the system and leave obscene messages on computer screens.

Jeff Haslem, broadband infrastructure manager for Cumbria children's services, said the county had blocked 11,000 such sites in the past 12 months. "It is a game of cat and mouse," he said. "For every one we block, another 10 appear in its place."

Rob Draper, network manager at Sandwich technology school in Kent said there had been a "cascade" of bypassing sites recently.

He said: "There are more and more of them, and children are becoming aware of their availability and sharing information about them by email."

Andrew Smith, the ICT manager at St Paul's RC college in Sunbury-on-Thames, Middlesex, said that pupils were getting better at obtaining administrator passwords so they could hack into different parts of the network.

"At the speed some teachers type, it is not difficult to follow their keystrokes. Or they (the pupils) can download password-cracking software,"

he said.

Peter Watters, director of ICT at Claremont Fan Court in Surrey said pupils saw internet misuse as "something of a challenge".

Simon Bangs, 17, deputy head boy at St Paul's, is a computer expert who advises software companies on security. "Schools are underestimating pupils," he said. "Some are picking up the skills of someone who has being working in the industry for three years or more. It's going to be a battle between the students and the companies building security systems over who can make the better hack or patch."

Researchers from Securus Software, which manufactures monitoring systems, estimate that around 4 per cent of pupils are deliberately misusing the system.

But Steve Gold, a specialist internet security journalist, said that many monitoring systems were beyond the budget of schools and internet managers often lacked the expertise to use them.

"Until there is a major scandal, I don't think local authorities and schools will find the cash to tackle it," he said.

But he warned that most examples of pupils hacking into school networks contain a "human element", not sheer computer expertise. "They do things such as pretending to have lost their password, then watch the keystrokes of the administrator. It would be unlikely that a pupil could hack into a school system purely using their technical skill."

Steven Carrick-Davies, chief executive of Childnet, an internet security charity, said the real solution was to educate children about their rights and responsibilities on the internet. "You can't rely on just blocking and monitoring," he said. "The sanctions for misuse need to be made clear."

For advice on school internet security, go to

Log in or register for FREE to continue reading.

It only takes a moment and you'll get access to more news, plus courses, jobs and teaching resources tailored to you