Case closed, or so it appears. Downingtown police have determined there is no need to further extend the investigation into a hacking incident that affected the Downingtown Area School District and caused a ripple effect among area school districts concerned about their own network security.In May, a 15-year-old student at Downingtown West High School reportedly hacked into the district's server and snagged a copy of a file with information that included more than 41,000 Social Security numbers. In addition, names and personal information of 15,000 students were contained in the file. District officials were caught off guard by the incident even though it was the second time in less than a year it had happened.
The student hacker was charged with theft by unlawful taking or disposition, computer theft, unlawful duplication and computer trespass. Borough police confiscated his computer and flash drive and those of another student, whom police suspected might have received the information as well. The computers were then put under forensic examination by the Chester County Detectives Computer Crime Unit to determine if the files were disseminated. Now that investigators have determined that they were not, the case has been closed - something everyone involved can be thankful for. But there are still a few final lessons to be learned.
The incident caused district officials to beef up their network security and prompted other districts in the area to take a long, hard look at their own security systems. For Downingtown Area, that meant hiring SunGard Corp. to perform an information security penetration analysis and other vulnerability scanning services.
That, along with network analysis work the firm did for the district in July, cost more than $40,000. But that's the price of doing business when you're caught with your pants down and egg squarely on your face, as these district officials were. And even if the case is closed, it appears Downingtown Area officials aren't done yet.
The district continues to follow through on computer upgrades and Web site security, according to Downingtown Area spokeswoman Pat McGlone. The school board approved a new acceptable-use policy, which will require all students and staff to sign a form when they return to school. This policy outlines acceptable computer behavior and what students should do if they suspect a peer may be using a computer inappropriately, McGlone said.
"While we've put the incident behind us, we've certainly learned from it," McGlone said.
And if there's a silver lining to be had in all of this, it's that.
Somehow, we have a feeling it will be a long time before network security is an issue again for Downingtown Area schools.