Hacking School Computers is a Bad Idea When You're the School Secretary

A school secretary in Pennsylvania faces up to seven years in prison for allegedly hacking into a school district’s computer network to change her children’s grades and snoop into school personnel files and emails.

Catherine Venusto, 46, worked for the Northwestern Lehigh School
District in the administration building.  For approximately six years,
her job responsibilities included creating log-on credentials for school employees
and the district’s superintendent.  According to the area’s local newspaper, The Morning Call

Venusto accessed the school district’s grading database system over 110 times and also viewed district emails and personnel files nearly 12,916 times, said Chief Deputy District Attorney Christie Bonesch.

Authorities say Venusto’s daughter went from a failing grade to a medical exception and her son went from a grade of 98 percent to 99 percent. Venusto claims her son’s grade went from 96 to 99, according to testimony Monday.

Apparently, Venusto had continued to use the superintendent’s log-on even after she left her job with the district, which tipped off other school personnel to the suspicious activity.

District officials had earlier suspected something was wrong when a high school principal called to report that some teachers were concerned that the superintendent was accessing the grading system to look at their grades. Authorities said it turned out it was Venusto, not the superintendent, Mary Ann Wright.

After leaving the district, Venusto went on to hold jobs at the East Penn School District and home shopping network, QVC.  When authorities investigated the matter, they obtained court orders to gather information from the internet provider and traced the access activity back to three computers: Venusto’s home computer, East Penn School District and QVC.

Technically, this isn’t a typical “hacking” in the formal sense of the word, as the former secretary accessed the system using valid log-on credentials.  But it does qualify as unlawful use of that access.

Venusto, who claims she did not know her actions were illegal, pleaded guilty on Monday to two counts of unlawful use of a computer and computer trespass.  She will be sentenced next month in a Lehigh County Court in PA.

Note to school districts: When the employee who creates log-ons for access to your network leaves her job, you might want to consider changing relevant passwords.