According to local media reports, students at at a Florida high school successfully hacked into computer system in order to send an email about a mandatory medical examination.
And what was the nature of the examination described by the bogus email sent to all males students and staff at Labelle Senior High School in Hendry County? A “mandatory penis inspection”.
Part of the message, which purported to come from teachers and claimed students would not graduate unless their penises had been inspected, read as follows:
Attention All Students and Faculty
Mandatory Penis Inspection
Female students are to disregard this message
TO ALL MALE STUDENTS, STAFF AND FACULTY OF LABELLE HIGH SCHOOL
The district is required to conduct a mandatory penis inspection of all male Labelle High School students in accordance with the Florida Penal Health Code 69.
End of the year penis inspections will occur in RTC.
The mandatory health inspection will be conducted on Wednesday, May 7, 2019, at 7:35pm.
There will be ONE make up day, May, 2019, beginning at 11:00am. All students who have not completed an inspection MUST attend one of these two mandatory sessions. Students will be excused if they miss any classes as a result of the inspection.
Seniors who do not pass an inspection will not be allowed to graduate.
The school’s dean sent an email to parents apologising for what had happened:
We would like to apologize for an email you may have recently received. Unfortunately, someone used LHS mailing lists to send out an email that was inappropriate. This did not come from LaBelle High School and we do not condone this type of behaviour. We are working diligently with IT to resolve this issue and apprehend the guilty individual(s).
I’m sure the pranksters didn’t have malice in mind when they sent the unauthorised message, but it has highlighted that security was not as tight as it should have been.
No details have been shared of how tricksters gained access to the mailing list, but it’s clear that there was a security failure. Either the mailing list contains a vulnerability, or has not been configured to only allow authorised users to post messages to students and staff, or that the account of a user who was authorised to post to the mailing list was not itself properly protected.
Strong, unique passwords and multi-factor authentication would most likely have prevented the student hackers from spreading their cock-and-bull story about a mandatory penis inspection. Other schools might do well to harden their own defences to prevent something similarly unpleasant popping up in their inboxes.