High school election hacked by candidate who exploited weak passwords

Dumb passwords can make it all too tempting for dumb people to do dumb things.

High school election hacked by candidate

Berkeley High School in California held its first ever elections for student government last month.

Surprise surprise, as the Westport News reports, things didn’t run quite as smoothly as the school might have hoped.

One day before voting was due to close, there was a sudden surge of votes for one of the candidates running for the position of class president.

Sign up to our free newsletter.
Security news, advice, and tips.

John Villavicencio, the school’s director of student activities, was suspicious that a teensy-weensy bit of electoral fraud may have taken place and – with the help of senior student Robert Ezra Stern – discovered that the candidate whose popularity was rocketing had teamed up with a pal to rig the vote by casting fake online ballots.

Villavicencio and Stern discovered that the suspicious votes had been cast en masse from the same computer, and in alphabetical order – suggesting an automated script might have been at work.

More than 500 phoney votes were submitted in favour of the candidate. The names of the candidate and their cohort have not been released, and it has not been made public whether they will suffer any disciplinary action. However, it is likely they will be compelled to apologise for his actions.

Yes, they should definitely apologise. But when I read just how the phoney votes were submitted I began to wonder if they weren’t the only ones who needed to say sorry:

The cheating candidate, a junior making his second run for class president whose name was not released, had access to a list containing students’ names and ID numbers. Voting in the election, it turned out, was done using a Google form that could be accessed using Gmail accounts issued to students by the district, with a default password that includes each student ID number.

Dumb passwords can make it all too tempting for dumb people to do dumb things.

What’s so wrong with paper ballots anyway?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “High school election hacked by candidate who exploited weak passwords”

  1. Myopia

    what's wrong with paper ballots? Easy… they create work for lazy people. Who wouldn't want to be paid for supervising an election, only to have the work over to Google??

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.