Industry News

Hackers hijack school Twitter account, post photoshopped image of teacher in his underpants

We all know that kids can get up to japes and mischief at school. I myself remember rallying together a crack squad of classmates to kidnap our school’s Christmas tree in 1987, for instance. Chances are many of us have similar tales to tell of tomfoolery.

But now a British school has found itself the victim of an online prank, with its Twitter account hacked and revealing images purportedly of its head teacher posted online.

Twitter followers of Oriel High, a secondary school in Crawley, West Sussex, found a stream of explicit language, claims that head teacher Philip Stack had joined a porn website, and a photo of Mr Stack’s head superimposed on the heavily-tattooed body of a muscular male wearing a pair of tight underpants.


“Round of applause for our magnificent head! Been working hard in the gym and got himself a contract with Brazzers!”

Brazzers, for those of you lucky enough not to know such things, is a popular porn website.

It appears that the school’s Twitter account was broken into in the early hours of Sunday morning, allowing an unauthorised party to post messages like “The Year 9 girls are getting a bit fat. We need to work on them in the gym.”

A message on the Oriel High School website says that the Twitter account has been “temporarily deactivated”, meaning no more mischievous tweets can be published for now.

But clearly the school is unamused by the antics of the hacker, whoever they might be (surely a pupil?), is reported to have contacted the police about the incident.

You might argue that no serious damage has been done, and that this – like I claimed my kidnapping of the school Christmas tree all those years ago – were harmless hijinks of youngsters who would be better spending their time knuckling down to some homework.

But if a Twitter account can be hijacked to mock and undermine a head school teacher, then it could also be abused to redirect to spam sites, to spread malware, or to bully vulnerable children.

In addition, if a hacker takes control of a school’s social media account and locks out its rightful owners, the school may have lost an avenue for sending out important messages to parents.

The man in charge of Oriel High School’s Twitter account is Ryan Sallows, and he told the Crawley News that only a “few adults” at the school has the password to access the account.

Questions should now be asked as to how careful users with the account’s credentials, whether the password was too easy to guess or might have been reused elsewhere, and if additional layers of security might be introduced.

Twitter, for instance, recently announced TweetDeck Teams, which it describes as a simple way to share access to Twitter accounts without sharing passwords.

TweetDeck Teams could be used alongside login verification (Twitter’s version of two-factor authentication) to strengthen security and reduce the chances of accounts being hijacked.

The final word, though, has to go to Debbie Street, whose 14-year-old daughter goes to the school. Ms Street believes that the hacker is most likely to be a pupil:

“Obviously it’s quite out of order and I feel quite sorry for Mr Stack. I don’t blame him for contacting police. If it gives the kids that did it a bit of a scare, it’s done the job. And Mr Stack needs to be seen to be doing something about it.”

“Maybe the school is a victim of its own success with what it is teaching children in computer studies.”

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.


Click here to post a comment