Cyber Incident Victim: Sikar district schools
Date:
Oct 2020
Location:
India
Summary
A man hacked into four schools' servers in Sikar district, issuing unauthorized transfer certificates for 130 students. He later confessed to authorities, alleging the institutions harassed families of children admitted under the Right to Education Act. Using a hidden camera while posing as a guardian, he captured login credentials from school premises, with reports noting the ease of acquiring this access compromised security.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around October 23, 2020, an individual targeted four schools in Rajasthan’s Sikar district by compromising their server systems. The attacker, posing as a student’s guardian, gained physical access to school premises while equipped with a hidden camera. During these visits, he recorded the schools’ server login credentials, later using them to infiltrate the systems. His primary action involved generating unauthorized transfer certificates for 130 students enrolled under the Right to Education (RTE) Act, a national policy mandating free education for disadvantaged children. The attacker subsequently sent written confessions to the Sikar District Superintendent of Police and the District Education Officer, explicitly linking his actions to alleged harassment of RTE-admitted students by school authorities. He claimed the schools pressured families of these students, though no specific harassment methods were detailed in available reports. The breach methodology relied on social engineering rather than technical exploits, with the attacker noting the ease of acquiring credentials through physical access.
The incident disrupted administrative operations across the four schools, necessitating corrective actions for the fraudulently issued transfer certificates. Public exposure of weak access controls—particularly the storage and handling of server credentials—highlighted systemic security vulnerabilities in the affected institutions. While the attacker framed his actions as retaliation against institutional misconduct, the hack constituted unauthorized access and data manipulation under Indian cybersecurity laws. No technical containment measures or forensic investigations were described in available sources, though the confession letters prompted official awareness of both the breach and the underlying harassment allegations. The attacker’s use of a computer expert for planning and a hidden camera for credential theft demonstrated deliberate premeditation, though no accomplices were identified or charged in the disclosed information.