Jeremy Currier was a bright and curious boy. By 12, he was building his own computer. Then came the day that would change his life.
“Literally all I wanted to do was just to see what I can do. That was it,” he said.
He was in the sixth grade and in the library at his Michigan school when he spotted a password and username on a computer.
A few keystrokes later, he had accessed an Excel document containing every student password.
“You don't think in the back of your mind, ‘Oh, this is going to change my life,’ ‘This is going to get me expelled,’ ‘This is illegal,’” said his mother Janet Currier. “They're not thinking that way. They're just not.”
By 15, Jeremy said he and his friends had gained nearly unfettered access to the Rochester Community Schools systems.
“I was able to log into any person's account and grab any information I wanted,” he said. “I was basically an administrator… I could see everything, unlock doors, I could see cameras.”
READ MORE: WFAA reveals the masterminds behind last year’s Dallas ISD cyber breach. And it’s not who you think.
“Students are curious, and for the most part, they are not looking to significantly cause harm or mayhem in a school district by accessing systems inappropriately,” said Doug Levin, who runs the K-12 Cybersecurity Resource Center, a nonprofit dedicated to helping protect schools from cybersecurity threats.
Jeremy was a freshman when he got caught. No criminal charges were filed against him or his friends. He was expelled, and his mother believes unfairly so.
She said she holds their school district accountable for having a system so unsecure even a 12-year-old could hack it.
“It should not be that easy,” she said.
Jeremy, now 18, went to vocational school. He works as an IT professional and has spoken about his experience at cybersecurity conferences.
If you'd like us to look into something, email us at firstname.lastname@example.org.