A Californian school has expelled 11 pupils after uncovering a plot in which a private tutor allegedly directed them to change their grades on teachers’ PCs by breaking into them using credential-stealing hardware keyloggers.

Grade boosting is the oldest form of corruption in the school book, but what is reported to have happened at Corona Del Mar High School in Newport Beach is brazen even if the keyloggers similar to those used in the attack can be bought perfectly legally for a few dollars on big-brand websites.

Things reportedly started to unravel in June 2013 when a teacher noticed that grades had been changed on her PC, after which a pupil implicated tutor Timothy Lai. After discovering that hardware keyloggers had been used the school decided to examine a huge swathe of the grades it had awarded for further tampering.

After carrying out forensics that detected more grade-boosting incidents, the school’s management voted to expel a group of pupils claimed to have benefitted.

“While the current student discipline matters have concluded, the lingering effects of the hacking incident at Corona del Mar continue as part of an ongoing investigation,” it said in a statement.

Until relatively recently, the term ‘keylogger’ is something that would have applied to professional cyberattacks on online bank credentials or the like, but a rash of cases have brought to the surface the long-festering issue of malware’s use in small-scale chicanery.

In 2011, a former pupil at another Californian school pleaded guilty to installing spyware in order to boost grades as far back as 2008. In 2012, in a slightly more mundane case not involving keyloggers, a school assistant used her own access to school systems to do the same.

Beyond the school gates, there has been a rash of cases of ‘domestic keylogging’ in which family members use such devices to spy on one another.  This phenomenon is not, then, particularly new but their scope does appear to be growing.They are also being better detected and punished more publically.

The fact that hardware keyloggers are legal is a contentious issue. Some argue they have legitimate uses while others see them as ripe for abuse.  It remains true that one of their attractions is that they are much harder to connect to the perpetrator than might a software equivalent delivered using email.

The Corona Del Mar High School is unlikely to be the last example.