PAINESVILLE, Ohio — He calls himself Burrito on Twitter, and refers to himself as a "bored kid with a computer." He came up with the name, he says, because "There was one sitting on my desk."
"Burrito" is a high school student who asked us to not to reveal his identity after hacking into the student information system at Riverside Local Schools District in Painesville.
He gained access using an employee’s email account and contacting the IT department to have their password changed.
"It could have been a really big problem if I had any malicious intent. I thought it was kind of messed up, honestly," Burritto explains. "I could see immunization records, kid's medical records, any behavior reports, anybody they were associated with," he said described the information he had access to.
Inspired by the USA series " Mr. Robot" that focus a cyber security engineer who becomes a vigilante at night, Burrito says, all he wanted to do was have the school's IT department review its security which he described as too lax.
For example, when he contacted IT to have the password for the hacked email account changed, he claims, they "Just reset it right away. There was no, can you verify anything, or can you call me from the number we have listed for you?"
The Lake County Sheriff's Office confirms, Burrito didn't access any financial information.
"At this point, it just seems like they gained access to the campus wide email system and sent that email out," says Lt. Robert Izzo.
It's something called a “social engineering” hack, according to Cyber-security experts at TrustedSec in Strongsville.
Tyler Hudak, the company’s Lead of Incident Response says, "A lot of times, the IT departments are just so busy, they automatically respond to those. We've seen these types of attacks happen all the way from the entry level business people in organizations all the way up to CEO's."
Jim Setele, who has a fourth and second grader in Riverside schools, and is also an IT guy with Serpentini Chevrolet, says he's not concerned.
“I think it's just a bunch of, they used to call them ‘kiddy scripters’. And they just go in and do a little bit of digital graffiti like they did," he explained.
And despite the fact the FBI is now involved, Burrito says, he's not concerned either.
"The FBI is probably wasting its time. There's probably riots and stuff like that you can attend to instead of the kid that got into a high school's system."