8-Year Old Creates Hack That Allowed Her to Skip Online Classes for 3 Weeks

Mike Piccolo, co-founder and CTO of FullStack Labs, reports on Twitter what his niece has been up to:

@mfpiccolo

The grifter: My 8 year old niece

The prize: Playing virtual hooky permanently (School Zoom calls)

The marks: My sister, my brother in law, the teacher, the school’s computer teacher, the principle and Zoom's support team

The con: How she pulled it off… thread

12:22 PM · Feb 13, 2021·Twitter Web App

@mfpiccolo

Day 1: (Zero Day) My sister has three kids, all are currently in Zoom classes. Mysteriously one day, my niece's zoom stopped working. She went and told my sister who tried for over an hour to get her logged back in but could not. She figured it was a weird glitch.

@mfpiccolo

Day 2: The next day, sure as shit, the same thing happened.  My niece was kicked off and couldn’t log back in. My sister emails the teacher and tells her she is having issues with zoom and she will try to figure it out.

@mfpiccolo

Day 3: Same story. Kicked off and couldn’t login. The error says “Incorrect password” no matter how many times they try. My sister calls the teacher and they spend an hour or so trying to figure it out. No luck.

@mfpiccolo3

Day 4: My sister now takes my niece to her friends house to see if it is something with her internet or IP. Same story. It works but then kicks her off and can’t log back in. This has to be some crazy bug in Zoom. “Maybe her account is flagged?”, my sister (The Mark) exclaims.

@mfpiccolo

Day 5: Issue continues. After hours on the phone with Zoom tech support the techs are completely stumped. They say that the account was locked at some point but my sister knows there has been hundreds of login attempts from multiple locations so that makes sense. (or does it?)

@mfpiccolo

Day 6: Again, same issue with Zoom. The teacher recreates the whole zoom classroom from scratch. All thirty students have to update their calendar invites, re-login, etc.  “This has to work, right??” Nope.

@mfpiccolo

Day 7: Multiple calls to the principle finally gets the schools computer teacher to come out to the house to try and debug the issue on site. No luck.

@mfpiccolo

·The rest of week 2: My sister has essentially given up on Zoom class for her and is now having to fully homeschool her. “At least I get to help you around the house” my niece says innocently. What a sweetheart.

@mfpiccolo·

Week 3: Now my sister is not even trying to have her attend school and is doing one on one homeschool. The rest of the time, my niece is helping out her siblings with their school (or playing if my sister is too busy to make sure she isn’t)

@mfpiccolo·

Yesterday: My sister sent my niece back to her friend’s house where the problem seems to be happening less often. They sign her in and Zoom which seems to be working well for a while. Her friend happens to walk around the corner and sees my niece log out of Zoom!

@mfpiccolo

My sisters friend asks why she did that and she replies “Oh it wasn’t working well so I was trying to fix it.” Skeptical but doesn't want to reveal her hand my sisters friend pretends that makes sense and walks out. The walls are closing in for my poor unsuspecting niece.

@mfpiccolo

My sister’s friend is on to the con at this point. She now secretly watches from the other room where my niece cannot see her. After about an hour on Zoom, my niece can’t take it anymore and executes the con to escape the boredom.

@mfpiccolo

·My sister’s friend watches as my niece logs out, then repeatedly types in the wrong password to her account about 20 times. What my niece had figured out is that when you log in with an incorrect password, Zoom will lock your account for a set amount of time.

@mfpiccolo

The more times you do this, the longer the wait period for you to get back into Zoom. She also noticed that the error that is presented to a user when they are locked is “Incorrect password” and not “your account has been locked”

@mfpiccolo

My niece found the exploit and combined it with her cute 8 year old face, a face that never could tell a lie much less pull off an elaborate scheme to trick no less that 8 adults for 3 weeks straight.

@mfpiccolo

Is it bad that when I heard the story I felt proud more than anything? As someone in the IT industry, let's pray she goes white-hat or we might all be in trouble.

I'm hoping she goes libertarian. 

-RW