Felony Charges For H.S. Hacking

jayrtfm writes "Last year the Kurtztown Area High School approved a program which gave every student an iBook. Now 13 students face felony charges for violating the district's usage policy." From the article: "Shrawder said the secret password '50Trexler,' was widely-known among the student body and distributed early in the school year. It allowed between 80 and 100 students to reconfigure their laptops, he said. The more computer-savvy students began to disable the administrations' ability to spy on the students' computer use. For others, it became a game, trying to outsmart the administration and compete with fellow students who held the secret, Shrawder said."

Lets get the facts straight

[LogicX (8327)]

This news was also reported in the Reading Eagle/Reading Times. [readingeagle.com]

In that article, it was said that the students were accessing porn sites, and HAD infact hacked the administrative network.

However, living in this area, I feel it necessary to point out that the papers around here can't handle technical articles, and and usually get the facts wrong. For all we know, they got the admin pass, and disabled the proxy (which was likely the n2h2 Bess Proxy [n2h2.com]), and all of this is being blown out of proportion.
Once more facts become clear, maybe we'll learn why the rest of the 80-100 students weren't charged.

I attended and worked IT for Conrad Weiser Area School District [conradweiser.org] which is about 20 minutes away from Kutztown, where we had the BCIU [berksiu.org] come in to do a lot of work on machines. The BCIU is clueless, and security is their lowest priority. It wouldn't surprise me at all if the BCIU worked with Kutztown High to setup this network, making it all the easier for these kids.
Also, here are the nyud mirrors of the links:
FAQ [nyud.net]
Kutztown Area Patriot Article [nyud.net]
Laptop Initiative [nyud.net]

Re:Lets get the facts straight

[Geoffreyerffoeg (729040)]

As a high-school senior who's managed to avoid getting in trouble for computer stuff, I'd like to share my experience.

If you want to bypass any restrictions, find out if the teachers mind. Many times they won't. (I was once asked to send an e-mail from school, and our school filters block all webmail..or at least they think they do.)

If you end up doing something that you think they won't mind but they do, as soon as they say something, apologize, and stop doing that. And it helps to show yourself as a white hat ahead of time, so they know you're not solely trying to break their security.

If you're doing something that you know they mind, reconsider why. Is this something you can't do more safely from home, or from a public library or Internet café?

If you're looking up porn from school, you're a ****ing idiot. Same goes if you're breaking into important stuff for the fun of it.

Re:Lets get the facts straight

[nkh (750837)]

If you want to bypass any restrictions, find out if the teachers mind. Many times they won't.

And they won't mind either if they don't understand what you want to do. The problem comes when they understand what you told them and it's too late. You'll be the only one who "touched the computer", you're the only one who "knows how it works": you're responsible. I suggest that you ask for some kind of paper signed by a teacher before doing anything. I know I'm too much paranoid but it's always safe when you have a physical proof to show when something bad happens.

Re:Lets get the facts straight

[Durandal64 (658649)]

Back in my senior year of high school (wow, 4 years already), we were doing a stock market competition in my government class. We used some sort of website portal, and my partner and I were actually doing fairly well. This was at a time when nVidia stock was shooting way up, so we were buying it. But we both forgot the password to our account over Christmas break and wanted to get in.

So I got wise and spoofed an e-mail to the administrator of the system (can't remember how I got the guy's e-mail address), forging the header to look like it was from my teacher. I (posing as the teacher) told him that a couple students had lost their password, and I needed it e-mailed to a hotmail account I'd set up. I put in some excuse about how I was going to be on the road and unable to check my regular e-mail address. This was actually true. My teacher told us he wouldn't be able to check his e-mails during the break because he was going to Colorado or something.

The guy bought it. He sent my password to the Hotmail account I'd set up. Not only had he sent my password, though. He'd sent everyone else's too. And to make matters worse, he'd CC'ed it to the teacher's real account ... with the quoted text from my forged e-mail. Wonderful. I was in deep shit.

So there was no way out. My name was on the original e-mail, and it wouldn't take a genius to figure out what happened. So I copped to it. I e-mailed my teacher, explaining the whole thing, and waited the entire break. I got to class, and my teacher just told me, "Got your e-mail. It's cool." And that was it.

I risked a whole hell of a lot to save some time for a stupid game. And I got lucky that my teacher was merciful. The worst part is that I was so set on going the 1337 route that I never considered that, with the administrator's e-mail, I could've just requested my password as myself!

So I got a free lesson there. In short, I agree with you. Teenagers don't listen to this kind of stuff though, because of course, it'll never happen to them. And if it does, they'll get lucky like me. Good thing the law doesn't hold minors accountable for their decisions.

Re:Lets get the facts straight

[Austerity Empowers (669817)]

You can be more rebellious, doubly so since you're a senior.

Altering the OS of your school provided laptop is probably not illegal, depending on what exactly you do. Unless you're unleashing a virus or destroying hardware, I really doubt anything will stick. I'm guessing this is the kind of thing the ACLU would help you with if you actually got in trouble.

Accessing material over the internet by using existing holes in school firewalls/proxies is NOT illegal. Most of us do it all the time at work because our IT departments are insane (but leave port 80 open with a proxy to censor us...may as well just leave them all wide open). Anyway unless you are attacking their network (router, firewall, proxy) in some way, it's not illegal or even immoral.

Now hacking in to their network, changing grades, destroying machines, altering network configurations, that's all illegal, immoral and just plain mean spirited. As with any other crime however, you should absolutely not admit to anyone what you've done without the counsel of a lawyer. This goes for any crime, even a speeding ticket. You have the right to remain silent, use it. Even if they promise to let you off, bring in a lawyer. Never play around with such things, I know some honest people who thought they were doing the right thing and got it handed to them. The right thing is to remain silent.

The more money it costs to enforce idiotic network policies and excess legal entanglements, the less likely anyone is going to want to be involved with it. If it isn't actively hurting someone, then I think after this neo-fascist insanity passes, people will ignore it.

Re:Lets get the facts straight

[Grym (725290)]

Altering the OS of your school provided laptop is probably not illegal, depending on what exactly you do. Unless you're unleashing a virus or destroying hardware, I really doubt anything will stick. I'm guessing this is the kind of thing the ACLU would help you with if you actually got in trouble.

Exactly. Unless you actually stole/damaged things--they'd be hard-pressed actually go through the trouble of ruining your life. It's this very fact that saved me back in the day.

Back when I was a senior in highschool (Class of '02), there was a computer-geek rebellion which I, by some strange twist of fate, found myself leading. It all started when the county bought some really nice computers for the fiber optic computer lab. Some of us got the bright idea to bring in cracked copies of Quake 2, Tribes 2, Unreal Tournament, and a bunch of other games to play during lulls in the classes. Most of the teachers didn't care. In fact, one of them even used "game time" as an incentive to get his lackadaisical senior students to do their assignments--with a lot of success I might add.

Then one of the hard-nosed teachers found out and made a habit of deleting the games. Of course, this was easily overcome by making copies of the game files locally and adding a few ifexist lines to the autoexec.bat of every machine to recreate the game should it be deleted. This worked for awhile until the county computer techs were called in to "See what was wrong."

Hoping to keep games off the computers, the county bought Clean Slate [fortres.com], a program used to lock down pre-XP computers. On the surface, the program seemed pretty tough. *All* changes/files created were removed every time the computer was restarted and only authorized programs were allowed to run. Of course, the BIOS was set as HD first to prevent bootdisking. The program was a huge hassle to both students and teachers alike.

This was first overcome by: 1) corrupting/resetting the BIOS [bioscentral.com] 2)bootdisking in 3) REMing out the relevant lines in the autoexec and windows startup files. This entire process took approximately 20 seconds once you got good at it. And we did get good at it--there were over 300 computers in the school and every computer was unlocked (oftentimes the same day it was locked down). Unlocked computers were set with a blue background to indicate that they were fixed.

Eventually we wised up and just installed a keylogger on one of the computers scheduled to be locked down. Sure enough, you had to type in the password every time you installed the software. With the password (which worked throughout the school), many people actually used Clean Slate to protect the games from being deleted--which was just beautiful.

Figuring out what we were doing, they started to Norton Ghost the computers so that a direct install and password entry was not required. They also correctly configured Clean Slate so the BIOS couldn't be so easily corrupted. This too was eventually circumvented when we found out that Clean Slate is unable to apply its file protections to Novell Netware shared drives. If worse came to worse, and you had enough alone-time with the computer, you could always remove the case and reset the BIOS password with the pin.

Throughout this whole process, there was one rule among those involved: DO NOT DAMAGE THE COMPUTERS. Do not delete the Clean Slate files--only disable them. Do not put porn, ect. on the computers.

This turned out to be our saving grace. Eventually the computer technicians got fed up with our school. The network usage for our school was something like 30 times other schools in the county. Of course, all of this was occurring when the county was assuring the state that its computers would be ready for the new computer-based Standard of Learning (SOLs) tests. Bad timing. Entire meetings of the county school board were apparently based upon the

Re:Lets get the facts straight

[raju1kabir (251972)]

Anyway, we were all learning to program and one of the more savvy programmers wrote a program to calculate PI and store the results to the HD. Once he finally got it working he wanted to try to run it on the server as a benchmark. Well, we were all new to programming and it turned out that the program used an infinite loop and wrote directly to the HD. Yes, that's right, it accessed the HD directly, on the hardware level.

I call BS. This is the most implausible story I've ever read in all my long years of reading people's stupid made-up stories on Slashdot.

Re:Lets get the facts straight

[ComputerSlicer23 (516509)]

Quick lesson in how the law works.

You can't commit a felony by breaking a contract. You can be found in breach of contract in a civil court for breaking a contract. You go to court to have a them help figure out what the restitution for failure to comply with the contract. A lot of the times, the penalites are spelled out in the contract.

So, being charged with a felony has absolutely nothing to do with any type of paperwork you or your parents signed. In order to be charged with a crime, you have to violate a criminal law.

There are so many silly laws about computers, that I won't be shocked to find out that there is some law that could be used against someone who isn't supposed to gains administrative access to a computer.

Kirby

I just don't get it

[Pxtl (151020)]

What is it that causes legal-types to completely lose their marbles whenever anything high-tech happens? This seems roughly the equivalent of doodling in a textbook (in eraseable pencil) and sharing a Maxim magazine around in the halls. Hardly a felony.

The same thing..

[CyricZ (887944)]

.. the same thing that caused many Americans to lost their marbles after Sept. 11: FEAR caused by a LACK OF UNDERSTANDING. These politicians do not understand technology, hence they fear it with all their might. And the legal response by politicians to fear is to pass fucking moronic laws.

Re:I just don't get it

[tolkienfan (892463)]

Unfortunately, under the law, accessing a computer system without authorization is a very serious crime.

And furthermore, the courts have decided that violating an acceptable use policy amounts to accessing the computer without authorization.

Worse, it is accepted within the courts that an existing "terms of use" or whatever does not have to have been read nor accepted for it to be enforceable.

It is presumed that such a policy exists, and it is the burden of the user to find and read it.

It sucks!
I am not a lawyer, this is not legal advice

Re:I just don't get it

[MillionthMonkey (240664)]

What is it that causes legal-types to completely lose their marbles whenever anything high-tech happens?

They don't know how to parlay the common sense they use in the real world to a virtual realm with which they are unfamiliar.

Plus, the professions they are in are usually dominated by "guardian" personality types. [keirsey.com] Such people tend to be comfortable with rigid interpretations of language and law, so if something falls under the rubric of "hacking" they will pigeonhole it as one specific type of behavior. Their reaction to it is determined not by the details of the behavior itself, which they may or may not understand, but the pigeonhole they have classified it into. Hacking is hacking. Hence the old saying that "the law is an ass."

When Mitnick was arrested the cops wouldn't let him have a phone. They thought he could launch nuclear missles by whistling into a phone at specific frequencies.

In-house punishments please!

[garcia (6573)]

"I knew it was against school policy," he said. "But I didn't know it was a felony."

Of course they didn't. You know why? Because, "Students who violate the computer policy will be disciplined" does not imply that criminal charges will be filed. It implies that the students could receive in-school sanction.

This is a bunch of hyped up and unnecessary bullshit. If you're going to give laptops out you better bet that they are going to be used for unintended purposes. By bringing criminal charges you are doing nothing but wasting even MORE of the taxpayers dollars for something dumb.

Discipline them in-house (like they did to us in high-school - made us sit in the hot school all summer doing NOTHING - it's worse than paying a fine and doing community service)

Re:In-house punishments please!

[garcia (6573)]

You probably aren't in school anymore. Most usage policies that I've seen explicitly state something along the lines of 'criminal computer damage' or 'charges may be filed'.

You apparently didn't read the District's Usage Policy. In fact, I know you didn't or you wouldn't have questioned me. Let me help you:

From their FAQ [kasd.org] which was linked in the Slashdot blurb.

Will students be able to install software on the laptop?
No, students installing software on school owned computers is a direct violation of the KASD Computer Policy. Students who violate the policy will be disciplined. All of the software necessary to integrate the laptop technology into the curriculum will be installed when the laptop is issued to the student. Security monitoring software will be used on all of the computers to assure that software is not loaded on the laptops. See the "Software" webpage in regards to the software installed on each laptop.

Will students be able to email, chat, and play games on their laptops?
Chat, IM, games, and email software will be removed from all computers. Student use of email, chatting, IM, and game playing is a direct violation of the KASD computer policy. Students who violate the computer policy will be disciplined.

What will the school do to help prevent students from going to inappropriate sites?
The KASD has a software/hardware product which is designed to help monitor all Internet sites that students attempt to access. This software/hardware blocks inappropriate sites and also logs a history of every site that each user opens. Students who attempt to find inappropriate sites will be disciplined. The current KASD content filter meets CIPA guidelines.

Just to be sure that I didn't miss anything I read it twice. Nothing in there about filing criminal charges.

Obviously I don't need to be in school anymore as I can read *and* comprehend.

Re:Know what I'd do?

[symbolic (11752)]

I'd hand it right back. "No thanks".

The students had a wonderful opportunity to show what a complete failure such draconian policies can be. But, just like with illegal file sharing, they'd rather push the other way, and end up further behind than when they started.

password

[bnitsua (72438)]

I hope they had the sense to change their password...

It was an asinine password anyway

[Roofus (15591)]

Let's see, the postal address of the district office is.....50 Trexler Ave!

50 Trexler Ave.
Kutztown, PA 19530

Excellent, nobody would ever think of "50trexler"

Re:It was an asinine password anyway

[Dhalka226 (559740)]

50 Trexler Ave.
Kutztown, PA 19530

I originally read that as "Klutztown." I was laughing at the irony when I realized my mistake. What a let down.

As I read the article...

[notsoanonymouscoward (102492)]

I just kept thinking "Enders Game" !!!

Aha!

[AEton (654737)]

Skavinsky consulted with the Berks County District Attorney's office and recommended charges of "Computer Trespass," in violation of PA criminal code section 7615, which carries a third degree felony charge.

The best way to get poor laws changed is to enforce them strictly.

Locked down laptops...

[LostCluster (625375)]

From the FAQ... Will students be able to email, chat, and play games on their laptops? Chat, IM, games, and email software will be removed from all computers. Student use of email, chatting, IM, and game playing is a direct violation of the KASD computer policy. Students who violate the computer policy will be disciplined. These were school-owned laptops for approved uses only, and with a pretty tight leash on what could be installed.

Re:Locked down laptops...

[Pxtl (151020)]

Unfortunately, said leash was made of paper. Nobody's arguing that the kids were in violation of school rules when they hacked their own laptops - what we're arguing against is that a) the school is filing felony charges for a discipline issue b) the school is charging the students instead of their security people, and c) there exists felony charges that can be applied to such a minor crime.

Stupid

[Bones3D_mac (324952)]

Why are they giving these children felony charges for being intelligent enough to see through such pathetically weak security? At the very least, the school should have assigned each machine a separate password based on serial number.

In all seriousness, if they really wanted to ensure security on these systems, they shouldn't have allowed the students to take them out of the school.

Idiots.

[FireballX301 (766274)]

I don't agree that it's a felony level offense, but...

I'm a student computer tech at my high school, since the school is too cheap to hire a full time technical staff. You wouldn't believe the amount of times I was asked for the local administrator passwords to the campus computers, just from people who wanted to 'mess around'.

The main problem is twofold: first, that the school doesn't want to be held liable for any 'bad' content (the obvious part), and that IT MAKES MORE WORK FOR ME. The admin password was leaked many times, and you wouldn't believe how many times I've had to either reformat computers or wipe Kazaa/Steam/random emulators from computers where students wanted to mess around. The worst part, when some of them tried to remove SynchronEyes (our 'spy' program), they were so incompetent with what they were doing that they ended up fuxxing the domain privileges and rendering the computer inoperable on the network. We rarely, if ever, monitor student activity, since we don't have enough staff.

If you want to mess around or do anything 'cool' with a computer, DO IT AT HOME. If you're at school, use the computers for school work. It's not a game as to how much work you can cause for the local techs and admin, the computers are always for WORK. If you go ahead and make it a game, we get VERY pissed at having to clean yet another computer.

Or better yet, do what I did and join the tech support staff.

@#$@# Educators!

[salesgeek (263995)]

Am I the only person here that thinks that it is the most flimsy form of chintz that educators use the legal system and literally ruin students futures over something so minor as this...

Wait a minute - the administrators have to show them who's in charge... and having the cops do their enforcement... that'll show them.

Unanswered question

[LostCluster (625375)]

What did the 13 who got charged do differently that made them stand out from the "80 to 100" students who used the compromized password?

Secret? LMAO!

[Oldest European (886715)]

"Shrawder said the secret password '50Trexler,' was widely-known among the student body..."

If it's widely-known, how can it be secret? ;-)

Incorrect Story

[Manip (656104)]

Should read ... - "For the administrators to monitor the students computer usage and for students that held the secret password to monitor one another. In order to keep the student's privacy safe while using the badly configured laptops the students had to get in and change the password. Upset by the fact they where made to look like noobs the school district are now bringing charges on all students that changed the password. When ask for comment the network admin had to say "I have an MCP, I think I can configure some laptops securely, the students are just messing with stuff using illegal haxor tools that they downloaded off P2P, I have contacted Microsoft, Apple and the MPAA about them!""

Wow....

[cato kaze (770158)]

As a high school senior in pennsylvania who has done things similar to those being described in the article, I'm worried. Before, my school district basically just slapped a student on the wrist for things like this, but I have the feelings that students in EVERY school district in the state are in trouble if schools start prosecuting because they are too stupid to handle anything technologically with reason. Hell, a kid in my district got 12 days out of school suspension for getting around the BESS Proxy wheres a kid who ripped a hunk of flesh off of another one's chest got 2 days in school suspension. People are fucktards...

Yeah, right

[P0ldy (848358)]

TFA:

"I don't know why this is such a big deal," he said. "At no time was the security of the server breached, and I don't know that it has cost the taxpayers any money."

A server breach does seem pretty impossible. Considering the complexity of the password and how few people knew it, it's doubtful they wouldn't know if the server was breached anyway.

What were the technology adminstrators doing...

[gozar (39392)]

The administrative password for the machines was 50Trexler.... Ummm, where did this come from? Why it's the address of the high school!

I'd be nice to know the laws broken

[standards (461431)]

It would be nice to know exactly what law was broken here. Remember, "breaking school policy" is not the same as "breaking the law". Only the legislature(s) can make law.

And so to claim a felony, they're claiming that some law was broken. Why can't anyone describe that law?

I heard the kids were reading Slashdot. Waste of time, those poor souls already lost....

Thoughts from a parent

[ExTex (777901)]

If one of the accused was my kid, I'd have a lawyer at the courthouse Monday morning with all of his knives sharpened. School boards and principals love power and tought talk. The point where the rubber meets the road is when an equal or higher power responds with bigger guns. A well connected and/or wealthy parent on a mission is their worst nightmare. I'm guessing that the accused children have been well chosen based on having parents who will either capitulate or don't have the resources to fight. Still, it won't be long until lawyers start getting involved on behalf of the accused children. The school officials are on thin ice when they start intimating that these students are somehow fellons by running sideways of a "usage policy." School records of children are strongly protected by federal law and by nearly every state law too. By accusing these minors the school is possibly breaching certain areas of student privacy, plus setting themselves up for a slander or libel suit. Minor children can not enter in to a legal contract. Conversely, they can't be in breach of a contract. You just can't be a felon for breaking a school rule of not using a computer in the way you were asked. By the way, committing assault, battery, and other violent acts are not the breaking of school rules. They are breaking established state and sometimes federal criminal laws. The school district needs to remember that they are a public entity that is likely subject to open records and sunshine laws of their state. Wait until the right parent seeks a court order to have a looksee at some of the administrations' machines and records. I have to think that the local prosecutor and police want no part of this game and will turn on the school at the earliest chance.

Re:Thoughts from a parent

[ExTex (777901)]

I'm unfamiliar with the term "asshat" but I think based on the context of your post I get what you are saying. My hypothetical reaction is based on the absurdity of the situation. Charging a child with a felony for a transgression that would be best punished by at least a detention and possibly a suspension, is a far greater issue. Fighting a felony charge would cost real money and the stakes for the child as well as the family would be sky high. A felony conviction for a minor would be an awful thing t

Nobody likes looking stupid

[idiot900 (166952)]

I remember being in high school and encountering this sort of thinking. It hasn't changed in several years, apparently.

I think the school staff know exactly how inconsequential the security breaches were. But nobody likes being made to look stupid - especially by kids many years your junior. These students took advantage of security problems that never should have been there in the first place. Certainly the students were wrong in what they did - no question about that. But making this into a felony issue is a defensive move on the part of the school to divert attention away from how badly they did their job.

On another note - apparently the school had $900,000 to spend on this. Why couldn't they afford a competent IT person to run it?

Stupid.

[BigZaphod (12942)]

I posted the following awhile back on slashdot, but I think in some ways it bears repeating here. Not because it is amazingly unique or insightful, but more because I learned a ton by screwing around with computer--sometimes school-owned ones. And I think I'm the better for it. If I did this kind of stuff now, I'd probably have been in jail at the age of 16 or something. This trend needs to change.

----

There was a lab that I used to hang out in. Being one of the few geeks in the school, I pretty much had run of the place. The teacher who oversaw the lab encouraged creativity and ingenuity. Sometimes he'd get pissed with something I did, but in those cases I just fixed it and moved on. This kind of activity, over a year or so, ended up earning his trust as I would also fix the odd problems with windows/autocad and such that would crop up.

Eventually I became the de-facto admin for that entire lab. During my required study period he would give me a pass to hang out in his lab--sometimes even when other classes were in there. Talk about heaven. I had the run of a computer lab that was networked. It was like being a king. :)

Around my junior year or so, they replaced the computers in the lab (aging 386/486 era machines with DOS, mostly) with shiny new Pentiums running Windows. For a few months they were basically just open and normal Windows machines. I think they even had Internet access. This was, of course, a total disaster. The net was new, then. People didn't have it at home. They downloaded anything and everything. Porn, viruses, music, etc.

The result was an *cough* admin *cough* who ended up being in the room almost everyday for awhile. He would spend his time poking around in control panels and "fixing" the computers. Eventually he must have gotten sick of that because they hired a local consulting company to come in to secure them all. Pretty soon the whole place was all passworded up with all these layers of cheap third party locks, etc.

I broke all of them--with full (unofficial) support of the teacher who taught in the room. They had tried to lock the systems down so much that half his programs wouldn't work right anymore. He had endless problems with students just trying to save their completed CAD drawings. I made a lot of those problems go away by circumventing the security, showing him how, and then giving him pointers to try to minimize the visibility of the hole so that other kids and the admin dude wouldn't find it. Not perfect, but it helped.

After some time of this the teacher pulled me aside one day and tells me in a reasonably loud-so-that-others-near-by-can-hear voice that I need to be careful because Mr. Admin is getting pissed that someone keeps getting into his expensively secured systems and he's going to try for suspension of that person when he is caught. Of course nearly every one of his students knew it was me--but they weren't going to talk. I had helped them all out of computer jams at some point or other. So after doing the semi-public speech, he later pulls me aside in private and says, "Hey, keep doing what you're doing. I'll make sure they don't do anything to you. Those bastards are making my life such a living hell and they won't listen to my needs that I've given up trying to deal with them. You at least make it possible for me to teach my classes."

So of course after the next round of "security upgrades" I was once again on the job. Eventually I figured the way into the system and changed all the screen savers to be the marquee one and had it read, "Ha ha! I got in Mr. Security Guy!" Hoo boy did the shit hit the fan. I was shielded from it, but the teacher just loved it. The admin dude was pissed. The consulting guy was there almost everyday for like 2 weeks. My teacher would just smile and nod. Eventually they locked it down pretty heavily, but by this point I was a senior and I was graduating early and was out of there.

Those were some good times. Seriously, though, I swear that in this

Nerdy anecdote

[5n3ak3rp1mp (305814)]

So it was freshman year in Cornell, 1990, and I had doubly no hope of getting laid, being a freshman and also a geek guy, the one girl on my floor that I had a crush on ended up dating some jock, so I fell in with a group of cool malcontent geeks who liked to play early Mac network games looong before they existed on PC's (all hail Spectre, Bolo, and NetTrek 3!) and got to breaking some rules.

At the time, Cornell was Mac-dominated (oh, happy memories) and the Upson lab had a network of IIci's just waiting to have their security hacked. I forget the tool that was used, but we figured out that it stored the password in a certain file that we could reach by bypassing the file security with Norton Utilities for Macintosh (haha Mac OS 6 security, bah). We procured a copy of the software, installed it and created a password on my own IIci, then took a copy of that file (with the obfuscated password) and replaced the file on the lab IIci. Instant admin access.

But we didn't stop there. We had such organization that we managed, as a team, to use this trick to install a fun little background process called NetBunny... on ALL the macs in ALL the labs. NetBunny does nothing on its own, but paired with a little utility called StartWabbit that we pointed at any campus AppleTalk network we wished, would begin the chain reaction. What then happened is that the Energizer Bunny would walk across the screen thumping the drum, going literally from screen to screen across the whole lab. It was pretty much a riot, if you were in on the joke, but the admins couldn't figure it out (we had hidden the executable well through obfuscation by renaming it and pasting another icon on it) and after they heard the recognizable "thump, thump, thump" sound would jump up and run around helplessly yelling "It's the bunny!!" We did it a few times with "agents" at each location to witness the mayhem. Good geek times.

I think it's the nature of very talented people, that when The System is not challenging them sufficiently (or when they refuse to take on the offered challenge due to lack of interest or motivation), that they seek out their own challenges, and fun.

I don't think these kids should get punished this harshly. Felony charges? Simply for trying to break the rules? Please. Face it, it takes some effort and talent to break in, it's just misplaced effort and talent. Find a way to redirect it. I mean come on, it probably started with some high-school geek starving for attention who wanted to seem cool.

I am an IT Director in a High School District...

[xorowo (733585)]

...and I think that pursuing felony charges is going too far. It shouldn't be too difficult to figure out how the password was leaked, and the person that leaked it should be punished harshly. I don't have a whole lot of sympathy for student crackers. That said, I imagine that the letter is designed to scare the crap out of the students, more than it is designed to suggest an actual imminent arrest.

I just dealt with some students who abused positions of trust (as tech aides) to install keylogging software on multiple computers. We came down hard on the student who initiated this because he used the information he gathered to access email and grades of the teachers whose passwords he caught. I never considered recommending this to the police, though, because I knew that we could suggest expulsion (which we ended up on a compromise with the student and his parents on) and scare the student into not doing this again. Or, at least, we now know who he is and we can ensure that he won't do the same thing.

The primary downside is that high school computer experiences shouldn't have to be as controlled and locked down as they are in most places. While we absolutely need security surrounding our student information system, grades, attendance and teacher files, I don't like locking down computers and trying to force certain behaviors. Let these kids work normally on the computers and be clear about what is appropriate. Locking them up will only, in the end, produce exactly what these district's saw -- students who do everything possible to break the security.

Oh, and the parent who said, "and I don't know that it has cost the taxpayers any money" is delusional. Everything I do in my job costs the taxpayers money, so if I have to spent dozens or hundreds of hours tracking down the source of a security breach instead of working with students on a multimedia project or with teachers on instructional applications, then it costs money.

18 Pa.C.S.A. 7615

[danoatvulaw (625376)]

Just for everyone's information, here's the statute they might be prosecuted under. According to the sentencing provision, a third degree felony carries a maximum penalty of up to 7 years imprisonment (18 Pa.C.S.A. 1103) and a max $15,000 fine (18 Pa.C.S.A. 1101).

(a) Offense defined. A person commits the offense of computer trespass if he knowingly and without authority or in excess of given authority uses a computer or computer network with the intent to:

(1) temporarily or permanently remove computer data, computer programs or computer software from a computer or computer network;
(2) cause a computer to malfunction, regardless of the amount of time the malfunction persists;
(3) alter or erase any computer data, computer programs or computer software;
(4) effect the creation or alteration of a financial instrument or of an electronic transfer of funds; or
(5) cause physical injury to the property of another.

(b) Grading.--An offense under this section shall constitute a felony of the third degree.

JESUS FUCKING CRIST

[t_allardyce (48447)]

FFS never mind this, why the fuck are kids being given laptops in the first place? High school students have NO use for all this equipment, they are going to use it for music, porn and games and very very occasionally write a report on it. Seriously is it that important to waste that much money so some students can do word processing?? what the fuck happened to using the computer room or their home computer or even just writing with a bloody pen? This is just an insane waste of resources for no purpose other than to hype the fact that everyone has laptops. Yeah sure it would be _nice_ to give kids laptops but at the moment it just costs too much, when the price eventually drops to a reasonable level then this will be a viable option. For the price of this project they could probably have afforded smaller class sizes, useful equipment or more one-to-one tutoring. These computers will be useless in a few years - many of them will be broken (they're not designed to last forever), some lost or stolen, and the rest will be nearing the end of their useful life as glorified word-processors with computing power that would have only been found in a Cray a few decades ago. I would sack who-ever is responsible for this and who ever DARED to pass the buck for their mother fucking failure on to kids that are doing what kids do (at least they aren't jacking cars).

This crap is nothing new

[ScrewMaster (602015)]

Sometime around 1977 my father stood in front of my state's legislature and gave testimony regarding a computer crime bill that was up for consideration. He pointed out that this bill would not only have little or no effect upon it's intended targets (white collar criminals), but would instantly felonize the bulk of the state's computer science and engineering students. It was a really stupid law, created with the usual "we have to appear to be doing something so let's do something in a hurry without out thinking it through" mentality.

They hadn't thought of that.

That bill didn't pass (only because an intelligent, well-spoken engineer gave the politicians some facts they chose not to ignore), but there always those that feel the need to increase the crime/punishment ratio to insane levels. Oh I know ... the teachers and administrators in this case probably feel the need to "send a message" to the student body. They think that message is "respect the law!", when the actual message is "the law doesn't respect you, so why should you respect the law?" All this kind of treatment will do is create more Kevin Mitnicks.

You guys are missing THE most important facts.

[Zyxwv88 (536800)]

I'm surprised that no one has noticed this. The school district REQUIRED students to use the school laptops, even if they had a laptop at home that they could have brought in and used. The school district also REQUIRES teachers to implement the laptops into the curriculum so they are used. The school district has monitoring software so that they can spy on the students. Basically they are providing themselves with tools that they can spy on students, requiring students to carry those tools, and if students disable the spy software, they get charged with felonies. Am I the only one that sees a problem with this? If my kid was in that school district, I'd be visiting with a lawyer and/or other organizations to get some changes made around there. This is a total invasion of privacy, but it's been glossed over as a "free" laptop, so people have looked at it as a good thing instead of the invasion of privacy that it also is.

Re:Inept school officials

[Pxtl (151020)]

I know. The school could have had just as good an effect by suspending those involved briefly and billing their parents for the board tech's time required to re-image the ibooks. Instead, they decide to jump on the "Cybercrime is teh evil!" bandwagon and go apeshit.

Re:My school used different methods....

[stfvon007 (632997)]

When someone in my class tried to steal the instructors password to a networking class that used online materials. (Sent a message to the company that provided them forging the e-mail header to look like it was from the teacher, saying "I forgot my password, please send it to address@aol.com")

The next class instead of going to the computer lab we were sent to a classroom instead. Once we were all there, the district network administrator came in, and started giving a lecture on how to track down where an attempted intrusion is coming from, Using a real life case study. It was quite an interesting presentation actually, exept for one student who was watching in HORROR (with a complete look of shock on his face) as they described in great detail exactly how they tracked him down and learned exactly who did it. He was visibly shaking at the end of the lecture. (Before the lecture he had absalutely no idea that anyone else knew about the password theft attempt)
Besides that he got a few days of in school suspension, but that was it.

Re:Inept school officials

[Transcendent (204992)]

Same thing happened to me in HS.

Fortunately, I scared them off with a lawyer and charges were dropped.... so I ended up with a 30 day vacation from school, and still finished my senior year with a 4.5/4.0 GPA along with getting AP credit for Calc (but I didn't get to go to Florida with the FIRST team, ah well). And yes, there was an incompetent administrator of the entire district's (Novel ::shudder::) network... in which her stupidity not only let me do what I did, but further made ME look bad because the

Re:Inept school officials

[Frank T. Lofaro Jr. (142215)]

Charged but not convicted I'd assume.

Felons are forbidden by law from:

Voting (in many states. In 14, including mine, Nevada, one is forever forbidden from voting. In Florida, another such state, I believe it is case law that a juvenile convicted of a felony loses the right the vote before he or she gains it - he or she is barred by law from ever gaining the right to vote - cruel, unusual and unconstitutional but still considered the law).
Holding office
Working in anyway for the government, local, state or Federal. If you run a company of your own and are a felon - your company is ineligible to bid on any project or supply any goods or services.
Owning a gun - 10 year sentence if one even tries to. 18 USC 922(g) makes it illegal and 18 USC 924(a)(2) sets the penalty.
Being bonded
Getting a good job - anyone that hires a felon can have a judgement for monetary damages against them for "negligent hiring" - the courts will then take possibly all their assets and garishee their wages for life if the judgement is big enough - yeah the person would have to harm someone - but what employer will hire a felon knowing the courts could de facto bankrupt them for life if the person who committed a (possibly minor) (possibly as a juvenile) felony kills or rapes someone.
Keeping a job - "negligent retention" law prescribes the above for failing to fire a felon.
Travel - Canada PROHIBITS felons from entering - and they are supposed to be a reasonable country. Heck, Canada forbids DUI offenders from entering. Heck, George W. Bush, sitting President of the US, is technically barred for that. Not that they'd ever enforce it in his case. (Yes, Bush's was a misdemeanor - but Canada still bars people for it, perhaps Canada was a bad example, perhaps Bush was a bad example because someone might start an off topic Bush sucks/Bush rules flamewar)
In Utah - they are forbidden from working in any operational capacity for a Certificate Authority - this will mean if a felon owns a company it can't be a CA.

I might be wrong - I hope I am - but I fear my list is incomplete, not incorrect.

Re:Inept school officials

[IdleTime (561841)]

All of what you say just underlines the fact tha USA is far from the land of "freedom". I've never heard of such additional lifetime punishments as you outline here. Where I come from, there is no "felony". Crimes are not rated and when you have served your sentence you have paid your dues and are once again a full member of society with all the rights and obligations everyne else have. What a bunch of bullshit this is.

Re:Inept school officials

[Curtman (556920)]

"What a bunch of bullshit this is."

Especially since the "purpose" of prison is supposed to be to reform the offender. Kind of puts that in perspective.

Re:Inept school officials

[Frank T. Lofaro Jr. (142215)]

The scary thing is they can add punishments after one commits the crime!

That is technically an "ex post facto" (adding punishment after the fact) law, which is illegal, but they weasel out of it by saying it isn't punishment, it is just aiding "public safety" by restricting "privileges" of persons with a "felony status", not punishment for a crime.

Just as if the DMV takes your license away in an administrative hearing for DUI even if you are acquitted in criminal court! What about double jeapordy? Well the admin. hearing is not "punishment".

Oh, certain sex offenders are forbidden from living within X number of feet of a school. This restriction was added retroactively. In some cases these sex offender's offenses WOULD NOT BE A CRIME IN CERTAIN OTHER STATES WITH A LOWER AGE OF CONSENT - we aren't talking offenses which are universally considered crimes - i.e. they are being told they can't live somewhere after serving their sentence whereas in certain states they couldn't get in any (legal) trouble whatsoever. People who rape 9 year old girls should be locked up forever and ever and then some - but even then - the rule of law should hold - the rule of law is need to protect us all - make true perverts get life without parole sentences - I'm against the death penalty because I don't trust the government to use it fairly - Texas loves killing people and Nevada loved killing children until the Supreme Court stopped them.

Oh, the above rules don't protect kids - even sickos can take buses, trains, cars, planes, horses or walk to the school.

Also, this sets a precedent that the gov't can say where you live, and not as punishment for a crime - it can be done "ex post facto".

Also this precedent can be extended to any crime.

Think I'm crazy, think I'm paranoid. Well...

Clark County, NV has an "order out corridor" for people convicted of drugs and prostitution!

Clark County Code 12.05.020 (drugs) and 12.08.035 (prostitution). The "Las Vegas" Strip is in Clark County but not in the City of Las Vegas, btw.

Not just for where you can live, but where you can travel to or through!

Have a speeding ticket? Lots of car crashes in your town? How about a public safety rule that says you can't live within one mile of a freeway? Passed after your conviction? Justified by saying it is too tempting to have an opportunity for severe speeding so close by.

Living With a Felony

[bottlerocket (605232)]

I thought I'd share my thoughts, since this is a subject near and dear to my heart.

I was convicted of a felony three years ago, and my life was pretty much destroyed. I lost my job, my apartment, my college loans, and got slapped with thousands of dollars in fines to boot. I'm unemployable: I've shown up to different jobs to start my first day, only to be let go after because they got the results of the background check. The real kicker was that I checked "yes" to having a felony conviction on my application, but the managers claimed that "the computer says we can't hire you".

Since I am now unable to finish school and am stuck making six bucks an hour at McDonald's, I've been giving serious consideration to joining the Army. The recruiters say a waiver is no problem and they can wipe the felony from my record. I'd say gambling my life in Iraq beats the hell out of being doomed here in the Land of the Free.