Forgot your password?
typodupeerror
Education Government Portables (Apple) The Courts Hardware News

Felony Charges For H.S. Hacking 824

Posted by Zonk
from the barely-even-hacking dept.
jayrtfm writes "Last year the Kurtztown Area High School approved a program which gave every student an iBook. Now 13 students face felony charges for violating the district's usage policy." From the article: "Shrawder said the secret password '50Trexler,' was widely-known among the student body and distributed early in the school year. It allowed between 80 and 100 students to reconfigure their laptops, he said. The more computer-savvy students began to disable the administrations' ability to spy on the students' computer use. For others, it became a game, trying to outsmart the administration and compete with fellow students who held the secret, Shrawder said."
This discussion has been archived. No new comments can be posted.

Felony Charges For H.S. Hacking

Comments Filter:
  • Idiots. (Score:5, Interesting)

    by FireballX301 (766274) on Friday June 24, 2005 @10:46PM (#12906769) Journal
    I don't agree that it's a felony level offense, but...

    I'm a student computer tech at my high school, since the school is too cheap to hire a full time technical staff. You wouldn't believe the amount of times I was asked for the local administrator passwords to the campus computers, just from people who wanted to 'mess around'.

    The main problem is twofold: first, that the school doesn't want to be held liable for any 'bad' content (the obvious part), and that IT MAKES MORE WORK FOR ME. The admin password was leaked many times, and you wouldn't believe how many times I've had to either reformat computers or wipe Kazaa/Steam/random emulators from computers where students wanted to mess around. The worst part, when some of them tried to remove SynchronEyes (our 'spy' program), they were so incompetent with what they were doing that they ended up fuxxing the domain privileges and rendering the computer inoperable on the network. We rarely, if ever, monitor student activity, since we don't have enough staff.

    If you want to mess around or do anything 'cool' with a computer, DO IT AT HOME. If you're at school, use the computers for school work. It's not a game as to how much work you can cause for the local techs and admin, the computers are always for WORK. If you go ahead and make it a game, we get VERY pissed at having to clean yet another computer.

    Or better yet, do what I did and join the tech support staff.
  • by Rafikichi (831285) on Friday June 24, 2005 @10:47PM (#12906770) Homepage
    "To provide an interactive educational environment which encourages students to acquire the skills, knowledge, and attitudes, necessary to become responsible members of society"
  • Destroy all students (Score:1, Interesting)

    by Anonymous Coward on Friday June 24, 2005 @10:47PM (#12906772)
    What kind of assholes are these school administrators?!
    Their JOB, hopefully their PASSION is to help students learn and be prepared for life as adults. How does giving them felony records for typical high school curiosity do that? How can these administrators go home at night and think they are doing the right thing here?

    I think a protest is in order.
    The entire student body should boycott the school. Stop going. Perhaps they should ALL have accidents with their laptops too. Ooops, dropped it from the second floor.
    Damn... I know these are stupid retaliations, but I'm so pissed.

  • Unanswered question (Score:3, Interesting)

    by LostCluster (625375) * on Friday June 24, 2005 @10:48PM (#12906782)
    What did the 13 who got charged do differently that made them stand out from the "80 to 100" students who used the compromized password?
  • by Anonymous Coward on Friday June 24, 2005 @10:51PM (#12906803)
    FELONY charges for reconfiguring the laptops the schools give the students to use?!?!?!? Any parent should be outraged that their student could be subject to a felony for something like this. Parents should have do sign off on ANYTHING that might subject their children to such bogus charges. And they should be riled their own district would act such a way if some porno and ebarrassment to the school administration is all that happened.
  • by FireballX301 (766274) on Friday June 24, 2005 @10:52PM (#12906811) Journal
    You probably aren't in school anymore.

    Most usage policies that I've seen explicitly state something along the lines of 'criminal computer damage' or 'charges may be filed'. As a matter of fact, we have a cop on campus at my high school explicitly to arrest people, whether it be for fights (assault), drugs (obvious), and yes, 'hacking' (cybercrime is the term used, I believe). Even for something so simple as getting on the teach's computer when he's not looking. Student discipline, sadly, has declined in public schools over the years, and punishments have adjusted accordingly.

    Definitely not a felony though. Felony is defined typically as a heinous crime, and something simple as this should not be considered as such.
  • Wow.... (Score:5, Interesting)

    by cato kaze (770158) <omlet@ma[ ]n.com ['gi-' in gap]> on Friday June 24, 2005 @10:53PM (#12906817)
    As a high school senior in pennsylvania who has done things similar to those being described in the article, I'm worried. Before, my school district basically just slapped a student on the wrist for things like this, but I have the feelings that students in EVERY school district in the state are in trouble if schools start prosecuting because they are too stupid to handle anything technologically with reason. Hell, a kid in my district got 12 days out of school suspension for getting around the BESS Proxy wheres a kid who ripped a hunk of flesh off of another one's chest got 2 days in school suspension. People are fucktards...
  • by Transcendent (204992) on Friday June 24, 2005 @10:57PM (#12906839)
    Same thing happened to me in HS.

    Fortunately, I scared them off with a lawyer and charges were dropped.... so I ended up with a 30 day vacation from school, and still finished my senior year with a 4.5/4.0 GPA along with getting AP credit for Calc (but I didn't get to go to Florida with the FIRST team, ah well). And yes, there was an incompetent administrator of the entire district's (Novel ::shudder::) network... in which her stupidity not only let me do what I did, but further made ME look bad because the unknowing school officials believed her word.

    Unfortunately for the kids in thie story, I doubt the school can be scared off at this point.
  • High Schol Security (Score:1, Interesting)

    by Anonymous Coward on Friday June 24, 2005 @11:00PM (#12906860)
    Only vaguely related, but this reminds me of my high school, which spent somewhere in the vicinity of $50,000 on a school wide security system with individualy armable zones in every classroom, complete with door, window, and motion sensors. Then set the system-wide disarming code to 2468 so the teachers could remember it.
  • by tolkienfan (892463) on Friday June 24, 2005 @11:02PM (#12906867) Journal
    Unfortunately, under the law, accessing a computer system without authorization is a very serious crime.

    And furthermore, the courts have decided that violating an acceptable use policy amounts to accessing the computer without authorization.

    Worse, it is accepted within the courts that an existing "terms of use" or whatever does not have to have been read nor accepted for it to be enforceable.

    It is presumed that such a policy exists, and it is the burden of the user to find and read it.

    It sucks!
    I am not a lawyer, this is not legal advice

  • Live CD (Score:2, Interesting)

    by crypto55 (864220) on Friday June 24, 2005 @11:05PM (#12906890)
    Why not just use a live-on-CD linux bootdisk? I haven't seen that many for Macs, but I'm pretty sure that Yellow Dog has one. That would give the students the ability to run their own OS, although it would be slow because of read speeds. At my school, we run crappy little 900mhz pIII Win98 SEs. Originally, they had almost no security, but now it's building up. I sometimes use Knoppix, without any modification to the system itself.

    It sounds to me like this is just a story about a bunch of script kiddies who got caught *gasp* without covering their tracks.
  • Re:Idiots. (Score:2, Interesting)

    by rvalles (649635) on Friday June 24, 2005 @11:14PM (#12906943)
    Disabling Orwellian monitoring crap is not evil; it's an heroic act; the use of this kind of crap should be outlawed and no, don't give me this protecting kids crap. Kids shouldn't grow accostumed to surveillance. They should grow up as sovereign individuals who value their freedoms, and question power.
  • by standards (461431) on Friday June 24, 2005 @11:16PM (#12906962)
    It would be nice to know exactly what law was broken here. Remember, "breaking school policy" is not the same as "breaking the law". Only the legislature(s) can make law.

    And so to claim a felony, they're claiming that some law was broken. Why can't anyone describe that law?

    I heard the kids were reading Slashdot. Waste of time, those poor souls already lost....
  • by IdleTime (561841) on Friday June 24, 2005 @11:23PM (#12906998) Journal
    All of what you say just underlines the fact tha USA is far from the land of "freedom". I've never heard of such additional lifetime punishments as you outline here. Where I come from, there is no "felony". Crimes are not rated and when you have served your sentence you have paid your dues and are once again a full member of society with all the rights and obligations everyne else have. What a bunch of bullshit this is.
  • by ExTex (777901) on Friday June 24, 2005 @11:24PM (#12907002)
    If one of the accused was my kid, I'd have a lawyer at the courthouse Monday morning with all of his knives sharpened. School boards and principals love power and tought talk. The point where the rubber meets the road is when an equal or higher power responds with bigger guns. A well connected and/or wealthy parent on a mission is their worst nightmare. I'm guessing that the accused children have been well chosen based on having parents who will either capitulate or don't have the resources to fight. Still, it won't be long until lawyers start getting involved on behalf of the accused children. The school officials are on thin ice when they start intimating that these students are somehow fellons by running sideways of a "usage policy." School records of children are strongly protected by federal law and by nearly every state law too. By accusing these minors the school is possibly breaching certain areas of student privacy, plus setting themselves up for a slander or libel suit. Minor children can not enter in to a legal contract. Conversely, they can't be in breach of a contract. You just can't be a felon for breaking a school rule of not using a computer in the way you were asked. By the way, committing assault, battery, and other violent acts are not the breaking of school rules. They are breaking established state and sometimes federal criminal laws. The school district needs to remember that they are a public entity that is likely subject to open records and sunshine laws of their state. Wait until the right parent seeks a court order to have a looksee at some of the administrations' machines and records. I have to think that the local prosecutor and police want no part of this game and will turn on the school at the earliest chance.
  • Re:Live CD (Score:2, Interesting)

    by aldragon (782143) on Friday June 24, 2005 @11:26PM (#12907017)
    Heh. Reminds me of the face that a few computers at my schools have cd-rom booting disabled... however they set the stupid bios password to "admin" on a good number of the computers.

    A friend of mine guessed that bios password first try because he accidently pressed the key to go into the bios and felt that giving a joking guess at the bios password took less effort than pressing the power button. Man, that was funny!
  • by stfvon007 (632997) <enigmar007@noSPAM.yahoo.com> on Friday June 24, 2005 @11:31PM (#12907041) Journal
    When someone in my class tried to steal the instructors password to a networking class that used online materials. (Sent a message to the company that provided them forging the e-mail header to look like it was from the teacher, saying "I forgot my password, please send it to address@aol.com")

    The next class instead of going to the computer lab we were sent to a classroom instead. Once we were all there, the district network administrator came in, and started giving a lecture on how to track down where an attempted intrusion is coming from, Using a real life case study. It was quite an interesting presentation actually, exept for one student who was watching in HORROR (with a complete look of shock on his face) as they described in great detail exactly how they tracked him down and learned exactly who did it. He was visibly shaking at the end of the lecture. (Before the lecture he had absalutely no idea that anyone else knew about the password theft attempt)
    Besides that he got a few days of in school suspension, but that was it.
  • Stupid. (Score:3, Interesting)

    by BigZaphod (12942) on Friday June 24, 2005 @11:43PM (#12907103) Homepage
    I posted the following awhile back on slashdot, but I think in some ways it bears repeating here. Not because it is amazingly unique or insightful, but more because I learned a ton by screwing around with computer--sometimes school-owned ones. And I think I'm the better for it. If I did this kind of stuff now, I'd probably have been in jail at the age of 16 or something. This trend needs to change.

    ----

    There was a lab that I used to hang out in. Being one of the few geeks in the school, I pretty much had run of the place. The teacher who oversaw the lab encouraged creativity and ingenuity. Sometimes he'd get pissed with something I did, but in those cases I just fixed it and moved on. This kind of activity, over a year or so, ended up earning his trust as I would also fix the odd problems with windows/autocad and such that would crop up.

    Eventually I became the de-facto admin for that entire lab. During my required study period he would give me a pass to hang out in his lab--sometimes even when other classes were in there. Talk about heaven. I had the run of a computer lab that was networked. It was like being a king. :)

    Around my junior year or so, they replaced the computers in the lab (aging 386/486 era machines with DOS, mostly) with shiny new Pentiums running Windows. For a few months they were basically just open and normal Windows machines. I think they even had Internet access. This was, of course, a total disaster. The net was new, then. People didn't have it at home. They downloaded anything and everything. Porn, viruses, music, etc.

    The result was an *cough* admin *cough* who ended up being in the room almost everyday for awhile. He would spend his time poking around in control panels and "fixing" the computers. Eventually he must have gotten sick of that because they hired a local consulting company to come in to secure them all. Pretty soon the whole place was all passworded up with all these layers of cheap third party locks, etc.

    I broke all of them--with full (unofficial) support of the teacher who taught in the room. They had tried to lock the systems down so much that half his programs wouldn't work right anymore. He had endless problems with students just trying to save their completed CAD drawings. I made a lot of those problems go away by circumventing the security, showing him how, and then giving him pointers to try to minimize the visibility of the hole so that other kids and the admin dude wouldn't find it. Not perfect, but it helped.

    After some time of this the teacher pulled me aside one day and tells me in a reasonably loud-so-that-others-near-by-can-hear voice that I need to be careful because Mr. Admin is getting pissed that someone keeps getting into his expensively secured systems and he's going to try for suspension of that person when he is caught. Of course nearly every one of his students knew it was me--but they weren't going to talk. I had helped them all out of computer jams at some point or other. So after doing the semi-public speech, he later pulls me aside in private and says, "Hey, keep doing what you're doing. I'll make sure they don't do anything to you. Those bastards are making my life such a living hell and they won't listen to my needs that I've given up trying to deal with them. You at least make it possible for me to teach my classes."

    So of course after the next round of "security upgrades" I was once again on the job. Eventually I figured the way into the system and changed all the screen savers to be the marquee one and had it read, "Ha ha! I got in Mr. Security Guy!" Hoo boy did the shit hit the fan. I was shielded from it, but the teacher just loved it. The admin dude was pissed. The consulting guy was there almost everyday for like 2 weeks. My teacher would just smile and nod. Eventually they locked it down pretty heavily, but by this point I was a senior and I was graduating early and was out of there.

    Those were some good times. Seriously, though, I swear that in this
  • by Anonymous Coward on Friday June 24, 2005 @11:50PM (#12907144)
    That question doesn't really *have* an answer on the mac. What about viruses?

    It's not just "there aren't any now, but there may be eventually so you should install a scanner." A virus scanner on the mac is such a nearly useless thing that the scanners available are very bad.

    One of the best ways to break a Mac has traditionally been to install Norton Antivirus.

    You can't *really* protect against a threat that isn't there yet. It's easy to build a virus identifying engine on Windows because you know what sorts of things you'll be looking for. You know what the various Windows virii look like so you can test the software.

    On the mac you're writing into a void. Are mac viruses going to be executables, widgets, PDFs? What vulnerability is going to be popular for creating them?

    In addition, Macs having only 5% marketshare means that even if there were a virus, there wouldn't be many carriers spreading it. Low-density populations don't spread infection easily.

    All this is to say that, even though only a cock-eyed optimist would believe there will never be a virus on the mac, the prevention is currently more effort and more risk than the non-existent disease. The answer they give regarding viruses is a pretty reasonable one for the time being. Another good answer woud be "always have your data backed up," but that's generally true.

    The rest of your post is equally inapplicable. Apple did *not* administer this network. Your assumption about having only a single password to protect the users from themselves is bizarre...

    The idea that a school can hand out laptops to all its students with software on those laptops to restrict their use is inane. The students will always crack the system because the client is in their hands. If they didn't want the students accessing porn on those computers, they shouldn't have provided them.

    No actual server was breached. All that happened here is that a bunch of horny students got around the school's filtering, downloaded some music and some porn, and are now facing felony charges. Very american, but not a case of failed security. A case of foolish expectations.
  • by Frank T. Lofaro Jr. (142215) on Friday June 24, 2005 @11:56PM (#12907170) Homepage
    The scary thing is they can add punishments after one commits the crime!

    That is technically an "ex post facto" (adding punishment after the fact) law, which is illegal, but they weasel out of it by saying it isn't punishment, it is just aiding "public safety" by restricting "privileges" of persons with a "felony status", not punishment for a crime.

    Just as if the DMV takes your license away in an administrative hearing for DUI even if you are acquitted in criminal court! What about double jeapordy? Well the admin. hearing is not "punishment".

    Oh, certain sex offenders are forbidden from living within X number of feet of a school. This restriction was added retroactively. In some cases these sex offender's offenses WOULD NOT BE A CRIME IN CERTAIN OTHER STATES WITH A LOWER AGE OF CONSENT - we aren't talking offenses which are universally considered crimes - i.e. they are being told they can't live somewhere after serving their sentence whereas in certain states they couldn't get in any (legal) trouble whatsoever. People who rape 9 year old girls should be locked up forever and ever and then some - but even then - the rule of law should hold - the rule of law is need to protect us all - make true perverts get life without parole sentences - I'm against the death penalty because I don't trust the government to use it fairly - Texas loves killing people and Nevada loved killing children until the Supreme Court stopped them.

    Oh, the above rules don't protect kids - even sickos can take buses, trains, cars, planes, horses or walk to the school.

    Also, this sets a precedent that the gov't can say where you live, and not as punishment for a crime - it can be done "ex post facto".

    Also this precedent can be extended to any crime.

    Think I'm crazy, think I'm paranoid. Well...

    Clark County, NV has an "order out corridor" for people convicted of drugs and prostitution!

    Clark County Code 12.05.020 (drugs) and 12.08.035 (prostitution). The "Las Vegas" Strip is in Clark County but not in the City of Las Vegas, btw.

    Not just for where you can live, but where you can travel to or through!

    Have a speeding ticket? Lots of car crashes in your town? How about a public safety rule that says you can't live within one mile of a freeway? Passed after your conviction? Justified by saying it is too tempting to have an opportunity for severe speeding so close by.
  • by Anonymous Coward on Saturday June 25, 2005 @12:07AM (#12907217)
    The problem comes when they understand what you told them and it's too late. You'll be the only one who "touched the computer", you're the only one who "knows how it works": you're responsible.

    That happens in the corporate world as well. As the network engineer at my previous job, I pointed out an issue with Outlook and Exchange or just about any mail system for that matter but the problem is compounded by Outlook using friendly names and not showing the header, how easy it was to send a email as anyone to anyone and how Outlook masked the true email address by only showing the nice name in the from field (Doe, John instead of jdoe@company.com or even worse how it would show Doe, John but had a real address of not_really_jdoe@somewebmail.com). See, many people there thought the only way that was possible was via the send on behalf of option that Exchange has. Well, SMTP is SMTP regardless of MS's implementation on top of that for sending on behalf of permissions. Anyway... We had an incedent of that exact thing and I was called to the table to "re explain" how that could happen but the questions were geared toward ME and the content of the offending mail from and to someone that I had no knowledge of at all, not the general technical aspects of how that was possible. Bottom line, I was the major suspect.
  • by Durandal64 (658649) on Saturday June 25, 2005 @12:19AM (#12907270)
    Back in my senior year of high school (wow, 4 years already), we were doing a stock market competition in my government class. We used some sort of website portal, and my partner and I were actually doing fairly well. This was at a time when nVidia stock was shooting way up, so we were buying it. But we both forgot the password to our account over Christmas break and wanted to get in.

    So I got wise and spoofed an e-mail to the administrator of the system (can't remember how I got the guy's e-mail address), forging the header to look like it was from my teacher. I (posing as the teacher) told him that a couple students had lost their password, and I needed it e-mailed to a hotmail account I'd set up. I put in some excuse about how I was going to be on the road and unable to check my regular e-mail address. This was actually true. My teacher told us he wouldn't be able to check his e-mails during the break because he was going to Colorado or something.

    The guy bought it. He sent my password to the Hotmail account I'd set up. Not only had he sent my password, though. He'd sent everyone else's too. And to make matters worse, he'd CC'ed it to the teacher's real account ... with the quoted text from my forged e-mail. Wonderful. I was in deep shit.

    So there was no way out. My name was on the original e-mail, and it wouldn't take a genius to figure out what happened. So I copped to it. I e-mailed my teacher, explaining the whole thing, and waited the entire break. I got to class, and my teacher just told me, "Got your e-mail. It's cool." And that was it.

    I risked a whole hell of a lot to save some time for a stupid game. And I got lucky that my teacher was merciful. The worst part is that I was so set on going the 1337 route that I never considered that, with the administrator's e-mail, I could've just requested my password as myself!

    So I got a free lesson there. In short, I agree with you. Teenagers don't listen to this kind of stuff though, because of course, it'll never happen to them. And if it does, they'll get lucky like me. Good thing the law doesn't hold minors accountable for their decisions.
  • by bladesjester (774793) <slashdot@@@jameshollingshead...com> on Saturday June 25, 2005 @12:23AM (#12907286) Homepage Journal
    Welcome to the fun that was unleashed by the Computer Fraud and Abuse Act (1986) among other pieces of legislation and hyped through the roof by the FBI and Secret Service in the late 80's and early 90's.

    That sort of thing set all of the precidents for the insane rulings that you see for this now.
  • by mrjackson2000 (733829) on Saturday June 25, 2005 @01:06AM (#12907461) Homepage
    I've been in a similar situation, and i'll say this. If you have a few teachers on your side and maybe a friend w/ a parent on the school board you will be fine.
    Almost all the stuff that i did was white hat, reinstalling windows, fixing drivers, but i knew more than the admin and that made them fear me. after everything blew over i went right back to doing that stuff for one of the labs.
  • YOu have to admit (Score:3, Interesting)

    by einhverfr (238914) <chris.traversNO@SPAMgmail.com> on Saturday June 25, 2005 @01:27AM (#12907537) Homepage Journal
    Anyone who thinks it is a good idea to have a password based on the mailing address of the school district demonstrates that at least half of the problem is in the inability to approach security problems intelligently (like, say, actually balancing security and useability).
  • by unitron (5733) on Saturday June 25, 2005 @01:42AM (#12907579) Homepage Journal
    They mave have acted "in excess of given authority" but I don't see where they had the intent to do any of 1 through 5 unless you really, really, reach.

    Sounds like Officer Skavinsky and the Berks County District Attorney's office don't really know what they are doing and don't understand the law in question or computers in general.

  • Living With a Felony (Score:5, Interesting)

    by bottlerocket (605232) on Saturday June 25, 2005 @01:57AM (#12907613) Homepage

    I thought I'd share my thoughts, since this is a subject near and dear to my heart.

    I was convicted of a felony three years ago, and my life was pretty much destroyed. I lost my job, my apartment, my college loans, and got slapped with thousands of dollars in fines to boot. I'm unemployable: I've shown up to different jobs to start my first day, only to be let go after because they got the results of the background check. The real kicker was that I checked "yes" to having a felony conviction on my application, but the managers claimed that "the computer says we can't hire you".

    Since I am now unable to finish school and am stuck making six bucks an hour at McDonald's, I've been giving serious consideration to joining the Army. The recruiters say a waiver is no problem and they can wipe the felony from my record. I'd say gambling my life in Iraq beats the hell out of being doomed here in the Land of the Free.

  • by unitron (5733) on Saturday June 25, 2005 @02:09AM (#12907648) Homepage Journal
    " It shouldn't be too difficult to figure out how the password was leaked..."

    It was the school's street address. It wasn't leaked, it was guessed. If it had been leaked, it would have had to have come from someone in the school administration. Leaks come from the inside. (unless there's something in the terms of use that say if you happen to guess our pathetic password you aren't allowed to tell anyone)

    Although it might be tempting for the attorney for the defense to claim that none of the students could have guessed the password so one of the school staff must have leaked it in an entrapment attempt. :-)

  • by Grym (725290) on Saturday June 25, 2005 @02:14AM (#12907659)

    Altering the OS of your school provided laptop is probably not illegal, depending on what exactly you do. Unless you're unleashing a virus or destroying hardware, I really doubt anything will stick. I'm guessing this is the kind of thing the ACLU would help you with if you actually got in trouble.

    Exactly. Unless you actually stole/damaged things--they'd be hard-pressed actually go through the trouble of ruining your life. It's this very fact that saved me back in the day.

    Back when I was a senior in highschool (Class of '02), there was a computer-geek rebellion which I, by some strange twist of fate, found myself leading. It all started when the county bought some really nice computers for the fiber optic computer lab. Some of us got the bright idea to bring in cracked copies of Quake 2, Tribes 2, Unreal Tournament, and a bunch of other games to play during lulls in the classes. Most of the teachers didn't care. In fact, one of them even used "game time" as an incentive to get his lackadaisical senior students to do their assignments--with a lot of success I might add.

    Then one of the hard-nosed teachers found out and made a habit of deleting the games. Of course, this was easily overcome by making copies of the game files locally and adding a few ifexist lines to the autoexec.bat of every machine to recreate the game should it be deleted. This worked for awhile until the county computer techs were called in to "See what was wrong."

    Hoping to keep games off the computers, the county bought Clean Slate [fortres.com], a program used to lock down pre-XP computers. On the surface, the program seemed pretty tough. *All* changes/files created were removed every time the computer was restarted and only authorized programs were allowed to run. Of course, the BIOS was set as HD first to prevent bootdisking. The program was a huge hassle to both students and teachers alike.

    This was first overcome by: 1) corrupting/resetting the BIOS [bioscentral.com] 2)bootdisking in 3) REMing out the relevant lines in the autoexec and windows startup files. This entire process took approximately 20 seconds once you got good at it. And we did get good at it--there were over 300 computers in the school and every computer was unlocked (oftentimes the same day it was locked down). Unlocked computers were set with a blue background to indicate that they were fixed.

    Eventually we wised up and just installed a keylogger on one of the computers scheduled to be locked down. Sure enough, you had to type in the password every time you installed the software. With the password (which worked throughout the school), many people actually used Clean Slate to protect the games from being deleted--which was just beautiful.

    Figuring out what we were doing, they started to Norton Ghost the computers so that a direct install and password entry was not required. They also correctly configured Clean Slate so the BIOS couldn't be so easily corrupted. This too was eventually circumvented when we found out that Clean Slate is unable to apply its file protections to Novell Netware shared drives. If worse came to worse, and you had enough alone-time with the computer, you could always remove the case and reset the BIOS password with the pin.

    Throughout this whole process, there was one rule among those involved: DO NOT DAMAGE THE COMPUTERS. Do not delete the Clean Slate files--only disable them. Do not put porn, ect. on the computers.

    This turned out to be our saving grace. Eventually the computer technicians got fed up with our school. The network usage for our school was something like 30 times other schools in the county. Of course, all of this was occurring when the county was assuring the state that its computers would be ready for the new computer-based Standard of Learning (SOLs) tests. Bad timing. Entire meetings of the county school board were apparently based upon the

  • by Austerity Empowers (669817) on Saturday June 25, 2005 @03:09AM (#12907801)
    I think I did not attend my last 3 months of high school, totally flaked on 2 "required' projects and basically disappeared (I was hand coding the mandelbrot set in assembly using some VESA book I found. It was quite hard to get info about the FPU so it was sorta trial and error). I may have showed up once or twice I can't recall, it was a busy period.

    So my GPA went from 4.0 to 3.65 or some nonsense (Amazing how 8 Fs in the last quarter can really make a difference!). Didn't seem to affect anything, it's expensive for colleges to refuse admission they already gave you (it's hard for them to go as people they've already rejected), and high schools can't really hold you back. All those lame threats they make are really just that. Anyway no one checks, it goes right in there with your permanent record.

    I'd be more concerned about getting stuck with criminal charges right as you turn 18. That's nasty and really can affect you even if it doesn't stick.
  • by FredMenace (835698) on Saturday June 25, 2005 @04:20AM (#12907947)
    Why lock the damn things down in the first place? The people who should be charged with a crime are the idiots trying to interfere with the kids learning constructive skills. Lock down the servers and administrative files, but let the kids do with the individual computers what they will, other than downloading/storing porn or illegal materials, launching cyberattacks, etc. So long as they still do all their schoolwork etc., what's the harm?
  • Re:Idiots. (Score:2, Interesting)

    by Volvogga (867092) on Saturday June 25, 2005 @04:46AM (#12907993)
    While I agree with you that it is on the childish side to download Kazaa and emulators on a school computer (how long could you be on a computer for? 2 or three hours?), I must dissagree with your conclusion on the 'spy' programs.

    Having graduated from HS this year, a rather populated school ('A' sports class, I believe) with older computers (PII's and PIII's), and a staff that *did* use the SynchrinEyes program frequently, I can assure you that you would always know when you were being monitored. The computer would suddenly slow to a crawl, the mouse would 'jump' in gaps on the screen, and web pages would take five times longer to load (and our network was already slower than 56K speed on most occasions due to its usage). Even using Word would become a pain.

    I don't particularly care how you justify it (not held liable for bad content), anything that makes the computers less usable than a 386 is not a piece of software/equipment that should be used. This is not the only thing that is a problem with it. There is that feeling of annoyance that comes from someone watching you; a feeling which (believe it or not) decreases productivity even more. It is essentaly no different than a person standing over you while you are reading a book, and reading over your shoulder. In my case, I was always worried that the Librarian at my school (real Drac of a lady and the worst of the SynchronEyes monitors) would be monitoring me and look away for a moment, only to look back just as I would encounter a pop-up of questionable material (tig o' bitties!), which has happened to almost eveyone I know at school at least once.

    This program is so much of a pain in the ass, that I have had some of the most timmid, straight-arrows of the school approach me asking if I knew how to dissable or even BREAK the stupid thing. It didn't take all that long to find a few ways around it, but it generally was a big risk to shut the thing off, as the monitor could tell if the program was disabled. We got warned the first few times, but then we were getting kicked out of the Library or computer lab and threatened with disiplinary action.

    Our charge? Wanting to get our work done. SychronEyes (and I'm assuming most 'spy' programs) is a total piece of shit, which, in the wrong hands, decreases productivity and, overall, totaly fucks up an otherwise useable computer. Afterall, a computer is not truly obsolete until it can no longer due what you require of it.
  • by MPHellwig (847067) <mhellwig@xs4all.nl> on Saturday June 25, 2005 @05:01AM (#12908026) Homepage
    Well I am the network administrator on a high-school and the most effective solution to prevent damaging of the systems was to educate the *TEACHERS*.

    Besides that, the student geeks on my school are mostly gamers and by allowing every 2 to 3 month a school-only lan party they are quit carefull these days on "their" hardware. Of course I get asked alot of times what the Administrator password is, I always respond that I would tell them what it was last week. To be honest I don't know the Administrator password, I blocked that account name ages ago....
  • by Nogami_Saeko (466595) on Saturday June 25, 2005 @05:19AM (#12908054)
    I suggest using "Deep Freeze" instead for locking-up lab computers so they reset-on-reboot. It's pretty solid software - and fairly difficult to remove afaik.

    The network version also allows locking/unlocking/monitoring over the network, and you can generate 1-time codes for workstation access so people won't be able to unfreeze even if they snag the password with a keylogger of some sort.

    I've heard that it does interesting things to the boot record so that if deep freeze doesn't boot the system (ie: you try and bypass with a floppy or other bootable media), the harddrives aren't readable (unconfirmed).

    N.
  • by Anonymous Coward on Saturday June 25, 2005 @10:15AM (#12908782)
    I conducted a security assessment for a large school district about two years ago. Yup cracked %80 of their passwords in 20 mins. I was called in after some student changed his grades and attendance records in the district's database. They had no brute force detection on anything. No password aging. No real security policy at all. Did not find one strong password. Some if not most of the teachers login passwords to the main database (an Access db at that) was the same as their email name. They would not have caught this guy except he talked about it to a "friend" that then ratted him out.
    After seeing how security was run at this LARGE district I don't have a whole lot of sympathy for IT Directors when their systems get cracked.
  • by ScrewMaster (602015) on Saturday June 25, 2005 @10:19AM (#12908797)
    Sometime around 1977 my father stood in front of my state's legislature and gave testimony regarding a computer crime bill that was up for consideration. He pointed out that this bill would not only have little or no effect upon it's intended targets (white collar criminals), but would instantly felonize the bulk of the state's computer science and engineering students. It was a really stupid law, created with the usual "we have to appear to be doing something so let's do something in a hurry without out thinking it through" mentality.

    They hadn't thought of that.

    That bill didn't pass (only because an intelligent, well-spoken engineer gave the politicians some facts they chose not to ignore), but there always those that feel the need to increase the crime/punishment ratio to insane levels. Oh I know ... the teachers and administrators in this case probably feel the need to "send a message" to the student body. They think that message is "respect the law!", when the actual message is "the law doesn't respect you, so why should you respect the law?" All this kind of treatment will do is create more Kevin Mitnicks.
  • So please, if you're attending a school or a university, just remember we're trying to keep things running so you guys can learn something. It isn't a contest.

    But it is a contest. Guess you've forgotten what it's like to be a kid. Unfortunately, your 'them against us' attitude is what makes it fun. I worked in the public schools and administered the computer lab for several years. I had the best luck by ignoring the harmless stuff, and recruiting the help of the geeks.

...when fits of creativity run strong, more than one programmer or writer has been known to abandon the desktop for the more spacious floor. - Fred Brooks, Jr.

Working...