Felony Charges For H.S. Hacking 824
jayrtfm writes "Last year the Kurtztown Area High School approved a program which gave every student an iBook. Now 13 students face felony charges for violating the district's usage policy." From the article: "Shrawder said the secret password '50Trexler,' was widely-known among the student body and distributed early in the school year. It allowed between 80 and 100 students to reconfigure their laptops, he said. The more computer-savvy students began to disable the administrations' ability to spy on the students' computer use. For others, it became a game, trying to outsmart the administration and compete with fellow students who held the secret, Shrawder said."
Idiots. (Score:5, Interesting)
I'm a student computer tech at my high school, since the school is too cheap to hire a full time technical staff. You wouldn't believe the amount of times I was asked for the local administrator passwords to the campus computers, just from people who wanted to 'mess around'.
The main problem is twofold: first, that the school doesn't want to be held liable for any 'bad' content (the obvious part), and that IT MAKES MORE WORK FOR ME. The admin password was leaked many times, and you wouldn't believe how many times I've had to either reformat computers or wipe Kazaa/Steam/random emulators from computers where students wanted to mess around. The worst part, when some of them tried to remove SynchronEyes (our 'spy' program), they were so incompetent with what they were doing that they ended up fuxxing the domain privileges and rendering the computer inoperable on the network. We rarely, if ever, monitor student activity, since we don't have enough staff.
If you want to mess around or do anything 'cool' with a computer, DO IT AT HOME. If you're at school, use the computers for school work. It's not a game as to how much work you can cause for the local techs and admin, the computers are always for WORK. If you go ahead and make it a game, we get VERY pissed at having to clean yet another computer.
Or better yet, do what I did and join the tech support staff.
The District Mission Statement: (Score:2, Interesting)
Destroy all students (Score:1, Interesting)
Their JOB, hopefully their PASSION is to help students learn and be prepared for life as adults. How does giving them felony records for typical high school curiosity do that? How can these administrators go home at night and think they are doing the right thing here?
I think a protest is in order.
The entire student body should boycott the school. Stop going. Perhaps they should ALL have accidents with their laptops too. Ooops, dropped it from the second floor.
Damn... I know these are stupid retaliations, but I'm so pissed.
Unanswered question (Score:3, Interesting)
The parents should lawyer up and sue back (Score:1, Interesting)
Re:In-house punishments please! (Score:2, Interesting)
Most usage policies that I've seen explicitly state something along the lines of 'criminal computer damage' or 'charges may be filed'. As a matter of fact, we have a cop on campus at my high school explicitly to arrest people, whether it be for fights (assault), drugs (obvious), and yes, 'hacking' (cybercrime is the term used, I believe). Even for something so simple as getting on the teach's computer when he's not looking. Student discipline, sadly, has declined in public schools over the years, and punishments have adjusted accordingly.
Definitely not a felony though. Felony is defined typically as a heinous crime, and something simple as this should not be considered as such.
Wow.... (Score:5, Interesting)
Re:Inept school officials (Score:3, Interesting)
Fortunately, I scared them off with a lawyer and charges were dropped.... so I ended up with a 30 day vacation from school, and still finished my senior year with a 4.5/4.0 GPA along with getting AP credit for Calc (but I didn't get to go to Florida with the FIRST team, ah well). And yes, there was an incompetent administrator of the entire district's (Novel
Unfortunately for the kids in thie story, I doubt the school can be scared off at this point.
High Schol Security (Score:1, Interesting)
Re:I just don't get it (Score:5, Interesting)
And furthermore, the courts have decided that violating an acceptable use policy amounts to accessing the computer without authorization.
Worse, it is accepted within the courts that an existing "terms of use" or whatever does not have to have been read nor accepted for it to be enforceable.
It is presumed that such a policy exists, and it is the burden of the user to find and read it.
It sucks!
I am not a lawyer, this is not legal advice
Live CD (Score:2, Interesting)
It sounds to me like this is just a story about a bunch of script kiddies who got caught *gasp* without covering their tracks.
Re:Idiots. (Score:2, Interesting)
I'd be nice to know the laws broken (Score:3, Interesting)
And so to claim a felony, they're claiming that some law was broken. Why can't anyone describe that law?
I heard the kids were reading Slashdot. Waste of time, those poor souls already lost....
Re:Inept school officials (Score:3, Interesting)
Thoughts from a parent (Score:5, Interesting)
Re:Live CD (Score:2, Interesting)
A friend of mine guessed that bios password first try because he accidently pressed the key to go into the bios and felt that giving a joking guess at the bios password took less effort than pressing the power button. Man, that was funny!
Re:My school used different methods.... (Score:5, Interesting)
The next class instead of going to the computer lab we were sent to a classroom instead. Once we were all there, the district network administrator came in, and started giving a lecture on how to track down where an attempted intrusion is coming from, Using a real life case study. It was quite an interesting presentation actually, exept for one student who was watching in HORROR (with a complete look of shock on his face) as they described in great detail exactly how they tracked him down and learned exactly who did it. He was visibly shaking at the end of the lecture. (Before the lecture he had absalutely no idea that anyone else knew about the password theft attempt)
Besides that he got a few days of in school suspension, but that was it.
Stupid. (Score:3, Interesting)
----
There was a lab that I used to hang out in. Being one of the few geeks in the school, I pretty much had run of the place. The teacher who oversaw the lab encouraged creativity and ingenuity. Sometimes he'd get pissed with something I did, but in those cases I just fixed it and moved on. This kind of activity, over a year or so, ended up earning his trust as I would also fix the odd problems with windows/autocad and such that would crop up.
Eventually I became the de-facto admin for that entire lab. During my required study period he would give me a pass to hang out in his lab--sometimes even when other classes were in there. Talk about heaven. I had the run of a computer lab that was networked. It was like being a king.
Around my junior year or so, they replaced the computers in the lab (aging 386/486 era machines with DOS, mostly) with shiny new Pentiums running Windows. For a few months they were basically just open and normal Windows machines. I think they even had Internet access. This was, of course, a total disaster. The net was new, then. People didn't have it at home. They downloaded anything and everything. Porn, viruses, music, etc.
The result was an *cough* admin *cough* who ended up being in the room almost everyday for awhile. He would spend his time poking around in control panels and "fixing" the computers. Eventually he must have gotten sick of that because they hired a local consulting company to come in to secure them all. Pretty soon the whole place was all passworded up with all these layers of cheap third party locks, etc.
I broke all of them--with full (unofficial) support of the teacher who taught in the room. They had tried to lock the systems down so much that half his programs wouldn't work right anymore. He had endless problems with students just trying to save their completed CAD drawings. I made a lot of those problems go away by circumventing the security, showing him how, and then giving him pointers to try to minimize the visibility of the hole so that other kids and the admin dude wouldn't find it. Not perfect, but it helped.
After some time of this the teacher pulled me aside one day and tells me in a reasonably loud-so-that-others-near-by-can-hear voice that I need to be careful because Mr. Admin is getting pissed that someone keeps getting into his expensively secured systems and he's going to try for suspension of that person when he is caught. Of course nearly every one of his students knew it was me--but they weren't going to talk. I had helped them all out of computer jams at some point or other. So after doing the semi-public speech, he later pulls me aside in private and says, "Hey, keep doing what you're doing. I'll make sure they don't do anything to you. Those bastards are making my life such a living hell and they won't listen to my needs that I've given up trying to deal with them. You at least make it possible for me to teach my classes."
So of course after the next round of "security upgrades" I was once again on the job. Eventually I figured the way into the system and changed all the screen savers to be the marquee one and had it read, "Ha ha! I got in Mr. Security Guy!" Hoo boy did the shit hit the fan. I was shielded from it, but the teacher just loved it. The admin dude was pissed. The consulting guy was there almost everyday for like 2 weeks. My teacher would just smile and nod. Eventually they locked it down pretty heavily, but by this point I was a senior and I was graduating early and was out of there.
Those were some good times. Seriously, though, I swear that in this
What would you suggest? (Score:1, Interesting)
It's not just "there aren't any now, but there may be eventually so you should install a scanner." A virus scanner on the mac is such a nearly useless thing that the scanners available are very bad.
One of the best ways to break a Mac has traditionally been to install Norton Antivirus.
You can't *really* protect against a threat that isn't there yet. It's easy to build a virus identifying engine on Windows because you know what sorts of things you'll be looking for. You know what the various Windows virii look like so you can test the software.
On the mac you're writing into a void. Are mac viruses going to be executables, widgets, PDFs? What vulnerability is going to be popular for creating them?
In addition, Macs having only 5% marketshare means that even if there were a virus, there wouldn't be many carriers spreading it. Low-density populations don't spread infection easily.
All this is to say that, even though only a cock-eyed optimist would believe there will never be a virus on the mac, the prevention is currently more effort and more risk than the non-existent disease. The answer they give regarding viruses is a pretty reasonable one for the time being. Another good answer woud be "always have your data backed up," but that's generally true.
The rest of your post is equally inapplicable. Apple did *not* administer this network. Your assumption about having only a single password to protect the users from themselves is bizarre...
The idea that a school can hand out laptops to all its students with software on those laptops to restrict their use is inane. The students will always crack the system because the client is in their hands. If they didn't want the students accessing porn on those computers, they shouldn't have provided them.
No actual server was breached. All that happened here is that a bunch of horny students got around the school's filtering, downloaded some music and some porn, and are now facing felony charges. Very american, but not a case of failed security. A case of foolish expectations.
Re:Inept school officials (Score:5, Interesting)
That is technically an "ex post facto" (adding punishment after the fact) law, which is illegal, but they weasel out of it by saying it isn't punishment, it is just aiding "public safety" by restricting "privileges" of persons with a "felony status", not punishment for a crime.
Just as if the DMV takes your license away in an administrative hearing for DUI even if you are acquitted in criminal court! What about double jeapordy? Well the admin. hearing is not "punishment".
Oh, certain sex offenders are forbidden from living within X number of feet of a school. This restriction was added retroactively. In some cases these sex offender's offenses WOULD NOT BE A CRIME IN CERTAIN OTHER STATES WITH A LOWER AGE OF CONSENT - we aren't talking offenses which are universally considered crimes - i.e. they are being told they can't live somewhere after serving their sentence whereas in certain states they couldn't get in any (legal) trouble whatsoever. People who rape 9 year old girls should be locked up forever and ever and then some - but even then - the rule of law should hold - the rule of law is need to protect us all - make true perverts get life without parole sentences - I'm against the death penalty because I don't trust the government to use it fairly - Texas loves killing people and Nevada loved killing children until the Supreme Court stopped them.
Oh, the above rules don't protect kids - even sickos can take buses, trains, cars, planes, horses or walk to the school.
Also, this sets a precedent that the gov't can say where you live, and not as punishment for a crime - it can be done "ex post facto".
Also this precedent can be extended to any crime.
Think I'm crazy, think I'm paranoid. Well...
Clark County, NV has an "order out corridor" for people convicted of drugs and prostitution!
Clark County Code 12.05.020 (drugs) and 12.08.035 (prostitution). The "Las Vegas" Strip is in Clark County but not in the City of Las Vegas, btw.
Not just for where you can live, but where you can travel to or through!
Have a speeding ticket? Lots of car crashes in your town? How about a public safety rule that says you can't live within one mile of a freeway? Passed after your conviction? Justified by saying it is too tempting to have an opportunity for severe speeding so close by.
Re:Lets get the facts straight (Score:1, Interesting)
That happens in the corporate world as well. As the network engineer at my previous job, I pointed out an issue with Outlook and Exchange or just about any mail system for that matter but the problem is compounded by Outlook using friendly names and not showing the header, how easy it was to send a email as anyone to anyone and how Outlook masked the true email address by only showing the nice name in the from field (Doe, John instead of jdoe@company.com or even worse how it would show Doe, John but had a real address of not_really_jdoe@somewebmail.com). See, many people there thought the only way that was possible was via the send on behalf of option that Exchange has. Well, SMTP is SMTP regardless of MS's implementation on top of that for sending on behalf of permissions. Anyway... We had an incedent of that exact thing and I was called to the table to "re explain" how that could happen but the questions were geared toward ME and the content of the offending mail from and to someone that I had no knowledge of at all, not the general technical aspects of how that was possible. Bottom line, I was the major suspect.
Re:Lets get the facts straight (Score:5, Interesting)
So I got wise and spoofed an e-mail to the administrator of the system (can't remember how I got the guy's e-mail address), forging the header to look like it was from my teacher. I (posing as the teacher) told him that a couple students had lost their password, and I needed it e-mailed to a hotmail account I'd set up. I put in some excuse about how I was going to be on the road and unable to check my regular e-mail address. This was actually true. My teacher told us he wouldn't be able to check his e-mails during the break because he was going to Colorado or something.
The guy bought it. He sent my password to the Hotmail account I'd set up. Not only had he sent my password, though. He'd sent everyone else's too. And to make matters worse, he'd CC'ed it to the teacher's real account
So there was no way out. My name was on the original e-mail, and it wouldn't take a genius to figure out what happened. So I copped to it. I e-mailed my teacher, explaining the whole thing, and waited the entire break. I got to class, and my teacher just told me, "Got your e-mail. It's cool." And that was it.
I risked a whole hell of a lot to save some time for a stupid game. And I got lucky that my teacher was merciful. The worst part is that I was so set on going the 1337 route that I never considered that, with the administrator's e-mail, I could've just requested my password as myself!
So I got a free lesson there. In short, I agree with you. Teenagers don't listen to this kind of stuff though, because of course, it'll never happen to them. And if it does, they'll get lucky like me. Good thing the law doesn't hold minors accountable for their decisions.
Re:I just don't get it (Score:3, Interesting)
That sort of thing set all of the precidents for the insane rulings that you see for this now.
Re:Lets get the facts straight (Score:2, Interesting)
Almost all the stuff that i did was white hat, reinstalling windows, fixing drivers, but i knew more than the admin and that made them fear me. after everything blew over i went right back to doing that stuff for one of the labs.
YOu have to admit (Score:3, Interesting)
Re:I'd be nice to know the laws broken (Score:3, Interesting)
Sounds like Officer Skavinsky and the Berks County District Attorney's office don't really know what they are doing and don't understand the law in question or computers in general.
Living With a Felony (Score:5, Interesting)
I thought I'd share my thoughts, since this is a subject near and dear to my heart.
I was convicted of a felony three years ago, and my life was pretty much destroyed. I lost my job, my apartment, my college loans, and got slapped with thousands of dollars in fines to boot. I'm unemployable: I've shown up to different jobs to start my first day, only to be let go after because they got the results of the background check. The real kicker was that I checked "yes" to having a felony conviction on my application, but the managers claimed that "the computer says we can't hire you".
Since I am now unable to finish school and am stuck making six bucks an hour at McDonald's, I've been giving serious consideration to joining the Army. The recruiters say a waiver is no problem and they can wipe the felony from my record. I'd say gambling my life in Iraq beats the hell out of being doomed here in the Land of the Free.
Re:I am an IT Director in a High School District.. (Score:3, Interesting)
It was the school's street address. It wasn't leaked, it was guessed. If it had been leaked, it would have had to have come from someone in the school administration. Leaks come from the inside. (unless there's something in the terms of use that say if you happen to guess our pathetic password you aren't allowed to tell anyone)
Although it might be tempting for the attorney for the defense to claim that none of the students could have guessed the password so one of the school staff must have leaked it in an entrapment attempt. :-)
Re:Lets get the facts straight (Score:5, Interesting)
Altering the OS of your school provided laptop is probably not illegal, depending on what exactly you do. Unless you're unleashing a virus or destroying hardware, I really doubt anything will stick. I'm guessing this is the kind of thing the ACLU would help you with if you actually got in trouble.
Exactly. Unless you actually stole/damaged things--they'd be hard-pressed actually go through the trouble of ruining your life. It's this very fact that saved me back in the day.
Back when I was a senior in highschool (Class of '02), there was a computer-geek rebellion which I, by some strange twist of fate, found myself leading. It all started when the county bought some really nice computers for the fiber optic computer lab. Some of us got the bright idea to bring in cracked copies of Quake 2, Tribes 2, Unreal Tournament, and a bunch of other games to play during lulls in the classes. Most of the teachers didn't care. In fact, one of them even used "game time" as an incentive to get his lackadaisical senior students to do their assignments--with a lot of success I might add.
Then one of the hard-nosed teachers found out and made a habit of deleting the games. Of course, this was easily overcome by making copies of the game files locally and adding a few ifexist lines to the autoexec.bat of every machine to recreate the game should it be deleted. This worked for awhile until the county computer techs were called in to "See what was wrong."
Hoping to keep games off the computers, the county bought Clean Slate [fortres.com], a program used to lock down pre-XP computers. On the surface, the program seemed pretty tough. *All* changes/files created were removed every time the computer was restarted and only authorized programs were allowed to run. Of course, the BIOS was set as HD first to prevent bootdisking. The program was a huge hassle to both students and teachers alike.
This was first overcome by: 1) corrupting/resetting the BIOS [bioscentral.com] 2)bootdisking in 3) REMing out the relevant lines in the autoexec and windows startup files. This entire process took approximately 20 seconds once you got good at it. And we did get good at it--there were over 300 computers in the school and every computer was unlocked (oftentimes the same day it was locked down). Unlocked computers were set with a blue background to indicate that they were fixed.
Eventually we wised up and just installed a keylogger on one of the computers scheduled to be locked down. Sure enough, you had to type in the password every time you installed the software. With the password (which worked throughout the school), many people actually used Clean Slate to protect the games from being deleted--which was just beautiful.
Figuring out what we were doing, they started to Norton Ghost the computers so that a direct install and password entry was not required. They also correctly configured Clean Slate so the BIOS couldn't be so easily corrupted. This too was eventually circumvented when we found out that Clean Slate is unable to apply its file protections to Novell Netware shared drives. If worse came to worse, and you had enough alone-time with the computer, you could always remove the case and reset the BIOS password with the pin.
Throughout this whole process, there was one rule among those involved: DO NOT DAMAGE THE COMPUTERS. Do not delete the Clean Slate files--only disable them. Do not put porn, ect. on the computers.
This turned out to be our saving grace. Eventually the computer technicians got fed up with our school. The network usage for our school was something like 30 times other schools in the county. Of course, all of this was occurring when the county was assuring the state that its computers would be ready for the new computer-based Standard of Learning (SOLs) tests. Bad timing. Entire meetings of the county school board were apparently based upon the
Re:Lets get the facts straight (Score:3, Interesting)
So my GPA went from 4.0 to 3.65 or some nonsense (Amazing how 8 Fs in the last quarter can really make a difference!). Didn't seem to affect anything, it's expensive for colleges to refuse admission they already gave you (it's hard for them to go as people they've already rejected), and high schools can't really hold you back. All those lame threats they make are really just that. Anyway no one checks, it goes right in there with your permanent record.
I'd be more concerned about getting stuck with criminal charges right as you turn 18. That's nasty and really can affect you even if it doesn't stick.
Re:Lets get the facts straight (Score:2, Interesting)
Re:Idiots. (Score:2, Interesting)
Having graduated from HS this year, a rather populated school ('A' sports class, I believe) with older computers (PII's and PIII's), and a staff that *did* use the SynchrinEyes program frequently, I can assure you that you would always know when you were being monitored. The computer would suddenly slow to a crawl, the mouse would 'jump' in gaps on the screen, and web pages would take five times longer to load (and our network was already slower than 56K speed on most occasions due to its usage). Even using Word would become a pain.
I don't particularly care how you justify it (not held liable for bad content), anything that makes the computers less usable than a 386 is not a piece of software/equipment that should be used. This is not the only thing that is a problem with it. There is that feeling of annoyance that comes from someone watching you; a feeling which (believe it or not) decreases productivity even more. It is essentaly no different than a person standing over you while you are reading a book, and reading over your shoulder. In my case, I was always worried that the Librarian at my school (real Drac of a lady and the worst of the SynchronEyes monitors) would be monitoring me and look away for a moment, only to look back just as I would encounter a pop-up of questionable material (tig o' bitties!), which has happened to almost eveyone I know at school at least once.
This program is so much of a pain in the ass, that I have had some of the most timmid, straight-arrows of the school approach me asking if I knew how to dissable or even BREAK the stupid thing. It didn't take all that long to find a few ways around it, but it generally was a big risk to shut the thing off, as the monitor could tell if the program was disabled. We got warned the first few times, but then we were getting kicked out of the Library or computer lab and threatened with disiplinary action.
Our charge? Wanting to get our work done. SychronEyes (and I'm assuming most 'spy' programs) is a total piece of shit, which, in the wrong hands, decreases productivity and, overall, totaly fucks up an otherwise useable computer. Afterall, a computer is not truly obsolete until it can no longer due what you require of it.
Re:Lets get the facts straight (Score:3, Interesting)
Besides that, the student geeks on my school are mostly gamers and by allowing every 2 to 3 month a school-only lan party they are quit carefull these days on "their" hardware. Of course I get asked alot of times what the Administrator password is, I always respond that I would tell them what it was last week. To be honest I don't know the Administrator password, I blocked that account name ages ago....
Re:Lets get the facts straight (Score:3, Interesting)
The network version also allows locking/unlocking/monitoring over the network, and you can generate 1-time codes for workstation access so people won't be able to unfreeze even if they snag the password with a keylogger of some sort.
I've heard that it does interesting things to the boot record so that if deep freeze doesn't boot the system (ie: you try and bypass with a floppy or other bootable media), the harddrives aren't readable (unconfirmed).
N.
Re:I am an IT Director in a High School District.. (Score:1, Interesting)
After seeing how security was run at this LARGE district I don't have a whole lot of sympathy for IT Directors when their systems get cracked.
This crap is nothing new (Score:5, Interesting)
They hadn't thought of that.
That bill didn't pass (only because an intelligent, well-spoken engineer gave the politicians some facts they chose not to ignore), but there always those that feel the need to increase the crime/punishment ratio to insane levels. Oh I know
Re:Lets get the facts straight (Score:3, Interesting)
But it is a contest. Guess you've forgotten what it's like to be a kid. Unfortunately, your 'them against us' attitude is what makes it fun. I worked in the public schools and administered the computer lab for several years. I had the best luck by ignoring the harmless stuff, and recruiting the help of the geeks.