Slashdot Mirror

← Back to Stories (view on slashdot.org)

Arrested for Planting Spyware on College Compus

Posted by CmdrTaco on from the serves-him-right dept.

AndrewM1 writes "In what may serve as a cautionary tale for people who use computers in public areas, Douglas Boudreau allegedly installed keystroke-monitoring software on more than 100 computers at Boston College and then watched as thousands of people sent e-mail, downloaded files and banked online. He then stole $2000 with the information he gleamed."

10 of 352 comments (clear)

  1. MIT by cristofer8 · · Score: 5, Interesting

    Which is exactly why you shouldn't use single user windows systems. MIT has athena, a huge unix-based system. There's no way (barring finding the root password) for me to do this to any user other than myself.

    1. Re:MIT by Waffle+Iron · · Score: 5, Insightful

      Any workstation that is pysically accessible to the public is subject to reprogrammning so that it emulates its original behavior plus logs keystrokes. Unless you're using honest-to-goodness dumb terminals with non-flashable ROMs, I wouldn't be so confident.

    2. Re:MIT by Anonymous Coward · · Score: 5, Insightful

      Nonsense. I can easily hack into a UNIX system without nothing more than a floppy disk and the power switch.

      The real thing to remember is to never, ever, ever use a public system. That is the most sure way to give up all privacy. Even if there isn't a 3rd party breaking into and modifying the public machines, the true administrator of the machine might have all sorts of logging software.

      Even if you use something like SSH or SSL, that only products you between the two endpoints. When one of the end-points (the client you are using, in thise case) is insecure, a secured data tunnel is worthless. Indeed, your keys/passwords/etc. can be stolen quite easily.

      If you need to compute on the run, get a laptop that you are in control of. Don't use someone else's machine to conduct sensitive business or utilize sensitive information.

  2. They may be shared machines by Marqui · · Score: 5, Insightful

    But why weren't they locked down to prevent installations of software, etc?????? You would think that the admins should be on top of this. I know it's easier said than done, but it seems that someone should be watching this stuff!

    1. Re:They may be shared machines by tekunokurato · · Score: 5, Interesting

      You know, there's something to be said for allowing users some degree of freedom. It's quite easy to cut off all kinds of access, but networks that have users with a wide variety of needs and interests and who can generally trust their users shouldn't do so.

      At my school, we've got some computers in very public areas that are all full of restrictions, and people run into usability problems with them all the time. But on the computers in the library, users can install whatever they need. If I need to install a drawing program to help create a presentation, I should have the freedom to do so. If I want to install AIM to get files off my computer remotely or send myself information, I should be able to do this. These are important user rights in a computing age.

      As such, it is important to monitor what is being placed on computers, but it is foolish to restrict everything outright.

      --
      Read jack phelps dot net
  3. This software... by Chicane-UK · · Score: 5, Interesting

    This kind of software causes a real headache for system admins.. I speak from personal experience. Our team of about 12 technicians look after approximately 1500 workstations, and about 2/3 of those are used by a theoretical maximum of about 6000 students on a weekly basis.

    Trying to keep tabs on this kind of thing can be nigh on impossible.

    We have found some software that does work pretty well though - a company called Fortres Grand sell a package for Win9x/Me/2k/XP called Clean Slate that basically resets the machine to a previous state every time it is rebooted. If you wish to add software, you disable it, and put it back on once the software is installed. The machine then works from that 'save point'.

    We try not to make machines 'too tied down' for students (like blocking downloading, any changes at all) so this software is ideal and not too intrusive.

    No, I dont work for Fortres Grand but thought it seemed appropriate to the subject! :)

    --
    "Hey! Unless this is a nude love-in, get the hell off my property!!"
  4. Re:Actually... by Glonoinha · · Score: 5, Interesting

    Actually I was with the guy right up until he turned to the dark side and used the information to steal. I think the penalty for 'liberation of information' or white hat hacking should be pretty thin, but the minute someone steps over the line and does something bad with that information we lop off a hand (like they do in ?Muslim countries for stealing?) I figure that losing a hand is a pretty good way to keep someone from becoming a repeat offender (pretty difficult to work a computer if you lose both hands) and THAT will serve as a pretty strong warning to others.

    Two thousand dollars will buy you a lot of McBurgers, but won't buy you another hand (even in Chiba City.)

    --
    Glonoinha the MebiByte Slayer
  5. Crime is Crime not computer crime by Dragon218 · · Score: 5, Insightful

    The title to this article is not really accurate in this case. The person who was arrested stole $2000. He was arrested for that (or should have been). The keylogging software in this case was just the means to commit the crime. It shouldn't be illegal to install keylogging software (unless he's breaking the user agreement by installing software on that computer, etc.). To say he was "arrested for installing keylogging software" to represent theft could be compared to saying a murderer was "arrested for buying a gun and ammo."

    Using a computer to commit a crime is no different than just commiting the crime. There should be no elevated charge just because he used a computer and software instead of a forged check or stolen credit card.

    --

    "It's the little touches that make a future solid enough to be destroyed" --William S. Bourroughs
  6. Re:wonderful! by Anonymous Coward · · Score: 5, Funny

    yep! you can't get any more inconspicuous than a BRIGHT MAGENTA page with "Copy and paste into password forms:" in a 24 size bold font!

  7. ATMs too by kwenda · · Score: 5, Interesting

    I saw something, I want to say on Discovery - a documentary on counterfieting. Anyway, there was a group of people who wheeled an ATM into a mall and set it up to look like a legitimate bank machine. They left it there for a period of time, but it never dispensed any cash. Instead, it would read the magstripe on the card that was inserted, and then record the PIN number that the user entered. It then printed out a message that it was unable to contact the bank, or the customer was out of cash, or whatever. After that, the crooks came back and wheeled their ATM back out the door - along with hundreds of valid ATM card and PIN numbers.