Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oxford Students Hack University Network

Posted by CowboyNeal on from the unintentional-online-services dept.

An anonymous reader writes "Both The Guardian and BBC News are carrying the story that two students at the University of Oxford, Patrick Foster and Roger Waite, were able to easily hack into the university's internal network in minutes using only easily-available software. Once inside, they could find out anyone's email password, observe instant messenger conversations and control parts of the university's CCTV system. The students were investigating the university's network security for the student newspaper, The Oxford Student, which published a front page article and editorial on the matter. In the article, a university spokesperson is quoted as saying 'In some cases the wish to provide the widest possible computer access as cheaply as possible may mean deciding to go for a cheaper set-up, with potentially lower security.' The students now face disciplinary precedings from the university and could receive rustication (suspension) and a 500 pound fine. The matter has also been passed onto the police."

12 of 662 comments (clear)

  1. Are there any adults in the house? by erick99 · · Score: 5, Insightful
    If they were really interested in the best interests of the school they should have avoided embarrassing the school's administration. They could have taken the information to the school and if the school ignored it they could have then published an article. They did call the school for comment but it was clear they were going to publish so that didn't afford the school a chance to remedy the problem. I think they were more interested in an article that would generate a lot of excitment and make them look good. I don't buy their arguments about doing all of this in the best interests of the school. I believe they had their own best interests at heart. I can't say I think much more of the administration in their handling of the matter either. There is a lot of ass-covering going on here and I don't see anybody handling this like adults except for the police who acted quickly and appropriately. Jeeze, what a mess.

    Cheers!

    Erick

    --
    http://www.busyweather.com/
    1. Re:Are there any adults in the house? by erick99 · · Score: 5, Insightful
      The police referred it back to school as an matter that should be handled "internally." I do agree with you though, they did not need to involve the police. While I think the students were very misguided and out to make a name for themselves, they did not need to involve the police. The students were not malicious, simply self-serving.

      Cheers!

      Erick

      --
      http://www.busyweather.com/
    2. Re:Are there any adults in the house? by DrMrLordX · · Score: 5, Insightful

      I can't say that I agree completely. This reminds me all too much of a small "controversy" that went on in my highschool alma mater here in the States. Several members of the school's newspaper staff uncovered information regarding the existance of a peculiar group within the school known as the "Cotton Club"(as I recall) whose purpose was unclear, but which contained members from both the student body, alumni, and supposedly trustees who were all male, white, and rather racist. The only known function of the group that I can recall was that there was a great deal of consumption of alcohol involved. They probably did some other dull things.

      Anyway, the school newspaper staff(full of multicultural liberals) found the existance of this Cotton Club to be horrendous and wished investigate the matter. Shortly after this became known to the school's administration, the faculty member at the head of the newspaper staff was pressured into forcing his staff to avoid writing any stories about the Cotton Club.

      In other words, there was a secret club in the school that contributed to the deliquency of minors(as well as the violation of the school's Honor Code), adults were sponsoring this, and the administration didn't want anyone to find out about it or bring an end to the secret club(which is what they should have done).

      The University Proctors seem to be behaving in the same fashion while also being less successful in covering up their mess. There was, and likely still is, a security flaw within the Oxford network. Someone tipped off the school newspaper(why they went to the paper is anyone's guess), indicating that at least one person, if not a small number of people, outside the newspaper staff knew about the problem. Foster and White investigated, reported their findings to the University, and were slapped in the face and told that they may have comitted a crime. Mind you that, reportedly, this happened BEFORE the article was published.

      What this tells me is that the university knew about the problem and did not want to fix it. A number of reasons for this could exist, such as:

      1). It'd cost too much to secure the network. Quote from the article, "A university spokesperson quoted in the story admitted that, in some cases, a cheaper computer set-up was chosen to provide wider access".

      2). Someone, or several someones, within the university staff may have been exploiting security flaw towards their own ends. I don't know that I buy that, however. You'd think they'd have similar access just through their IT department or whatever it is they have there.

      Whatever the reasons may be, Foster and White obviously felt that it was their duty to let the student body know about the security loophole so that the university would be pressured into fixing the problem. They may have done quite a bit of good.

      Or maybe not. Hard to tell with the details in the linked articles.

  2. Oxford Loses Out by mfh · · Score: 5, Insightful

    The school is feeling embarassed, and vengeful, so they make an example of the students; the students were only hacking the network to produce a news article on the lacklustre security at Oxford. They have a right to obtain evidence to support an article on the security systems, even by showing how the system can be broken into. Students likely have been complaining about it for some time.

    From my perspective, the student body has a right to be certain if the use of the school network is going to compromise any of their personal information. Do you know how many students use school networks to check banking information?

    These white hat hackers have given the school a present and they are slapped in the face for it. Any action against the journalists will only smear Oxford's reputation further. They should simply thank them and make the necessary changes to improve security.

    Shit, if I know this, and some multiple-PHD administrator can't figure it out, what does that say about the level of comprehension at Oxford?

    --
    The dangers of knowledge trigger emotional distress in human beings.
    1. Re:Oxford Loses Out by cmallinson · · Score: 5, Insightful
      They have a right to obtain evidence to support an article on the security systems, even by showing how the system can be broken into.

      I am not familiar with this right. One has the right to commit a crime, as long as one writes an article about it later?

  3. Rule of Law by konekoniku · · Score: 5, Insightful

    Do you even know what "rule of law" means? It means NO ONE is above the law. Not the president, not the police, not even investigative journalists.
    What the two students did was clearly in violation of university policy and criminal law, and need to be punished accordingly.
    Yes, the fact that their primary intention was journalism should be considered as a mitigating factor, but I see no reason why it should get them off the hook for having committed several crimes.

  4. Yeah, they should have kept their mouths shut by warm+sushi · · Score: 5, Insightful

    Imagine never failing another subject.

    Imagine being able to push your enemies down a grade.

    Imagine making some extra cash selling exam information.

    Imagine trashing the occasional file to irk a disliked professor.

    Imagine that the organisation responsible for stopping you doing these things spends more time complaining about white hats than it does stopping black hats.

    Imagine how much easier life would be not doing the right thing.

    Just imagine...

    Whether they did for self aggrandisement or not, whistle-blowers make it safe for the rest of us. I don't have the skill to test security like this. But its nice to know that there are self-serving show-offs who will do it for me. More power to them.

  5. Re:Yeah... and? by gilrain · · Score: 5, Insightful

    Of course, in this case they were researching for an article for the university paper. Honestly, as long as no damage was caused, I'm not sure why they are being punished as opposed to given awards for excellent investigative journalism.

  6. Re:Yeah... and? by TeraCo · · Score: 5, Insightful
    Well.. this might seem obvious.. but it's because it's still illegal to break into other peoples networks.

    Good investigative journalism would be working out whether it is possible WITHOUT breaking in, then writing a story about that.

    --
    Not Meta-modding due to apathy.
  7. little we can do? by blazen1 · · Score: 5, Insightful

    An IT Officer at College A said: "Short of keeping the network as segmented as possible, there is very little we can do."

    Somebody fire this person.

  8. Re:Yeah... and? by boaworm · · Score: 5, Insightful

    You cant really mean that it's OK to hack/crack stuff if you cloak it as "excellent investigative journalism" ?

    Journalists get far too much slack already, ranting arould like fools saying they are doing a "great job for society" when they take paparazzi photos of officials and private persons so they can sell more newspapers.

    What the kids SHOULD have done was to contact the principles office and ask for permission. They could very well have been given such a permission if being supervised, and everything would be fine.

    --
    Probable impossibilities are to be preferred to improbable possibilities.
    Aristotele
  9. Re:Yeah... and? by Chitinid · · Score: 5, Insightful

    1. The fallacy here is assuming that the laws *must* be correct, and failing to consider what the purpose and the origin of the laws are. The laws are presumably there to protect the everyone's rights. If everyone's breaking the law, what's the purpose of the law? Obviously either everyone has a double standard or thinks the law is silly. These "fundamental moral principles" you mention had better be supported by the masses, or they're elitist and don't belong in a social contract.

    2. I'm not sure what you're saying. The students could somehow have accidentally caused damage? Oops, the deleted the student records by pressing the wrong button? This is an absurd viewpoint. You might as well argue that driving a car could accidentally hit a pedestrian, and should be punished. Add this to the reality that they didn't cause any damage, and had no malicious intent, since they actively turned over the information they found to the authorities.

    3. Your argument is weak, hiding behind the word "hutzpah." It's a legitimate concern if the university computer systems don't provide enough security to ensure that their personal information was secure. How would you like it if your doctor did the equivalent of posting your medical records online?