Slashdot Mirror
Student Logs Teachers Keystrokes
handy_vandal writes "A 16-year-old student has been charged with a misdemeanor for rigging a keystroke-recording device onto a teacher's computer. School district police received a tip from students that the boy was trying to sell answers to final exams. The District Attorney's Office has charged the teen with breach of computer information, a Class B misdemeanor punishable by a fine of up to $2,000 and up to 180 days in jail. This sort of thing has happened before. The problem is so pervasive that the GRE board has switched from computers back to paper and pencil."
What, exactly, does this have to do with my rights online?
Sometimes even the teachers need to be taught a lesson.
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
i know a friend that did this in hs but never got charged, because he did it for passwords--and the teacher didn't know anything about computers really.
My wife just started teaching 9th and 10th grade high school math. I gave her a little crash course on basic computer security (including watching out for keyloggers!)
It's common knowledge that the kids are smarter than the teachers, computer-wise... but hasn't it always been that way?
This was submitted to fark with a funnier headline...
Really, since when did Slashdot become old Fark stories?
Most people I meet don't necessarily think computer security is a problem past virii and adware -- and it shouldn't necessarily be their problem, it requires better design. But could their be a lesson here as to the importance of real-life, practical security needs?
he District Attorney's Office has charged the teen with breach of computer information, a Class B misdemeanor punishable by a fine of up to $2,000 and up to 180 days in jail.
He will more than likely meet some members of the GNAA while in prison.
Red Bull gave me wings and I flew into the ceiling fan.
Awsome...Now kids will get an experience what we we went through. Break in, get answers, record answers on gum wrapper and sell each stick of gum for $5. ...
Profit!
Every computer added to a classroom is another nail in the coffin of modern teaching. There is nothing added by adding a computer, but much is taken away.
Computers ought to remain in "computer labs" and perhaps on the desks for specialized "computer classes", but they definitely don't belong anywhere else.
Creative usage of computers for teaching is a copout on the kids. By removing the teacher/student relationship and replacing it with an inanimate object, the kids lose out on a great deal of education. This is why home-schooled kids typically do better in college than "computer schooled" kids do.
Is it any surprise that the more technology becomes a part of these kids' educations, the more likely it is that the bad apples are going to find ways to exploit the system?
Computer not being used? start -> log off It's not hard.
Who is letting kids install stuff on school gear?
There are lives at stake here!
Well, maybe not really.
:p
Don't wanna go to jail.
But it would have been handy in several classes last semester.
But I did recently discover the admin password for the network, by looking at the only 5 worn keys on the server's keyboard ^_^
Shiny. Let's be bad guys.
Or does anyone else think that pbskids site hired some designers from Trading Spaces?
...uses a keylogger DONGLE?
Seriously. Did he think that the teacher wouldn't notice a DONGLE that was added to the computer?
Please. At least use a trojan-type keylogger, or something even slightly covert.
I, too, have switched from computers to paper and pencil for storing sensitive information like password lists. I don't trust PCs when it comes to security.
Just wait until another student gets their hands on the pass. I'm not the only one with a cruel sense of humor.
There's an old saying that says pretty much whatever you want it to.
She said the scheme was uncovered after authorities learned that the boy had attempted to sell the answers.He seems to have gotten caught because he was greedy. This brings up the question of how many kids have done this (use physical keystroke loggers) and have managed to get away with it. Do IT companies have any scheme to check for this sort of thing other than just locking up the physical case in the desk so the ports aren't reachable?
--
Free iPod? Try a free Mac Mini
Wired article as proof
if they placed the computers (with the tests) someplace better. As /.ers know, the most important part of computer security is physical access.
Remove the computer (with the tests) to somewhere that only teachers' can go, and you'll mostly eliminate the problem, without resorting to pen and paper.
"the GRE board has switched from computers back to paper and pencil."
looks like they dont like the idea of the students being smarter than the staff.
give the kid a trophy i say =]
I know he admitted to the charges, but I do question the reliability of 'students' for the source that he was going to sell answers. It just seems a bit weird as students love to cause trouble, and say there was another student knowing he had this logger in practise, a few quick lies could bring some quick satisfaction..
Before we all start to scream bloody murder this, fascist law that, I would like to say that this kid got what he deserved. He is not a victim here. The victim is a teacher whose privacy was violated and the attorney deserves our support this time. This case is completely unlike the one of DVD John or Kevin Mitnick. The 180 days in jail is nothing in this case. So please, let's stop our knee-jerk reactions and congratulate the law enforcement just once when they in fact have done a good job. No need to panic here, no need to remind about 1984 or the Third Reich, because this kid was the one who was spying on his teacher and who belongs in jail. This story is only about "Your Rights Online" because your rights could be as easily violated like the rights of that teacher were violated by his student. We need to be protected from spies, be them MIAA, NSA or our students.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
I suppose it depends on the computer which the program was installed on, but would selling test answers really
be the best way to profit from the risk taken (installing the logger)? No email passwords or credit card numbers?
I suppose CC's are a few steps up from ADBCBDADDC as far as legal action is concerned...
Also, since everything else can be copywrited, what are the laws concerning tests and answers? Intellectual property?
Property of the teacher? I know some nationally standardized tests carry the wrath of god if you post answers online,
but what about high school tests?
Finally, some home town recognition.
this has happened before only in the employer/employee scenario. and the employer got away with it. poor kid. what a crock of shit.
Funny to see it on here now... A buddie and I wanted access to the (mac) computers at school, so we "tricked" a teacher into unlocking one of them for us...
We then installed a keylogger, which eventually gave us the password for the security program, FoolProof.
We eventually installed the program on quite a few computers, using it to check out people's email... was quite nifty, created some interesting gossip topics.
Probably wouldn't have done it if i knew i could be fined...
It's common knowledge that the kids are smarter than the teachers, computer-wise... but hasn't it always been that way?
;)
This is true. When I was in junior high in the early 90s, we had some basic computer course that involved filling out answers to some questions on a computer. I don't really remember that much about it now. But one day a bunch of us were in the lab and we found the teacher's disk, which had the answers to everything. We entered the disk and the program asked for a password. My friends were ready to give up. I thought for a moment and typed in "hello". It worked... first try. It was hilarious. My friends, most of whom hadn't used computers much by that time, thought I was some kind of serious hacker.
I guess this was a lot funnier in 1992. But the point is... I'm sure then, just like now, the teachers thought everything was secure. There's always someone who's going to prove them wrong.
Not a thing. It has to do with a dishonest kid who got busted doing something wrong. But sure as the earth turns, someone here will twist it into some dark big brother scheme to strip the common man of our rights. Somehow.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Does the student deserve a punishment? I think the answer is obviously yes. I don't think this really has much to do with rights online. Would this be posted here had the student been watching through the teachers window while he/she was writing the exam? For that matter, what if the student saw a hardcopy in the secretaries office and took digital pictures of each page? I think that the teacher's rights have been compromised if anything. I do think the punishment may be harsh, and that the school should deal with it internally, but the student should be accountable the action taken. If one considers the parallels I drew before, I think that the punishment being proposed is way too harsh (don't get me wrong).
This isn't some poor misguided kid who got thrown in jail because the "lab monitor" saw him using "that Linux hacking tool" on the school Windows machines. Nor is it some grey-hat hacker pushing boundaries. When you actively go and install a keystroke monitor on a machine that is not yours, you're out to get information that you shouldn't have, period. It's totally premeditated, too - it's not like he was poking around in /tmp and found a MS Word auto-save backup file with the answer key in it, or was rummaging around in the trash can because he dropped his retainer and found the answer key - he deliberately went and got a keystroke logger and put it on the machine. There's no possible way to spin this as an innocent kid getting screwed.
There is no sig, there is only Zuul.
Maybe there will be some stupid law that makes keyloggers follow the break procedure, like back in the old days. Then the only people with keyloggers will be outlaws
One thing related to this story that schools should NEVER do is print report cards on plain legal-sized paper. All one has to do to fake this is to find the right font, space everything properly, put in desired grades (don't over-inflate, parents get suspicious if you go from an F to an A in a few weeks), print, throw away real report card, and not think twice about it.
main(0)
I remember compiling some Win9x keylogger source code from an issue of Phrack during high school. I installed it on the computer teacher's Main PC through the class' LAN (I had the network password).
I have truly learned from that mistake. No, I didn't get caught, but I did find where he hides his massive gay porn collection in the school's computer. I switched teachers for the next semester.
I have been logging the passwords of fellow students and teacher. And on a few other computer's *Cough* Sysadmin *Cough* i have nice ass keyloggers! but im not a dumbass. there is NO WAY they can catch me!
This must be the, what now, 4th "let's read fark and then post it on slashdot" article on slashdot this week?
:-/
Kuro5hin seems just as bad nowadays, too.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
If he would have kept his mouth shut instead of spouting off to his buddies he would have never gotten caught.
Hopefully he learns his lesson.
If you're going to break the rules/law DON'T TELL ANYONE ABOUT IT EVER!
Diabolical technique! Who would have thought!
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
This is what passes for rebelliousness nowadays? It's sad the things kids nowadays think is 'evil'. Human society has definitely gotten weak.
Jail time for minors is almost never a good idea. There are some very rare cases where it's necessary, but this is not one of them, so I hope it doesn't come to that. We usually go easier on minors because it's widely believed that since they are still young, they still have time to change their ways, and so they deserve another chance. After all, most of us did some fairly stupid and/or illegal things as teenagers, many of which would've gotten us arrested or otherwise in serious trouble if we had been caught. But that doesn't mean we turned out to be criminals. We simply "grew up" and grew out of pulling those kind of stunts. Jail time for something like this is just going to set this kid's whole life back a LONG ways. So let's hope it doesn't happen. He should get a long community service term or something.
I'm glad to see (just noticed it because of the reference in the summary) that the GRE board is going back to a pencil-and-paper method. I took the computer-based GRE about a year ago, and among other things, the computers, software, and lack or real security definitely made me nervous.
I don't know whether the testing machines were hooked up to the internet, but I suspect they were -- as a convenience for sending results and personal information. I doubt it was all stored locally. Even if it was, I doubt that info was cleared after each testing session -- waste of time, recordable media, laziness, etc. Each terminal could run various apps, some from CD's, depending on the particular test, so there was certainly some form of access to running apps.
The computers all appeared to be running Windows 98 or so, with custom GRE software. I have no idea whether the software itself had any holes (it seems likely), but it would probably be quite easy to install a keylogger on any of them, especially if one of the proctors wasn't totally honest, or didn't follow the rules to a T. I could have easily brought in a floppy or CD in my pocket, since the proctor never checked as he was supposed to. Heck, I could probably have brought in a calculator, a small dictionary, even a laptop if I was careful -- we were behind partial cubicle-like privacy walls, and when I leaned back I could see the proctor out in the office area reading a magazine the whole time.
Some of this would still be possible with a paper-and-pencil test. However, given that proctors (in general -- no offense to the good ones out there) will probably always be lazy, removing the computers is a good idea.
Perhaps I'm way off base here, but I assumed the person with violated rights was the teacher. I'm sure people in other professions risk having their clients log keystrokes or otherwise violate privacy. Of course, the school board (employer) could log keystrokes, but that's entirely different.
-- SYS 64738 --
Most teachers (5 years ago when I was in HS) don't have any idea what the parts of a computer do. Unless they know what the ports do, they would never care if they saw a little extra adapter between the keyboard and the computer's PS2 port. This is why they need to be educated on what their machines do. There is also the chance that the keyboard port was well hidden in the desk so the teacher wouldn't have noticed unless she took the time to explicitly check. This is bad physical security on the part of the school's IT dept.
--
Free iPod? Try a free Mac Mini
Wired article as proof
Back in my high school spanish class, the teacher made an offer that if anyone could figure out his Windows screensaver password (which was a spanish nickname his grandma gave him), he'd give that person an A for the year. The fool.
I have worked there here in Houston. Trust me when I say that it really isn't the student that should be prosecuted, rather the IT staff and their failure to secure public property through security.
This kind of thing is all too common when you give a student in high school full administrator access to your entire network and then expect them to behave on the "honor system".
Thankfully I am no longer a part of that weak IT infrastructure. But in all honesty, it was just a disaster waiting to happen. And tomorrow I am willing to bet that the students are right back on the system.
You would think that this kid would have just done the smart thing like all the other kids do: Go into the gradebook program and change the grade when the teacher leaves the room (since they don't even protect their machines by locking them when they leave). Viva anarchy!
LOL - YES I AM
IMHO only half the blame falls on the student.
Yes he should be prosecuted, yes he commited a crime, no it's not ethical, no it's not right.
But if I was a parent in that school district, I'd be very concerned. That is a great example of the security in that district. Why not install that on the Nurse's computer? Get some medical info.
If the workstations are that insecure, imagine how the servers with student information are. Workstations are pretty easy to make safe these days for a good admin.
IMHO they should fire whom ever is in charge of network security. They OBVIOUSLY did not perform their job. If a student was able to install a key logger, the computer wasn't secure. No user (except an admin) should be able to do so. There's no excuse for that lax security.
If I were a parent in that school district, I'd demand that they fire the individual(s) in charge of IT, and look for someone who knows 1 or 2 things about security.
Sorry, but just imagine what someone who wants to do evil could do if security is that lax. He just wanted some test questions. Imagine someone who wants records from the nurses office, wants to alter another students grades, etc. etc.
Seems that when I normally hear about incidents even less severe than this -- for example, a student sending out a popup window with the NET SEND command -- the consequences are far more more harsh. Expulsion, possible felony charges... ...where is sane thinking actually prevailing in this country?
STOP MISUSING APOSTROPHES, YOU MORONS!!!
The GRE has hardly switched from computer based testing to pencil and paper. They switched a few overseas regions back two or three years ago, but I'm not sure that change was permanent.
In the US, as of 2004, the test was still given on PCs running Windows 98.
Not to be a troll, but since when did children need a strong teacher/student relationship? Back in high school, one of my favorite teachers showed up at the beginning of class, handed us lab sheets and reading assignments, then went out for coffee. And of the 10 home-schooled kids I know, fully five of them couldn't handle real college and ended up in local community colleges to stay close to their parents. I'd say a strong connection to one's teachers is as likely to be harmful as useful.
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~
Damn it son.. I thought I taught you right... Keep the price low.. sell more.. keep people happy.. you stay out of trouble.. now look at what you have done...
The tragedy here is less the fate of one misdemeanorous student and more in what this story says about the state of education today.
That this kind of cheating is so prevalent as to drive the GRE board back to humble graphite and tree pulp can only mean that the once noble relation of student and teacher has degenerated into adversity, and the institution of the examination, once seen as a test to be passed honorably and as a way of betterment of the self, is now seen as nothing but an inconvenient obstacle on the road to success and self-indulgence, to be overcome by any means necessary.
I might also add that it does not cast the state of IT security in a flattering light that the only way the GRE board has of feeling secure in its test results is to go back to handwritten tests. Makes me nervous about the legions of electronic voting machines upon which our democracy increasingly depends...
Where is the controversy or violation of rights here? This is simply news. The kid did something that is clearly, blatantly wrong; there is no gray area or justification or defense. He got caught and should face the consequences.
Ha! You couldn't have picked a worse example of how to use a computer in the classroom. Even in business PowerPoint has done more to inuslate upper management, which has generally been duped into believing that a business process can be accurately summarized in 5 PowerPoint bullet points or less, from what's actually going on in their companies than anything else. And now you're asking us to believe that a pre-canned PP presentation is better for students than a teacher personally explaining a subject and able to modify the visual aids to suit the pace of the class as he goes. Ridiculous!
And the brethren went away edified.
The new machines where I work, the ones we are just getting (Dells) do not have PS/2 ports at all (though they do have printer ports), only USB. Wonder if these things come in USB?
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
True story. When I was in HS, I frequently assisted the head sysadmin with network maintenance. I did it as part of a class and then later as an employee after school hours and in the summer.
One day I came across a stack of floppy disks lying around one of the computer labs that had one separated from the rest. For no particular reason, I was interested what was on it so I inserted it into a nearby system to check it out. It contained a single file, an excel spreadsheet. Upon opening that and browsing around a bit, I found that it contained the salaries and financial account information of every school employee, from the janitors to the top management and headmaster. I was definitely astonished that this kind of information was just lying around for anyone to find. (This was in a student computer lab that mostly everyone had access to.)
I'm now a CS major at well known university and it isn't much better here. I recently found that all of the student password hashes are accessible to anyone on a certain machine. After running that against John the Ripper, I was able to obtain about 50 of them within 2 hours. Of course I never intend to use them, but it was an interesting excercise.
I really think the people in charge of security in academic environments need a wake up call.
Ya gotta wonder what this world is coming to when students go to the police because someone was tryna sell them answers to exams. :|
Yeah I know.. it's very unethical, but honestly, would you have done the same? My peers and I used to get away with far worse, and ultimately nothing bad really happened.
-kidlinux.
that "happened before" link just..reeks of propaganda. their list of excuses people cheat and they shoot down are perfectly valid. i never truly cheated, but plagarism? HELL YEAH i did that. i also programmed my TI-83 to do geometry for me. but i had to understand it to code it..so i learned something i guess.
sounds kinky.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Honestly, the problem is that so few schools out there have quality Technology Coordinators (admins). Where I went to high school I served as an assistant to the admin in my senior year, and he took security very seriously. He used restrictions and altiris management software to prevent unauthorized programs from being accessed.
In addition, students were never allowed on a teacher's computer.
That, however, never stopped the office monkey's down in attendance from taping their passwords and logins underneath their keyboards where I found them while doing a replacement one day. I peeled the paper off the desk, balled it up, and tossed it. I wasn't suprised when they called a few hours later saying "they forgot their password." Idiots.
-Gamma
Where I live (Washington State) the teachers use their credit cards at work to look at porn.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
The /. summary makes it seem as though ETS has given up on the idea of computer based testing completely, which simply isn't the case. ETS is only changing back to paper and pencil in some overseas reagions temporarily. Apparently verbal test scores shot up unexpectedly in China and the ensuing investigation led to the halt of the Asian computer based test until security is tightened up.
How do you propose the IT administrator prevent hardware devices from being attached to a machine once it leaves his hands? Locking the box in a cabinet is not a bad idea, but do you really want it to burn up in there? Other than putting every machine on lockdown, how is this going to be stopped? It's not like he needed passwords or admin rights, or even a live boot CD. The only risks of detection are:
1. The machine hangs when you unplug, then replug, the keyboard. Doesn't usually happen, but it's certainly not unheard of. This is easily avoided by waiting until the machine is off.
2. Somebody sees him do it.
3. Someone traces the keylogger purchase to his shopper card and... oh wait, wrong story.
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
And at the _ELEMENTARY SCHOOL_ where I'm the LAN administrator, the entire staff got an e-mail from the heads of Tech Services about hardware keyloggers and how to watch out for them.
Now, I know at this level, we don't have to worry about it; elementary kids aren't likely to do crap like this. But middle and high-school kids... that's the age when the teachers and students should have dumb terminals and X11/Terminal Server sessions. There's no excuse for this, not on the kid's part or the teacher's part - but then again, most teachers don't know crap about this stuff, so they're hardly to blame.
And to think that when I was in high school, I just got in via teachers leaving their machines logged in and unlocked - and all student passwords were in Excel spreadsheets. Ah, the good old days...
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
I did the thing when I was in 7th grade 10 years ago. I had a floppy with almost every username/password on the network. While I had access to exams and grades, I wasn't stupid enough to mess with those but I did mess with the website a bit. In any case, I eventually got busted because my friend (who was a co-conspirator) blabbed about it.. Long story short, I had to take the fall and ended up being kicked out of the computer rooms for the year. At the time I definitely felt like it was the worst punishment ever, but reading about this story makes me feel really lucky... Poor kid though... He doesn't deserve jail time for that.
Hell, back when I was in grade school, Nelson Muntz used to sell exam papers out of a cistern in the boys' toilets. He didn't need a computer, but oh, how we dreaded his mocking laugh!
wats more disturbing to me than the fact that he keylogged his teach and got the paper is that he was trying to sell them. i mean like thats worse than cheating if u get caught u will have to deal with the school but sellin paper is just greed. i confess that i have cheated a few times in my school exams but never on my finals('cos i am too chicken to take that risk) and i've always done well.
This raises questions I've had for a long time
Is it illegal to install a keylogger on a machine that you own?
Is it illegal if you were browsing your keylogger logs and found someone had used your machine and you found out their password?
Hey, this kid should get in trouble, yes, but I fail to understand why this is such an amazingly huge deal that it has to involve police and possible jail time. He was looking for test answers and then he tried to sell them and got caught. It appears that was the extent of his crime, too. There's no mention of stealing credit card numbers, account logins, etc.
Yes, he *could* have done that. The article, though, seems pretty clear it was just about the tests. Shouldn't the punishment fit the crime? Does potentially sending a kid to jail and giving him a huge fine fit the crime of trying to cheat on a couple tests in school?
I'm sure there's going to be many claims of "but he could have done more!" Except, by all accounts, he didn't do more. So.. I don't understand the idea of having extensive punishment for something he *could* have done if he had just been a smarter or more patient criminal. This is about as serious as finding a copy of the answer sheet sitting on the desk and copying it down while the teacher is busy somewhere else, isn't it? Isn't that the crime that was alleged and admitted to? Would a kid get charged with "breach of teacher's desk, a class B misdemeanor" in that case these days?
Maybe school has just changed a lot from when I was there. Scary world we live in.
Hexy - a strategy game for iPhone/iPod Touch
Cool signature line. "Warm" reboot on a C64 wasn't it?
First of all. Why was access to the data allowed from a public terminal? When you have something like answers for a test that can easily be stolen by anyone with a packet sniffer/key logger, why would you trust accessing that data in public places? Almost sounds as smart as using your bankcard in a hi-tech camcorder store run by ex-criminals.
Second. Why was the data accessible over a network rather than a standalone machine? C'mon school admins, think here. Did the military patent the concept of a computer device NOT connected to a network and NOT in a public place? Cause last time I checked, a machine in a locked room the must be accessed by entering/passing through an area which is populated, and where you would be recognized (uh, staff room?) as unauthorized would be impossible for a stuhave time to steal the data.
Moral of the story? Anything that is considered "confidential" should be on a standalone machine that nobody would have the time or resources to break into during a normal school day.
Show her how a SECURE OS works!
I didn't RTFA, but it's possible that a kid could put a keylogger on a machine and still remain innocent. He or she could be bored shitless and simply want to entertain themselves, the data itself being fairly inconsequential.
Though, it sounds like from the temperature of the posts that he did indeed target the teacher specifically for test answers. In that case...
(On the other hand, I knew someone that did that, and never used them - they were for a class he wasn't even in, he just did it for shits and giggles.)
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
...one of these?
These things are real security threat. Might want to check the back of your computer before you use it. Better yet, switch to a USB keyboard, not sure if they make USB key loggers yet.
... if a 16 year old kid has to go to prison for 180 days! In Germany the kid would have been judged to perform about 180 working _hours_ to amend his guilt.
I used to be a student in Fort Bend ISD (the district in question where this happened). I'm posting anonymously for my own safety, mainly because I've turned enough heads and made enemies in high places over there to warrant protecting my privacy for this post.
I'll begin by saying that the key logger stuff is just the tip of the iceberg of what students have got away with here. I know how badly modern public education sucks around here and in the United States, so I usually turn a blind eye to the things I have seen students do. If the kids are creative enough to even think of this and set up a system with students, then they probably do not belong in these classes that they are obviously not interested in the first place, but I digress...Some of the things I know of... students who guess the usually simple passwords teachers place on their grade book software (sometimes they are stupid enough to leave the password on a post-it attached to the monitor). One student told me how his teacher used Excel to record grades, so he modified the spreadsheet to automatically increment the recorded grades in a hopefully unnoticed fashion.
I know people here who have gotten FBI raids for poking around in things they were not supposed to, so I am rather shocked that this kid got off this easy for what he did. FBISD does not like embarrassment one bit.
Regarding computer security in FBISD, it's a joke. Any sufficiently intelligent geek could get into whatever he or she wanted.
Maybe a bit offtopic, but would a TCPA PC with a non-evil operating system like Linux be able to block a trojan/keylogger program from intercepting keyboard messages?
As in, you type into a program which has focus/active window. And it's only supposed to go to that 1 program. And I'm guessing trojans use some sort of "man in the middle" attack, is that preventable using TCPA and a TCPA keyboard?
- -- Truth addict for life.
He didn't break into the teachers office, he attatched the logger when the teacher wasn't looking. It's more like opening up the teachers desk drawer and finding an answer key than breaking and entering.
I also think you're over-reacting to what amounts to a category on slashdot. You seem to assume "your rights online" is all about your rights being trampled on, and furthermore "you" are the kid. Who says "you" can't be the teacher? The teacher has rights of privacy, and keyloggers violate those rights. You've put your own spin on a vague category (of which there are a limited amount of categories) and then drawn conclusions from essentially nothing.
AccountKiller
My friend and I got the superuser Netware password for our highschool LAN from a simple DOS keylogger. Just luck, really. We got caught when we got too crazy and changed the global virus scanner batch file to report a new virus found on every PC in the school. Ended up with 2 days of suspension and an F in the class. I'm glad I got the black hat out of my system early when the punishment was not very bad! Kids are stupid, there isn't much you can do to convince them not to do this sort of thing. Just make sure to offer them a job after you catch them. :)
and teachers need to read this book: Security Warrior. Only by learning the ways of your enemy (l337 hax0r k1dz) can you defeat them...
Seriously though, it seems like school IT staff are stretched pretty thin... maybe it wouldn't be asking so much to ask the teachers to take a little more responsibility in protecting important data that's in their posession?
// TODO: Insert Cool Sig
Sentencing guidlines are maximums, AS in the legal limit that cannot be exceeded. So for this particular crime he may be sentenced to no more than 180 days in jail. Even if the judge feels he's dangerous scum, the 180 days is the absolute statutory max. The judge may, and likely will, use his discression and lower the sentence.
In the case of a misdemeanor carrying this little time, it's highly likely the kid will get probation, or a suspended sentence, plus some community service. Means that provided he keeps his nose clean for a few months after this and does what the court tells him, he'll be fine. Being he's a minor, it'll all go away at 18 also, the record will be expunged or sealed.
That's something people often forget when quoting sentences, it's the max being quoted, not the normal or minimum. Even minor crimes generally have a highish maximum, in relation to the crime, to deal with repeat or flagrant offendors. If this kid tries it again, clearly didn't learn his lesson, and perhaps some jail time is in order. However for misdemeanors, it's rare to see more tham a small amount of jail time, and often none.
Remember: a misdemeanor is a rather minor crime. Even as an adult, it doesn't cause you much trouble. It doesn't stick with you like a felony (employers can generally only ask about felony records) and prevent you from getting a job, owning a gun, etc. If it's a first time thing, espically for lesser ones, it's generally a slap on the wrist.
It's real different than felony computer crime, which is more serious. Also felonies quite often mandidate minimum jail time. There's a little more room to be concerned there.
Here, sounds like justice is being served. This kid broke the law, make no mistake. It is NOT legal to go and record keystrokes or otherwise take data off a computer you don't own, any more than it's legal to break in to a house that's not yours.
In this case, it's more akin to taking and copying a key. Just because you get a hold of my keyring and successfully make a copy of my key, does not give you permission to get yourself into what that key accesses. Likewise, jsut because you find out my password, doesn't give you the right to access my computer. Both are methods for securing something, indicating unauthorized access is forbidden and you need permission. Copying/stealing the key isn't permission.
So the kid broke the law. However, no real harm was caused and it's not a big deal. So he's being charged with a minor crime, and will get a small sentence. He keeps his nose clean, in 2 years they'll be no legal record of it, and likely nobody will know he did it. However, if he does it again, maybe he gets a couple months in jail to consider where the path he's choosing leads him.
To me, it sounds like justice being served as it should.
This is severe merely because he "used a computer" and that, my friend, is an incredibly grevious crime nowadays! With all that free information floating around out there on the internet - bomb instructions, illegal software, and (heaven forbid) porn - it's a dangeorous place, and anyone that knows how to use a computer diligently should be arrested!
*ahem* Orwell was right. *sniff*
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
"The problem is so pervasive that the GRE board has switched from computers back to paper and pencil."
-- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
and slip sheets of it between pages of the note pads.
;)
there's always a way to crack a system
if this is supposed to be a new economy, how come they still want my old fashioned money?
There's no excuse for that lax security.
... well, here we are.
Sure there's an excuse: not enough money.
Not enough money == not enough help == not enough time to go around to all the machines, each and every day, checking for keystroke loggers and the like.
Hell, there's not even enough money to provide decent books and pencils for a lot schools, let alone provide computer security.
Of course I don't like it. In principle, a system shouldn't be installed if it can't be secured. In principle, a school shouldn't even be built if it can't be properly maintained. But in practice
-kgj
-kgj
Parent is a post by the person who has submitted the story. Please mod up.
When I was 16 I did the exact same thing, except I wasn't trying to cheat or sell anything, I just didn't like the teacher and thought I'd mess with her computer. The principal threatened me with expulsion, but in the end all I got was a slap on the wrist.
A "Fucktards R Us" meeting?
Boffoonery - downloadable Comedy Benefit for Bletchley Park
That's fine, however he found it, and should have left it alone. If you find I left my keys on my desk and let me know, that's fine. However it's not fine to take my keys and get your own copy, then put them back without telling me. That's illegal (in the case of my keys, more illegal than you might think, given what they can open) and I'll have you arrested if I find out. Likewise, if you find my terminal unlocked and chastise me, I'm fine with it. If you find my terminal unlocked and install a keylogger to nab the root password, again I'll have you arrested.
Please note that what the kid did with the keylogger was use it to get access to test answers, which he attempted to sell. He wasn't doing this to "test security", "push boundires" or any of the other half truths that greyhats like to use to justify breaking into systems, he was grabbing passwords in a for-profit venture.
Also notice that he installed a PHYSICAL keylogger. So regardless of proper virtual security, it bypassed all that and captured the password.
This is no hacker kid trying to learn about computers, it's a greedy kid trying to make money illegally.
...the kid will probably get hired by FBI for his obviously el1te surveillance skillz.
It's a physical keylogger. Perhaps you've never seen one, but they are just little dongles you attach in between the keyboard and computer. Many are even made to look like over-the-counter cable adapter products. They simply log all strokes as they pass the data through. There is no installation on the computer, and indeed the computer has no way of knowing they are present.
The only way to ensure these aren't around it so check the connections each time you use the computer, and really, who does that (be honest)?
my highschool flat out denied that the computer systems were hacked. grades were changed for money, etc. And the newspaper reporting that nothing important was breached. *shrugs* oh well.
You call it excessive, I call it ambitious.
These little devices simply plug in between the keyboard and the PS/2 port on a PC. They're usually beige in color and look as if they're supposed to be there.
You can get them at sites like this and this.
I've never heard of USB keystroke loggers however (probably because the information transfered between USB keyboards is in an arbitrary format), so any computer using a USB keyboard (modern Macs only have USB keyboards) should be safe.
Finally, the method of data retrieval is also fairly simple. Simply unplug the device and plug it into your own computer, and in any text editor start typing a certain "code" to open an interface to the keylogger (I think some might come with special software for it as well).
Best. Webhost. Ever. Dreamhost.
In my senior year of high school, the school I went to implemented a pilot program called, "Anytime, Anywhere Learning." It was some sort of thing done by Microsoft and Toshiba where we were supposed to learn with laptops.
Apparently, the plan was that giving kids computers and having them use them in class would lead to instant learning.
I will say that we did learn a lot. I learned how to pierce firewalls, how to tunnel traffic through firewalls, and how to spend my days downloading MP3s and chatting with classmates rather than listening to lectures.
The teachers, for their part, learned to tell us to keep the laptops in their bags. They also learned that there are about eight million things you can do with a chalkboard that you can't do with PowerPoint, and that the things you can do on both take less effort on a blackboard if you take the time to prepare a set of real lecture notes. They learned that there are a lot of things you can do with textbooks that you can't do with webpages, and they learned that if you let kids use webpages as sources for papers, you're going to get a lot of really crappy papers. They learned that it's impossible for the students to take good notes on a laptop from the moment the lectures start involving diagrams, and it's never possible to take good notes on a laptop in a math class. They learned that there are 8,542 ways to break a laptop, and a pack of 64 students are perfectly capable of finding all of them in less than two weeks.
All in all, they learned that putting a computer on every desk makes about as much sense as putting a TV on every desk.
The network login we had was some version of Novell Netware. I just made a program that looked like it in BASIC and ran it from DOS-PROMPT. After an attemptive login, I would just make it freeze there, like the computers would sometime do; they'd reboot and lauch the regular one. After I got a teacher's password whose accounts had administrator status(or were able to make new users who had admin status, one of those two), then me and my friends made new accounts and we could install games on them, just stupid stuff, we were like 11 and 12. We got caught because my one idiot friend saved a poem assignment he wrote on one of the admin accounts he made so he could print it later. When the admin came around from the central office for the school board to do whatever maintenance, it was all found out. I got fingered in the scheme by my friend, but I was a much better social hacker than computer hacker and just lied and convinced my way of the situation, even though I was the main culprit.
I remember my teacher asking the whole class for a show of hands, "who knew that this was going on?" and over half the class raised their hands. Anyway, goes to show, you can only trust yourself. Or, maybe, perform better network security so 11 year olds aren't able to bring it down.
I note that I haven't kept up my deviant ways, in fact, I haven't kept up my computer ways, I've only got university Programming I, which is to say I don't have anything.
Yeah, this was at the high school I went to nearly four years ago. This doesn't terribly surprise me, since they have them do all of the grades, etc. using the network, so using a keystroke logger to capture passwords would be pretty obvious to someone wanting to steal tests/change grades, and so on. They also weren't very savvy on IT--I remember one person threatening to get me suspended for using a dos prompt in NT to unzip a file.
My friends use to leave disks around the labs w/ copies of sub7 on them so we could hijack tercher's computers from afar.
Is it illegal if they install it onto their computers for you?
It's not worse than stealing the key from the office, and it's not better. It's exactly the same, but with a different method (which is irrelevant). So there's no need for some kind of "computer security" law; the normal punishment for stealing answer keys is sufficient.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Kids are real guns when it comes to Microsoftology (say, Word docs, PowerPoint presentations, etc), but they really don't know shit about anything else except games.
Todays greybeards are the guys who used to build computers from scavenged parts. We had to learn everything from scratch, since there were few other ways to learn, especially about hardware.
Kids today don't know much about computers, and they aren't learning much beyond MS apps and CS class theory. Few know how to use a soldering iron or multimeter, and most couldn't even diagnose, say, a video card driver issue.
The myth of 'Kids teaching their parents' needs to die. Even when mom and dad aren't computer-literate, their kids generally know sweet FA more than them, nowadays.
How ofteh do you check the connections to your computer, I meann REALLY check them, like close enough to see if there's something extra there? How about a work computer, where it's under a desk? How about one that you don't manage, that someone else takes care of?
When you get down to it, most people won't notice for a long time. My computer is even exposed, and I walk past the back of it every time I go to sit down and use it, and I have to admit, it'd probably escape my notice unless I was doing some maintenance. I simply don't look closely at the cables regularly, no reason to, and a casual glance wouldn't register a small difference in the bunch that comes out the back.
It's quite effective, on PS/2 computers at least. Main problem is decyphering the data later, since all you get is keystrokes, in the order they came in. IF it's someone who multitasks ans switches apps a lot with the mouse, or does lots of mouse cut n' paste, you can get a real jumble that's hard to understand. However for a username/password combo, usually easy to find.
This highlights something i've been thinking about for awhile.
In my last job i worked for one of the few goverment departments that actually serves a vital purpose to the people of this country.
"IT Security" was given top priority, so important was it that my old boss (a clueless mid-level manager with NO IT experience) was put in charge of it. Before you mid-levels start defending her, she wasn't just there to make policy decisions, she placed herself in a position to be consulted on ALL technical decisions.
So anyway, while i was there IT "cracked down" on all those dangerously insecure practises like using email for private purposes and surfing the net while not on lunch break and what not (of course there was never a mention of getting rid of IE). We sat with the winblows admins and they certainly fit the stereotype as they sucked up all the advice from the my boss and the $200/hr security "Gurus" she hired (one of which barely new how to use IE).
Anyway, my coworker was reprimanded for installing some software that we couldn't get IT Support to install (Adobe Acrobat), i mean we kinda needed to read PDFs, since it part of our JOB, he was futher reprimanded when we gave them a serve on the idiocy of their "Security".
Of course they weren't worried about the server room being left open and unnattended or the kilometres of cat 5 that ran exposed straight out of the server room/comms room, through the kitchen, or the fact that half of IT support had kazaa, emule and winmx installed on their machines or the secret windows shares and hidden ftp servers with 100s of gigs of warez and MP3s on them. Oh no rules dont't apply to the enforcers!
Finally my point, 90% of their and i dare say it ALL "IT Security" is just show, there was is no real security, we had physical access to every part of the building, once anyone has physical access to an admins box one of these fellas will ensure the 700 page Security Policy that you spent $50,000+ on is NULL AND VOID.
Oh well i'm sure there's quite a few people here making money selling these invisible wares. I guess I'll just continue to laugh inside while being burdened by insane "Security Policy".
Wow, I remember the 3rd degree about report cards I printed on my okimate20 thermal printer. No harm done and nobody (well I guess I was there for a reason) ratted me out...
I was an admin at a high school for a year. Some of the fun things I discovered...
I'm sure I found keystroke loggers on a few lab machines. Reimage time.
VNC made it on to the master image. Discovered it as midterm marks were being inputted on the same machines. Of course, there is a paper verification, but still, I had 4 labs of compromised machines with no trusted image.
Caught a student once logging into a teacher area while reviewing the logs. How? He used his own user id, in a place where students don't have access. Instant visit to the administration and a suspension. I had no problem with keeping him locked out for the rest of the year, but I was overruled. Obviously not the brightest... use someone else's account!
Students loved creating shortcuts to the C drive. My daily "shortcut scan" took care of those. 24 hour lockout.
The IT department was either overworked/underpaid, or not actively monitoring things. Students downloaded fun things like kazaa, morpheus, winmx, etc plus associated spyware (before I knew what it was). Yet the board firewall blocked outgoing ssh, so I couldn't update the school's web site from within the building.
Image was broken so students couldn't change their password. So, they wrote down their user id's and assigned alpha-numeric passwords. Of course, that left no accountability ("I didn't download that!")
Teachers were also a part of the problem. I immediately forced everyone's password to expire when I discovered the security problem. I had to reset half of them to "password" with the "do not expire password" flag. No matter how many times I explained why they needed a secure password (it only takes one teacher password to compromise ALL the marks, for example).
I also would have liked to set better lockout policies, including a 1 concurrent login policy. Teachers tended to let students share accounts, instead of sending them to me for a password reset. In some cases, students were already locked out for violations, and the teachers let them "borrow" another student's account!
I had control of my own machine, and I had a group policy denying all student logins on it. I wish I could have set it on the teacher workstations though. I didn't trust some of the teachers to not let students log in on those machines. 1 logger and we're back to the beginning.
One of the IT people said it best. The average demographic of a hacker is a 14-18 year old male. That described half of my students.
I use Macs to up my productivity, so up yours Microsoft!
Sure, I agree with everything you said. It just pisses me off when people make false comparisons trying to make something look worse than it is.
AccountKiller
A 16-year-old student has been charged with a misdemeanor for rigging a keystroke-recording device onto a teacher's computer.
While what this kid did was stupid, the fact remains that he is, a kid. Based on the tone of the article, it seems that he is being charged as an adult. You may argue that he had full comprehension of his actions when he did it, but, if you want to charge him as an adult, then we should afford him all of the benefits of adulthood, including voting, but I digress.
I was a total ass and thought I could get away with a lot when I was still in high school. I know that I was wrong, but it's not something I realized at the time. Think what would have happened to you if you were a) caught, and b) charged as an adult for the goofy things you did when you were in high school.
What's the typical jail sentence for stealing an exam key in a school? Hell, when was the last time someone got convicted for cheating during during a school test?
Was Orwell right and the future basically unavoidable, or did he invent the idea which led some people to read it and think, "hey, this society is a good idea! I wish I'd have thought of this on my own!"
:P
Which would be worse?
Hexy - a strategy game for iPhone/iPod Touch
Back in 1994 when I was a junior in high school, I installed keylogger software of my own design on several public terminals at my high school. Passwords piled up and soon I was exploring all sorts of interesting systems with administrative access. Not that I did anything illegal or even really immoral -- just poked around for the most part and read lots of boring email. I finally got caught when I tried to install an IRC server on the school's Internet-connected Unix box, which raised all sorts of red flags with the admin. I got suspended for a day. I can't help but think that, ten years later, the tenor of the times encourages far more zealous prosecution of similarly minor misdeeds.
Well, second to last for seniors and everyone else had a few more weeks. A week before, I had done my usual stuff at lunch, going to the library and looking thru the school's computers to see if I could find anything interesting, and boy, did I ever.
I found payroll data on *every* employee of the school district, which, in itself, was a major screw up on the school's part. It wasn't hard to find this, either. I just went thru the list of computers in the school district's domain and checked what was public in interestingly-named computers. However, I found something much cooler later on... the school's web server.
Not only did I find evidence of the web server being hacked (anti-Israel propoganda, various racist images), but I also found that the school's website's files were unprotected! Idiots. So I altered the announcements and put "Hi, from DJ Hirko" at the bottom, along with a picture of Nitz from Undergrads. I didn't get in trouble for it, not sure why.
And just to make this even longer, let me regale you with the story of THE LOCAL ADMINISTRATOR PASSWORD (DUN DUN DUN). A friend of a friend had brute forced the local admin password, and since all the machines are the same ghosted image, he had the local admin password for every computer in the school. It slowly spread and eventually someone got caught using it. He ratted and it got back to my friend of a friend and they threatened him with expulsion and jail time. They eventually settled for a 5 day suspension, but it was still bullshit.
Come graduation day, one of my friends brought bright green neon letters that spelled out the local admin password. He smuggled the letters inside the graduation and we taped them to our hats. We held our heads so that everyone behind us, including all the parents and media, could easily see what was on our hats. We also got a picture of us (with the letters on our hats) in the paper, but they didn't know what it was.
So, Nashua School District, one word for you, upandn101.
Wheel in the sky keeps on turnin'.
Must be very recent. Mine from a few months back was on a computer, and ETS has no such announcement. Google news is also silent on any such change.
In the United States, the GRE still is and will be computer based. If you RTFA, it is not only out-dated, but the paper and pencil only applies to certain test-takers overseas.
This shows that even a teacher that isn't smart with a computer can still be smart in other ways.
As for the teacher getting fired, who really wants a job at a school where you're not allowed to encourage students to play happyweed anyway?
There was a PC lab at my high school donated by a local technical school. The administrator password on all the machines was "_teacher".
I did this back in 98' when I was in grade 9. We had an all mac setup with the classic software "Foolproof" that resitricted all writing to the actual harddrive. But I somehow figured out a way to write to a section of a drive that wasn't locked. So I installed Stuffit, and a keyboard logger on six computers. I did end up getting the principle's login and all the highest level tech admins. Finally I told to many people and I got busted, and got a 3 day suspension, but 2 days of that was reconfiguring all the computers.
Heh, computer security is a huge problem. Teachers don't realize how smart some students are. In 3rd grade I had what I felt was a kindergarden account on our school computers. So I found out that ABC\123 had full access to all games and programs, including the teachers grading programs, though it was account specific. Needless to say eventually I was caught, but they really didn't care. My mother worked at the school and they brought me to her and said, "Tell him this is wrong..." My mother laughed, and I continued to use the account. :)
Later in middle school I determinged the naming convention for techers quite easily, and figuered out the tags that the various persons went by on the walkie talkies. Needless to say our Principle was my prime target, and our mascot was the Panther. Panther1 just happened to be the pass, who would of thought?! Then somehow this information leak *whistle* and the password was changed to something more secure. [As in something a 7th grader couldn't guess off the top of his head]
Fond memories
The general GRE was one of the best tests I ever took. The idea that the test can get harder the better you do is something which I really enjoyed. (God, did I just say I enjoyed a test...) I felt that the variable difficulty questions did a far better job of determining my abilities than any fill-in-the bubble test.
In any case, it's too bad they are having issues with the computers crashing. The issues of websites containing unfair test information is something independant of paper/computer nature of the test. Paper AP Calc tests were being published online before the testing date 8 years ago. I think the only reason they've seen big increases in online cheating in the last few years is that they've just started looking. Other security issues really have to do with good testing practices and room security.
I myself did some stupid mischeif in my day...
:-P
When I was in Jr. High, my school got a grant or a donation or something, and ended up getting a computer in every classroom - a Mac (the iMac before the iMac... PPC 603-based all-in-one performa thingy)
It was my joy at the time, to collect Mac viruses. I would infect a copy of TextEdit or something, put it on a disk, and then clean my system. I knew what most of these viruses did, due to the virus program detecting them...
There was one in particular that was a piece of MDEF resource code, it made it so when you clicked a menu in any program, it would only pull-down like half the time, and when it did, the menu was blank -- you had to scroll your mouse over the items to make them show up. It was annoying, but most people just continued to use their system. It would spread to any other running apps, so it didn't take long for this to infect several computers on the campus. I never confessed to it, just quietly enjoyed making a bad week for the resident computer-dude.
A friend and I also used a program called DisEase to circumvent At-Ease (Apple's old restricted launch environment) in the computer labs. Once breaking in, a copy of the "Finder" file was created, and altered with ResEdit to change its file type to an application. This way, when it was discovered that we were getting through the system by running nasty applications from our own media, and that feature was disabled, we were still able to open documents with the CREATOR attribute set to our finder-application, and viola, full access to the system. System 7 was fun.
And who can forget my first programming experience: writing the following program and running it simultaniously on every Apple ][ system in the library, and leaving. Oh the poor librarian....
10 FOR I = 1 TO 1000
20 PRINT
30 NEXT I
40 PRINT "^G HACK THE PLANET!"
50 GOTO 40
It took a while for those slow computers to iterate 1000 times, which gave us time to make our get-away. Then they'd all go on infinte loop of childish messages accompanied by a system bell/beep.
Never did much in High School, as I had no laptop to run a sniffer when the counselor telnetted into the scheduling system to change my classes. I had the knowledge, and the intent, but lacked the means. Oh what a senior prank that could have been!
well I am a teen hacker who recently looked at hacking into my school. err yeah... I won't go into details. Through a little social engineering i found out the school brought in a 25k security firm over the summer. They have spent over 200k total on security renovations. All in all... there serious. ITS A WAR ON LITTLE 14 YEAR OLD KIDS!!?? WTF?!? lets see: 2005: war on terror #old war on iraq #old war on spam #old war on little kids with computers #NEW THATS THE NEXT BIG THING!
Good thing I don't live in the States...
A student did this once at my old school in order to catch passwords or something. But the logger didn't start until after a user logged in (thanks to his smart installation abilities) and wasn't even on the machines that the teachers used.
(He wasn't caught BTW)
"A 36-year-old teacher has been charged with a misdemeanor for rigging a studentstroke-device onto a student's..."
I'm Rick James with mod points biatch!
My senior year of high school I had just gotten a flashy new 256mB USB drive. While it had it's nerd value and was greta for moviing files from my friends broadband to my 56k connected home. I had never had a real reason to love it. Then AP Physics came along...
.pdf with all the answers to the chapter, and not just that full blown solutions. Never in my life have I cheated on a large scale such as this but...who wouldn't have? The PC was in the back room, and he had no way of seeing me. Within a week he became comfortable with me regularly using the PC for extended periods, which, after I recieved the files became a fun game time.
So I was sitting in my self study class while the teacher taught regular Physics. I asked a question and he reffered me to his computer. I'm thinking ok, there must be some sort of helpful software.
He then preceded to open some folders and boom, a
He never found out, and I never did homework again. I looked for tests but they were all outdated. I did manage to find house and phone numbes of a class that graduated 2 years before me. Dunno why he had that one.
Yeah, it all seems inocent until you recall stories like this. You have to draw a line somewhere. The burglars in the Watergate break-in probably thought it was harmless too... after all, all they wanted was a little information.
I wonder what kind of protection they use to protect the pen and paper that can not be applied to a computer..
a friend of mine and i ran a scheme in high school back in 2000 and 2001, he used a keylogger to get the sysadmin's password, gaining access to all the teachers' accounts, to get the tests and exams, and he'd give them to me to figure out the answers. i was better at chemistry and physics, and he was better at hacking. we never tried to sell the questions/answers to anyone else for fear of being caught. this case is interesting in that the student has been charged, but i'm sure it's quite a common occurrence.
interestingly enough, because we only had the questions and not the answers, we understood the subjects better because i would have to figure it out and teach it to my friend, and he would get one-on-one coaching from me, which was a better method of learning than sitting in a class of 25 people and sleeping at the back. in the final state-run exams, which we didn't get the questions in advance for, we both did very well as we had actually learnt the principles instead of just remembering and regurgitating facts. perhaps there's a lesson for teachers in there somewhere. all i know is i learnt more "cheating" than my other friends did "studying".
Wow, handy_vandal, a legend in old days of HL1 editing. Didn't know you posted at /.
... drop me a line for more info.
Thanks, one always likes to be remembered for one's accomplishments. I am, by the way, currently working on a new site for HL2 editing
That warrants academic punishment, sure, but definitely not legal action. Second, 180 days in jail is ridiculous.
You're right. Jail time is excessive -- I didn't really mean to endorse jail time, that's not my style.
But punishment, of some kind? Definitely.
I suppose I'm prejudiced, as I teach part time. If some student logged my keystrokes, I'd sure as hell want the little shit expelled.
-kgj
-kgj
Someone did get busted eventually, but they didn't go to jail, they just took a zero for that particular test. I wonder if they ever noticed how half the class went from acing every test to C's after that little fiasco.
Thoughout all of Grade 11, for example, because the school computer system used a really odd, external program to let the students change their novell login passwords, I accidentally made my account unopenable (I set it to a password that wasn't a valid password; it let me set it to that, I laughed at how outrageous it was that it let me do that, and then my smile turned upside down when I realized I had essentially broken my account). Actually, upon reflection that might not have been the problem; my sister, with a simularly screwy last name (I mean, no, my name here is my real name ;)) has often found herself unable to log on in simular schooling situations.
But anyways, the lucky bit was that the login name was simply derived from the person's name, and then the password was "student" until they changed it. Many people didn't. So what I did was just make a big list in my student agenda (I used it exclusively for things like this, never for actually writing down homework that was due or useless things like that) of possible logins, often culled from the birthday list on the daily announcements (which were hung conveniently up in the library), and whenever I needed to go on one of the schools computers, I could just open up my list. Which came in handy, since I often did things that would have red-flagged me to the sometimes-watchful admins.
The most interesting stuff happened back in Junior High, though, when I found out a simple little way (long story short, "backspace") of accessing the wider store of data on the network. My friends and I found ways to easily share our personal folders with eachother, as well as hijack other peoples' when we needed more than the puny 5MB that the Junior High gave us as storage space.
Of course, the years after us mainly did childish stuff like steal mouse balls. Kids these days . . . ;)
I remember sigs. Oh, a simpler time!
From TFA:
Campus police referred the case to the Fort Bend County District Attorney's Office, which has charged the teen with breach of computer information, a Class B misdemeanor punishable by a fine of up to $2,000 and up to 180 days in jail.
What's the difference between that and say, holding the teacher at gunpoint to get the answers? In both cases he's doing more than cheating on a test. He's committing a crime to cheat on the test. He's being charged with the crime, not cheating on a test.
...poking around in /tmp and found a MS Word auto-save backup file with the answer key
Whoa there buddy...a Word auto-save in TMP? When did MSO: Linux come out?
School years are around 180 days in the US... What an intresting coincidence that he could be put in jail for that ammount of time.
Jail is a prison for the body, compulsory education a prison for the mind. Given a choice between the two, I'll take jail any day. The student was more then justified in his actions. Most schools have extensive monitoring of students including the use of security cameras, random "drug" searches, and varous other methods of privacy invasion(a friend of mine who was kicked out of HS for subverting network security showed me a web accessable section of the school lan...(this was the best funded public school in the state) they had a secret searchable database that contained a psychological profile of every student along with standard information: age, grades, ssn, address). If you dare attempt to transcend the passive role assigned to you; if you even look like your going to help other students learn about history (you must be an anarchaist), chemestry (you will be accused of making bombs and drugs) or computer science (you'r a hacker), you will be interogated or expelled. Public education is a system that imposes ignorance on those too young and therefore too curious and independent minded to be good workers. It breaks them down to either drug induced apathy, or complacent submission. If we are ever to have a population with some conception of how technology, society, and self function, we must destroy the high schools. A just, equitable, and sustainable society cannot be built when our fellow citizens are subject to the forced indoctronation of dogmatic bullshit like nationalism and religion. Both public and parocial high schools are amoung the most destructive forces facing creativity, intellectual development, and society itself.
------ Take away the right to say fuck and you take away the right to say fuck the government.
He didn't cheat. He just changed the conditions of the test. He didn't believe in the no win scenario.
"another nail in the coffin of modern teaching" - Kids used to have a slate and some chalk and the same argument has been proffered to reject just about every new tool since the first pencil.
I was at the end of high school when calculators started to appear (1975), using them was considered cheating, even for homework! It was said that just standing near them would drop a childs IQ by 50pts. Funny thing was nobody had a problem with students using log tables, stats tables, slide rules, formula sheets, etc, in fact it was encouraged and you could take them with you to sit a test.
My daughter was introduced to high school algebra by a brilliant maths teacher. He used variables and formulas in a spreadsheet to demonstrate the power of algerbraic ideas. I don't think he was brilliant because he could use a spreadsheet. I also think he would have been miserable as a sports teacher. I only met him once and with 2 kids I met lots of teachers and even did a bit teaching myself, running lab classes for a couple of years. What made him and very few of the others so special, was a gift for communicating with teenagers, a genuine passion for the subject and effective use of the availabe teaching aids. A parent could not ask for more.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
This is a simple case of a kid installing an illegal wiretap to intercept communications. Decades-old laws apply to things like this. Move along, nothing NEW to see here...
Isn't this similar to this article?3 11227&tid=158&tid=17
Federal Judge: Keystroke Logging Isn't Wiretapping
http://yro.slashdot.org/article.pl?sid=04/11/23/0
And why is he being charged at all?
I dare say it's a 1st offence (Pretty crafty - But minor nontheless) and he is 16 - not even an adult yet!
Isn't this why we have suspension in schools?
'Charging' the kid just sound like typical american dumb-ass syndrome.
Here is a smart enough kid to think up such a bright idea (misguided as it was) and the US system wants to fsck him over rather than guide him in the right direction (say, computer security courses might be handy!)
I suppose 16 year olds could be locksmiths, but I'm betting that not too many 16 year olds work for the CIA.
I might be wrong though, could someone correct me if the watergate burglars were, like the perpetrator in this case, children/teenagers/under the age of 18.
thanks.
Like many of you, I am reminded of my old high school security expoits. I took a C++ course in my junior year. I already knew C++ and was just taking it for transcript purposes, so I wrote little side projects during class instead of actually following along with the lesson. One of these projects was a Windows 98 password logger with the option of logging the user/pass to a file, FTP site, or email address. Within a week of installing it on just one school library computer, I had a password-protected database of student, teacher and administrator usernames and passwords available to me online. I told a couple friends about it, and one got caught changing his grades. He didn't rat me out though, thank God! I miss those days... not the classes or the bull students went through, just messing around on the school's network without them even knowing it. Another side project was a sick implementation of Life.
-William Brendel
Here's one procedure you can use whenever you use a computer that might have been interfered with (in a lab, in an internet cafe, even in a dorm).
This only works for GUIs, I'm afraid. It's important to use the *mouse* for cursor positioning, not the keyboard, as described below.
The basic approach is this: When you type in a username and/or password, don't type the username and password straight in. Instead, swap betwen the two fields, don't enter the characters in order. You will have to position the cursor where appropriate. For example:
Click on the password field, and enter the 4th letter of your password. Then click on the username field, and enter the last letter of the username. Then click at the front of the field and enter the second character. Then back to the password, and enter the first character. Etc etc. Even if you only do this for a few characters, it will help security immensely.
At the end, the keystroke logger will have collected all the characters in your username, but any spy will have a nice anagram to reconstruct.
The truly paranoid can add extra characters early in the process, and then overtype them later on. This is particularly useful if the selection is done by the mouse and not the keyboard - the spy wil have no chance of reconstructing the password if some of the captured kestrokes aren't even part of the final password.
A simpler method is to stop typing the password partway through, click on another app (don't use alt-tab or another keyboard shortcut; the logger will capture this) and press a few keys, then return to the browser/whatever and complete the password.
Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
.. to do something similar at Uni.
System manuals were all accessible and for a while there we knew more than the full time system manager.
Was a challenge to find out how to use system services called from FORTRAN (only compiler we had) but once mastered could trap CTRL-C and terminal echo etc to fully emulate secure login and when left running on terminal (good old DEC VT100!) looked like logged out and could capture all logins we could possibly want.
Unfortunately 99% of most stuff in most accounts were boring and we certainly didn't need to copy anyone else stuff to do our coursework and had no interest in doing anything with what we found - just poking around for interest sake and learning things.
Alex.
There was a lab that I used to hang out in. Being one of the few geeks in the school, I pretty much had run of the place. The teacher who oversaw the lab encouraged creativity and ingenuity. Sometimes he'd get pissed with something I did, but in those cases I just fixed it and moved on. This kind of activity, over a year or so, ended up earning his trust as I would also fix the odd problems with windows/autocad and such that would crop up.
:)
Eventually I became the de-facto admin for that entire lab. During my required study period he would give me a pass to hang out in his lab--sometimes even when other classes were in there. Talk about heaven. I had the run of a computer lab that was networked. It was like being a king.
Around my junior year or so, they replaced the computers in the lab (aging 386/486 era machines with DOS, mostly) with shiny new Pentiums running Windows. For a few months they were basically just open and normal Windows machines. I think they even had Internet access. This was, of course, a total disaster. The net was new, then. People didn't have it at home. They downloaded anything and everything. Porn, viruses, music, etc.
The result was a *cough* admin *cough* who ended up being the room almost everyday for awhile. He would spend his time poking around in control panels and "fixing" the computers. Eventually be must have gotten sick of that because they hired a local consulting company to come in to secure them all. Pretty soon the whole place was all passworded up with all these layers of cheap third party locks, etc.
I broke all of them--with full (unofficial) support of the teacher who taught in the room. They had tried to lock the systems down so much that half his programs wouldn't work right anymore. He had endless problems with students just trying to save their completed CAD drawings. I made a lot of those problems go away by circumventing the security, showing him how, and then giving him pointers to try to minimize the visibility of the hole so that other kids and the admin dude wouldn't find it. Not perfect, but it helped.
After some time of this the teacher pulled me aside one day and tells me in a reasonably loud-so-that-others-near-by-can-hear voice that I need to be careful because Mr. Admin is getting pissed that someone keeps getting into his system and he's going to try for suspension of that person when he is caught. Of course nearly every one of his students knew it was me--but they weren't talking. I had helped them all out of jams at some point or other. So after doing the public speech, he later pulls me aside in private and says, "Hey, keep doing what you're doing. I'll make sure they don't do anything to you. Those bastards are making my life such a living hell and they won't listen to my needs that I've given up trying to deal with them. You at least make it possible for me to teach my classes."
So of course after the next round of "security upgrades" I was once again on the job. Eventually I figured the way into the system and changed all the screen savers to be the marquee one and had it read, "Ha ha! I got in Mr. Security Guy!" Hoo boy did the shit hit the fan. I was shielded from it, but the teacher just loved it. The admin dude was pissed. The consulting guy was there almost everyday for like 2 weeks. My teacher would just smile and nod. Eventually they locked it down pretty heavily, but by this point I was a senior and I was graduating early and was out of there.
Those were some good times. Seriously, though, I swear that in this day and age I'd be arrested for information terrorism or some such bullshit. Sure, I made life somewhat difficult for an admin or two, but they brought a lot of it on themselves. They had tried to lock the computers down so much so as to make them almost useless as a teaching tool. And of course Windows itself was so prone to holes, viruses, and other crap that it only made the problem worse. I sure did learn a lot, though. After all, isn't that what school is supposed to be for?
Hexy - a strategy game for iPhone/iPod Touch
an illegal wiretap and no consequences.
Why not the kid? After all, we expect our law enforcement to obey the laws they enforce themselves more than the general public.
I don't get it. Are you saying that Watergate would've been okay if it had been perpetrated by 16 year olds? Or that since watergate involved trained CIA agents, it must be impossible for a 16 year old to steal information? Perhaps you mean that it's only wrong to steal information if you are a CIA agent, or are in some way connected to the CIA? Are you saying that 16 year olds cannot commit crimes?
Any way you look at it, you're wrong, misguided and stupid. This kid intentionally stole information for the purpose of cheating on a test. That was illegal, dishonest, and stupid. He should definitely be punished.
Yeah, very similar stories here... Got to "high school" aged 13 (weird school system where I grew up), and within a year a friend and I had admin accounts on the RM Nimbus (RMNet) Win3.1 network. Within another six months we were actually maintaining the network, (after we watched the "Head of IT" sit and stare at an autoexec.bat file for over half an hour, then solved the problem for him in thirty seconds from another terminal). Eventually we were just solving problems before the IT guy even noticed them (all, of course, unofficially - the Powers That Be would have had the screaming hairy ab-dabs at the thought of the access we had, and did, whenever they found out).
Highlights included:
The Head of IT had a deal with RMNet (the Nimbus ISP that offered cheap rates to educational insitutions) - in return for cheap hosting, he had to look for and report any porn sites he could access so they could be added to the blacklist (still a bit suspicious about that...).
Anyway, the Head of IT used to sit on the only machine with a modem (for hour or two every morning before school), surfing for porn/credit card/warez sites sites, recording the URLs and reporting them to RMNet. The only problem was... he'd never heard of a browser cache.
We actually had friends who'd come in at lunchtime, copy the cache full of porn onto disk and sell it to the other kids for a couple of pounds a time.
Everything in moderation, including moderation itself
There's no possible way to spin this as an innocent kid getting screwed.
You missed the point here. The problem is not whether the kid is innocent or not, but "a fine of up to $2,000 and up to 180 days in jail" seems too much for me. What's next? Jail for cheating? Suspending or even expelling the kid should do the trick.
I shot the sheriff
How are dumb terminals and X11/Terminal Server sessions going to stop a hardware keylogger?
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
what is that? red hat? ya... red hat is profiteering, right? black hat is malicious, white is exploring, grey is... wait, is there like a chart somewhere?
When you're afraid to download music illegally in your own home, then the terrorists have won!
Reader logs editor's grammar mistake.
I created a hidden (duh) keylogger application which activated if the text 'root\n' or 'su\n' was entered on the keyboard, it then captured the next string (until /n) and send it through net-send to a computer which i happend to use that day. Then i started the software on a few computers in a few class-rooms, and i recieved a few root password of classmates which used putty (ssl!) to access a server. I quickly became bored and just left and when i got back the (innocent!) computer where the password where send was gone.
So the lesson they learned was: entering root passwords on public (windows) computers isn't smart.
Hmmm, internet-café's use windows *-) or are those computers nowadays secured enough with some sort of kiosk-mode?
... Student logs Teacher's Keystrokes?
Sorry...
I saw the same thing happen when I was in Middle School. DOS came with BASIC, Novell had a text login prompt thingy, so, you write a trojan, write the passwords to a file, and voila! ... heck, you could probably do it in a batch file.
I knew some people who had compromised admin accounts; I had one of them make me a normal account (only the teachers, admins, and the kids in computer classes had accounts) so I could play around on them, and keep all my programming there etc.
For some time my school had a network consisting of those old Acorn computers. On one part of the network was a nice selection of BASIC programs; I'm not sure exactly who put them there, but they were very interesting to read.
One program, for instance, would pop up a dialog message box. Another would run in the background. I recall combining the two together, to create a program that would run in the background, and pop up a message box after X seconds.
Now, if anyone recalls, the Acorns had a system where a program could be automatically executed upon the user entering a directory. It wasn't too hard to use the "unknown file" icon for my BASIC program, and place it in a public directory. When people entered the directory, they'd find a message box pop up a few minutes later. Because of the time delay, it seemed as though the message box popped up at random.
I thought it quite funny at the time, though in retrospect, some of the messages were quite cruel.
...I was like 17-18 at the time, and I got called out of class, to help another class who were going to watch a movie. I never understood how the fuck I got that job, but anyway, when I got to the other class, there was the teacher (which should know how it was working), both janitors (one of which is actually quite smart, the fix-it-all kind of guy, and both of them get to do tech crap like this, so they should also know) and well... a class full of 17-18 year olds, but obviously noone who could figure it out.
:). Not that I'd argue with that, but I hardly think that qualified as a reason.
Obviously this had taken some time, since class was started some time ago, and well.. they had a nice picture with black and white stripes (for those of you that have figured out where this is going, yes it's a test image). So I reach back, don't even look but feel for the tiny switch to turn it off (almost easier than looking for it anyway), and voila - problem solved.
Naturally, since they couldn't admit to being complete doofuses, I was instead brilliant
Kjella
Live today, because you never know what tomorrow brings
---[snip]--- misdemeanor punishable by a fine of up to $2,000 and up to 180 days in jail. This sort of thing has happened before. The problem is so pervasive that the GRE board has switched ---[/snip]--- In fact this kind of thing happens so often that it should barely warrant mention, let alone the threat of a fine and jail time. What computer-oriented youth hasn't at one time or another written a program to "steal passwords" from their school? Now if this individual is changing things around, creating problems for teachers and students, then, yes, there's a problem, but a fine and the threat of jail time isn't the answer. Obviously security is lacking at the school and something needs to be done. In most cases where someone has written a program to look like a shell, something like a simple inactivity timer would solve the problem (log out sessions where the keyboard hasn't been touched in awhile).
When a student shows tallent, develop the tallent into something useful for society and for the student.
If a student is interested in computer security (crackers usually have a fascination or obsession with it), instead of processing the student for being a common criminal, perhaps you should consider getting that student into an appropriate program where his or her skills can be developed and ethics can be taught (and their actioins can be watched).
-- $G
Correct me if I'm wrong, but don't these external key loggers only work with PS/2 keyboards? I did a quick search on google and found no USB key loggers. Switching to a USB keyboard can not too hard or expensive to do. Or perhaps using a non-standard connection type or even a dvorak keyboard would help. Damn kids.
Dating myself...
Back in the late 1980s, I was in the only computer course my high school offered. The teacher was more than worthless. Not only did most kids know more than her, she resented them for it.
Anyway, she wrote the tests on the computer. Naturally. But *WHY* did she choose to write them on one of the 20 computers in the lab instead of the one back in her office, I will never know. Plus, it wasn't in a hidden folder nor a password protected document. In fact, I think the folder was her name, with a subfolder named tests!
So, that's how I earned my 3 days of in-school suspension. And half the kids I gave the test to didn't even 'fess up! Bleh...
When I got to uni I tried the same thing. Installed a different version on a lab PC next to a printer that I had occasionally seen an admin login to. Came back the next day, my program was gone and my user account was frozen with a "Please contact system administrator" message. Turned out that the sys admin in the physics department was a hardcore old unix bod who'd been an admin since the days you programmed with punch cards. He had seen it all. The computers allowed a boot from floppy but logged it and alerted him in real time. He watched me install my program on the CCTV, then watched me log into another computer so he had my username. Dude was in a different league from my school admin!
Luckily Physics had it's own rules for what happened if you got caught "hacking". First time you only got a slap on the wrist and had the rules carefully explained, 2nd time was where the restricted computer use came in.
"Physics is to math as sex is to masturbation." -R. Feynman
When I was at college 7 yrs ago, (Damn, it's been that long?), it wasn't exactly hard to get other people's information etc. I'll be honest now, I copied off loads of accounts while I was there, just did it for fun, (I was 16!), no real reason. One thing I did make sure was that I DIDN'T GET CAUGHT :P lol
A keystroke-recording device? Oh please... Ever heard of super glue in the PS2 port?
Problem solved.
Why didn't you patent it? :)
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
The problem is so pervasive that the GRE board has switched from computers back to paper and pencil.
So, there is no computer generating those paper exams anywhere then, right? Oh, that's right
I'm in school right now, posting this. Happens that I'm in a BASIC class in freshmen year of high school when I learned basic in 2nd grade. Of course, I finished the assignment 10 minutes after it was handed out(some programs were required). There's no CS course anywhere.
The school has no security and a very inadequate IT team(of one or two people). I've done some nmaps and pings and seen what I could do.
Schools aren't even preventing attacks on any level. But they do know how to block Source Forge!
Make your computer faster: rm -rf
He installed it when the teacher was not looking.
Big surpise there
The students at the school I went to quickly worked out that At Ease could be circumvented simply by pressing the "Interrupt" key that Mac Classics had handily available on the side of the case. The teacher wrote in to MacUser and the solution they suggested was to "detach the keys" :).
... fun times.
At least they had got a tad more of a clue than when I was there. I got banned from the computer room for locking a file (ie opening the properties box and clicking "locked"). They had to march me into the computer room and make me show them how to unlock it. It didn't help that my friend had recently renamed the hard drive to "This is shit" because all the games had been taken off.
Oh, and I can't count how many times the head of computing used to have to go round renaming "Pubic Folder"
"The dew has clearly fallen with a particularly sickening thud this morning"
of a time in highschool when I was a freshman, sometime in 91-92. I had a litle fun with one of the pc's in drafting class.
It was a stupid little batch file I ran at the start of the computer that said "This computer has a virus, do not turn off"
The girl that turned on this pc just about crapped herself and the rest of the class got a kick out of it. It took a bit of time to explain to her that it was just a joke.
I remember when I was in 8th grade I had placed a whole bunch of illegitimate files (mods, s3ms, demos, maybe some porn, I cant remember) and all the programs needed to play them on the administrator's partition. I filled up the entire network drive so no work could get done then I attrib'd all the files hidden, protected and what-not and topped it off by renaming them all in high-ascii acharacters to a "del *.*" wouldn't work. The computer "expert" teacher, who was brought in solely to teach us about computers had no idea how to delete the files and had to ask my partner-in-crime to do it for him :D
Good time, good times...
-Tofu
the sad part is, he could have the answers for sale for $1 there are 2 types of students (fits 99% of them) 1. the honest ones who wouldn't take them for free 2. the idiots who would rather spent the $1 on "a smoke" from sidney.
The article linked to is from 2002 and is about giving the GRE on paper in China and India. Sort of misleading in the summary. The GRE in the US is and will be given via computers.
The Tao that can be spoken is not the one eternal Tao
I had this teacher, damn I woulda logged her keystrokes any day.
but a fine and the threat of jail time isn't the answer.
I disagree. People seem to think that commiting crimes on a computer is somehow "not as bad" as the normal physical crimes of theft, tresspassing, etc. People need to be taught at a young age that doing things like putting a keystroke logger on a teachers computer is a real crime and not just harmless fun.
If that kid gets a job in an office and throws a keylogger on his bosses computer he will get into some real trouble and rightfully so. They need to learn early on that this kind of behaviour is unnacceptable.
But this is slashdot so I expect a bunch of replys saying that it is not the kids fault but it is the schools fault for not securing their computers.
I used to hack in to my old school's WANG system to check out my grades, etc, but never did change anything. More curiosity than anything.
"hey, could you pass me a paper towel? er.. I mean... DEPLOY ABSORBTION PANEL!"
First of all, I don't think there are keylogger dongles for USB keyboards -- might I suggest that school computers be equipped with USB keyboards?
Secondly, though this was irrelevant here, Windows passwords are WORTHLESS -- as any network administrator who has had a user lock himself out can tell you, the tools for circumventing Windows passwords (and this includes XP Pro) are no secret. Sadly they aren't just used by admins.
It's not just a Windows problem either -- unless you use an Open Firmware password, all you need to root the system is a boot CD (like an installer disc) or another Mac and a FireWire cable. FileVault helps keep any files in user directories secure (even if the drive its yanked out), for what it's worth, and I believe that includes start-up applications, so on a Mac the most critical aspects are the activation of the Open Firmware password, the selection of decent passwords, and the use of FileVault.
Linux? All one would need is a copy of Knoppix to get around permissions -- so you'd want to disable floppy or CD booting in a (password-secured) BIOS, which helps against Windows physical exploits as well.
Another concept of value is old-fashioned physical security. If a public-access or other computer likely to be compromised has any way to lock down (a padlock loop, for example) the access door, it's worthwhile to use it, and if nothing else keep your RAM from being sold out of the back of a van somewhhere. What you need to remember about locks is, like encryption. that they don't have to be inpenetrable, just ned to take long enough to defeat that it's highly inconvenient -- so the lock only needs to be good enough to hold until a lab monitor or security can tell what's going on.
In recap:
* USB peripherals make physical insertion of a keylogger harder
* Your Windows passwords are worthless
* Mac passwords need to be backed up with FileVault, which cannot be circumvented
* BIOS/OpenFirmware protection should be used to prevent booting an alien copy of an operating system
* Locks and guards
I took a networking course at a community college for an easy A. The school network ran on Novel Netware 3.something.
One night, I was talking with the instructor about security and mentioned that I can get supervisor access in less then 3 seconds. He made a bet that I couldn't, so we walked over to the console (right next to the classroom).
I don't remember the key sequence anymore, but it was something stupid like left-shift, right-shift, ctrl, alt, ESC (something along those lines).
Boom! I had supervisor access. He went to get another instructor to show them and while he was gone, I added "firephasers 100" to the global login script.
When I went to school the next night, I heard the stories. That morning, when everyone on campus logged in, the firephasers kicked in. As more and more people logged in, the sounds kept getting slower and slower as the server struggled to keep up.
And can you imagine what it must have been like to hear a room of 35 PCs making that damn noise.
When my instructor asked if that was me, it was all I could do to keep myself from laughing. All he asked was that I not do that again. He did say that he wanted to strangle me that morning, but we laughed about it that night.
Had the school system used a secure computing environment, such as Linux, and not that piece of crap Windows then this sort of thing wouldn't happen. A little education of the teacher on good security practices would serve the cause better than 180 days in jail for a child.
"A student logged teachers keystrokes"
TEACHERS KEYSTROKES?! Try "teacher's" keystrokes. The keystrokes belong to the teacher. How do the slashdot editors let this kind of illiteracy pass?!
Have you read "The Cuckoo's Egg"? http://mostlyfiction.com/adventure/stoll.htm/ Someone hacked the DoD using this method during the Cold War. It was a pretty good read, even if you're not a CS geek.
I took the GRE on a computer. It was so much harder than when you do it on paper! When I took the SAT I had a bit of scratch paper that I would do calculations and diagrams on. I just put it next to the question. On the computer, I was constantly having to look up and down at the screen and the paper. I'm sure I wasted several minutes and probably made a number of mistakes just because I was doing that.
Also, the one-question-at-a-time format didn't suit me at all. I much prefer being able to skip a question and come back to it.
---If you can't trust a nerd, who can you trust?
While employed at a previous employer, I had to maintain a sales program. Personally, I hated the sales managers, they were pompous arrogant pinheads who thought they were the shit.
On my last day there, after I had accepted a new job in a better company, I "modified" the sales program a bit:
Every 15 minutes, the program would freeze and a window would pop up saying "Please insert 25 cents to continue."
Needless to say, this gag did not go over very well with the sales teams. Oh, did I forget to tell everyone that you can disable this popup by pressing the letter "Z"? Sorry, I totally forgot that.
- Just my $0.02, take with a grain of salt, your mileage may vary.
After it was found out that I was doing all this I ended up getting two class credit per day working as the "Assitant Network Admin" but here's what I did. First off, one of the computer lab's protected the computers with this program that took over at boot and ran within Windows. To skate around this I just created a simple Winboot disk, changed the BIOS settings to boot from floppy... boom. Luckily they were not smart enough to password protect BIOS. Once I was in I installed games like POSTAL, Quake, etc. My teacher did not really pay attention to me so I got away with it so long as my BASIC programs were in on time. We also ran Novell and I did the same type of BASIC boot screen thing only mine had a GUI that ran over the shell which I made in Visual Basic. We did a few other things that never really got traced back to me... one kid did get arrested. My favorite prank was my senior year when we tapped into the intercom system and played the entire Pink Floyd "The Wall" album during the 1 hour a week reading period our school instituted.
Most parents that home school aren't qualified to teach.
Most parents that home school aren't willing to add the 6 - 8 hours of work/day it would require to do it right.
I've seen home schooling work, once, but it was supplemented with some public school for things like band and sports.
Exam 4/C again. Maybe I'll do better this time.
So let me get this strait. Its OK for the FBI to do it, but not a student? What the hell is this world coming to?
The sooner we can get the involuntary organ donor bank online, the quicker these losers can be put to use for the good of society.
Thank you,
Information Minister
Yeah, right.
The school that I attended through the end of elementary school until part-way throught high school (all were on the same campus), used Fool Proof to protect their systems. It was pretty secure, if it was properly configured. My mom was a teacher and sometimes I had to wait around for her to finish things after school, so I would hack around on the computers in her classroom for awhile. I was a little bit of a software pirate since I didn't have any money, I lived in a foreign country that had a limited availability of mac software. So I made a little utility disk.
FoolProof was set up so that it would still load even if you started with extensions off (by holding the shift key at startup). This could be overcome if you changed the file type of the extension. So on my little utility disk I had a copy of Norton's Disk Editor and in that way you could edit the file information. There was something else that you had to do, because if you just changed the file, it would have some kind of error message when it started up ever after that. I think that it included making a copy of the preference file and moving some other things around.
After I compromised the machine, I used a copy Stuffit Deluxe to compress and segment the files that I wanted off the machine. As time went on, I found it much easier to get the key strokes for the temporary unlock by just watching the admins work on things. I even got the master password sometimes. Most of them knew me, even the Technology Coordinator for the campus. So I really couldn't do anything too bad. I never really did anyways, except one time installing Ambrosia's Avara and arranging a LAN party on the lab. They were a little disappointed, but they got over it and put me in charge of a short-lived computer club in my middle school.
That's just to get them back for decades of "Be sure you bring a Number 2 pencil" abuse.
--Rob
Towards the Singularity.
My school has done this as well, beginning in 1996. The circumvention of firewalls was unnecessary, as we were told things like "don't violate copyright, we won't cover your ass" ... and then they didn't do anything about it.
A good number of teachers just decided that laptops in class were a bad idea. There was no legitimate need for them in most classes, anyway. Some teachers took the policy "This is an honors class; if you don't pay attention it's your problem." (This in combination with "You should study. If you don't study, you'll fail.")
Most people learned that using a computer during class was a bad idea (except for me, I'm doing it during a lecture right now... *cough*). Most people were also honest enough not to try to be l33t h4x0rs.
in some countries, you get a drivers license (for anything you want) by simply setting the creation time of a file on a floppy disk. and who had not root access at school? it is cheating and it has to be punished, but i think this pupil just took the kirk solution for kobayashi maru test and it should not be too hard. the others that would have bought the test results are the real problem (and if they would not exist, it's questionable if he would have done it).
That sort of reminds me of the way I have to log into my internet banking. I think they use Javascript to generate on on-screen numeric pad with a randomised layout.
Anyone know of a more general on-screen keyboard that can randomise the layout? Or even better, a live Linux CD that comes with one?
yep - programmer key (and then typing 'finder g') interupt got around it, as did an OS bootable zip drive hooked to the SCSI chain (cmd-opt-shift-esc) or pressing 'c' with an OS CD in the drive. On older macs, it was just command-esc or command-del to enter debug mode because there was no programmer key. I think early versions of At Ease could be bypassed by holding down the shift key at start or by using force quit (cmd-.), but those two workarounds didn't last for long.
In college I faced a similar but a bit different of a problem - Foolproof and nightly restore from disk images. Our mac lab head and lead lab attendant were both very smart mac users (the lab lead wrote a very popular graphical game called MacTrek [not the text game], but was forced to destroy it and all copies and source when Paramount sued him and he lost) and pulled the programmer and reset keys off, though I found I could still hit either with a well aimed paperclip... but that didn't disable foolproof like it did At-Ease. At about that time, I discovered the magical command-option-shift-delete would boot to the next available drive, not the hard disk. With an OS installed mac image on a Zip disk, I was able to bypass and remove programs... At first, I just disabled the image restore program, but the sys-admins were savvy, and quickly discovered my transgression and reinstalled the software, wiping my game folder... I needed something more. They had discovered that I hacked in, but not how I had hacked in, so I continued with my deviant ways... With some playing around with folder flags, I found one that wouldn't allow the folder to be deleted by the restore software (mark as a system folder, I think). I also found the program wouldn't erase anything contained in this protected folder, though I don't know why - maybe they thought that since foolproof wouldn't let you open the system folder, there was no need to clean it up, maybe it was a flaw in the restore program - I never did find out.
I installed a directory with games having no icon and the name " " (space). You couldn't see it unless you rectangle drag highlighted it, and needed to click the space to launch it, since I erased its icon mask to make it harder to see. I then shoved it in a place nobody would look - something under Utilities, but I forget. Later, when I was a bit more mac savvy myself, I wrote a little extension I called unfoolproof (not to be mistaken for the program by the same name) that would not load the foolproof extension if I held down the u key at boot (it was actually named something innocuous like ISO9660VolumeMount and didn't display an extension icon).
"But this is slashdot so I expect a bunch of replys saying that it is not the kids fault but it is the schools fault for not securing their computers."
See the post above yours for a hint.
Maybe the moment you install the keylogger the AV software won't know about it, but within a short time it will.
Chances are good that this teacher or the school IT department did not keep the systems up to date.
I disagree. People seem to think that commiting crimes on a computer is somehow "not as bad" as the normal physical crimes of theft, tresspassing, etc. People need to be taught at a young age that doing things like putting a keystroke logger on a teachers computer is a real crime and not just harmless fun.
Excuse me? I'll agree that computer crimes aren't "harmless fun", but do you actually think any computer crime is as serious as assault, rape, or murder? If you do, you have some seriously screwed-up values. Trespassing, at least in a private home, is up there too. I'll happily shoot dead anyone that breaks in my house, but I'd never advocate death for any computer crime (except maybe something extremely large-scale, but I doubt it).
How about a hypothetical question: if you had a choice of living in two societies, one where violent crime is commonplace, but computer crime is nonexistent, or another where computer crime is rampant, but violent crime is nonexistent, which would you choose? I'll happily choose the latter. At least my life isn't at risk, and I can always exercise caution and use appropriate security measures to avoid being the victim of a computer crime.
But this is slashdot so I expect a bunch of replys saying that it is not the kids fault but it is the schools fault for not securing their computers.
A criminal is always liable for his crime, but that doesn't excuse not taking measures to avoid being the victim of the crime in the first place. Do you leave your doors unlocked? Do you leave valuables inside your car, with the doors unlocked, and a sign outside saying "please don't steal the valuables inside this unlocked vehicle"? You can whine and point fingers all you want after becoming a victim, but you're still a victim. I'd rather avoid that.
Way back when I was in high school, our "computer admin" used to stay logged in as root to the AUX machine that ran our mail all the time despite the fact that several people told him not to do that. So one day I got another guy to distract him while I sat down and used that login to make a copy of a shell binary and set its sticky bit. Fun times were had after that!
Of course, he didn't notice until 4 or 5 months later when I showed him. Then he sure was upset...
Posted from the wireless couch.
Back in the early to mid 1980's when I was in H.S., I was over at the Radio Shack in one of the malls back in Indiana - Glendale in Indpls. At the time, Radio Shack was in the basement (Galleria).
I went into the store and happen to see a kid I knew from school. We were looking at stuff and came upon a TRS-80 (Trash 80) with a voice synth cartridge. We played with the computer and found that it had a bad memory chip. I wrote some basic statements that mentioned something like "This computer is fried". It was written in such a way that it would excercise all of the memory.
I then executed the program and the woman manager nearby thought it was not funny. She came up to me and said that I was to leave the store immediately and I asked her why. She said don't question me, get out now, this is the end of discussion and again ordered me to leave or else, she would call security to have me arrested. There were a few customers and I yelled to make sure the customers would overhear. What I yelled is, "Your store sucks and you put out broken stuff to demo which is very lame." The manager got real angry and told me to follow her to her office. I then said, "F*** you" and walked away. She threatened to call security to have me arrested if I did not follow her orders and I called her bluff by walking away and told her "kiss my @$$, try and do it." I then proceeded to go upstairs and then leave the mall to go to my car.
A few years later after I graduated from College (5 or 6 years after the incident), I ended up working with a guy who I remains friends with to this day. He worked in that Radio Shack at the time this woman worked there. I mentioned to him the incident I had with her. He didn't have much to say about her. He mentioned that she had no sense of humor. We laughed about it. On the kid I saw there that day, we talked a little bit about it but that was it.
If this happened today, I am sure I would have been in a lot more hot water especially with our zero tolerance laws / rules & regs, Patriot Act.
Keywords for Search : Radio Shack, Glendale, Indianapolis, Indiana
http://www.privacyrights.org/fs/fs7-work.htm (US)
http://www.privcom.gc.ca/fs-fi/02_05_d_17_e.asp (Canada)
http://www.theregister.co.uk/2003/06/17/privacy_in _the_workplace/ (UK)
-- SYS 64738 --
I usually design my own keyboards and here's how:
:)
1. buy keyboard.
2. take it apart.
3. insert your own programmed IC
4. write your own keyboard software (just one file, even on win/linux/mac)
5. hardware keyloggers get gibberish
the software (keymap) just deciphers the signals differently so all the logger would get is gibberish and not work at all.
works for me. heck, even including this file in the "Windows File System Protection" loop works to prevent keyloggers based on changing those files
All of which he didn't do (as far as we know he only got the test answers). This should be counting in his favour, or, at least, not against him.
It's the same situation with the people who threw flour at Tony Bliar. It COULD have been anthrax, but it wasn't and they shouldn't be treated as if it was anything other than flour, infact they should get a medal for pointing out how weak the security was.
FGD 135
Once a few of us "discovered" you cold actually get into the configuration screen, they enabled the password function. However, I somehow figured out that if you passed the flag "/255" to the menu program, that would bypass the password. I remember "borrowing" a copy of Direct Access to take home and figure out how to break the password thing.
The instructor figured out that a few of us were bored to tears in required "keyboarding" class, so we got to take an experimental email-based Pascal course at the U. of Michigan. Since I was at an Army base in Stuttgart (go Patch Panthers!) at the time, the class-by modem was pretty cool at the time.
My, how time flies..
Method of processing duck feet
You're obviously not thinking clearly. This is a teacher/student problem and it should be handled internally period. Here's why...
The action this student took was not a crime, it's a mistomener.
People get away with real computer crimes all the time, and there's no reason for charging this kid legally. Which would you prefer, locking up your neighbor's kid because he's smarter and lazier than a teacher, or locking up spammers?
He was cheating, and that's wrong. Just give him an F, and move on.
It's really simple, I'm surprised even a mainstream media has accepted these charges. I'm really disappointed that slashdot has accepted this school decision, because it's the wrong decision.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Excuse me? I'll agree that computer crimes aren't "harmless fun", but do you actually think any computer crime is as serious as assault, rape, or murder?
Are you stupid? The poster said "normal physical crimes of theft, tresspassing" and never mentioned assault rape and murder.
"[...]if you had a choice of living in two societies"
WTF are you babbling about? Why would we ever have to make a choice between "one where violent crime is commonplace, but computer crime is nonexistent, or another where computer crime is rampant, but violent crime is nonexistent?"
Are you stupid? The poster said "normal physical crimes of theft, tresspassing" and never mentioned assault rape and murder.
So if some guy breaks into your house at night, do you stop to ask him if he's armed or not? As far as I'm concerned, trespassing is the nearly same as attempted murder, and fully justifies the occupant in killing the intruder.
Now, would you say that shooting someone who's in the process of committing a computer crime would be ok? I don't think so. Not unless they're about to launch a nuke or something.
Not as criminal as some of yours but I have my own story. I spent the last two years of high school at a community college so my high school hacking was cut short but one class I had was an AP (HAH) English class with 5 3.1 systems in the back. Me and a friend of mine spent most of the class time hacking the school network and screwing off. Never installed or changed anything but we found out how to give ourselves admin status. Never had the guts to do anything wrong :( Also found a keylogger on one of the liabray systems, we didnt put it there but we hijacked it and changed the password so only we could access it.
At the college I work at the math tutor center and had 2 old systems that were FULL of viruses and worms. I'd almost rather have those than the 3 new ones because the IT people think they know how to keep them working. Half the time the DeepFreeze icon is blinking red saying it is currently disabled lol. gateway.com as homepage, control panel links, EVERYTHING on the start menu. One of them is a black lady who spends about 3 out of every 5 minutes smacking herself on the head staring at the monitor trying to figure out how to fix something. Bah I could hack this thing in 5 minutes.
You're obviously not thinking clearly. This is a teacher/student problem and it should be handled internally period. Here's why...
He violated various computer-related laws. If someone breaks into your house, (bad analogy), it's not just between you and the intruder
The action this student took was not a crime, it's a mistomener.
In fact, it was a crime. A misdemeanor is a category of crimes. It is not a felony, but it is a crime punishable by jail time. He definitely did commit a crime. Just because it's easy to do doesn't make it any less severe.
People get away with real computer crimes all the time, and there's no reason for charging this kid legally. Which would you prefer, locking up your neighbor's kid because he's smarter and lazier than a teacher, or locking up spammers?
If you get caught doing computer crimes, you will get punished, just as this kid did. Just becuase you get away with it doesn't make it right. It is somewhat unlikely he will actually get jail time, considering it is a first offense. He does need to be taught that violating laws will get you in trouble.
He was cheating, and that's wrong. Just give him an F, and move on.
I'm sure he will get an F.
It's really simple, I'm surprised even a mainstream media has accepted these charges. I'm really disappointed that slashdot has accepted this school decision, because it's the wrong decision.
Several laws were violated by a kid who thought he was immune. Better he learn now than later.
In our defence, not only did we fail to use the password for anything malicious (not that there was much of interest stored on the server's massive 20MB disk anyway), but we owned up to it (not that anyone had noticed), and worked out how to protect the network from that particular hole in future.
I also remember one of the teachers being most amused by a friend's collection of black-and-white line-art porn. Happy days...
Right. But I highly doubt that this device was PS/2-oriented.
I haven't really heard much about the actual device that was used so we can all speculate about what was actually used. Someone below this reply stated that if it were USB then it is possible to still connect it with a dongle that is already attached to a computer.
Still highly unlikely considering that all of the classrooms at Clements do not have any USB dongles connected, nor any USB hubs in use.
Ever see the physical key loggers that connect directly to the PS/2 cable (in-line style)? They are 'undetectable' by AV scanners and Windows won't even know it's there. If it's a computer running under a desk, only a very close inspection will reveal its presence. The way to get it in is by typing a very specific message and ending it with some sort of password.
In my mischevious ways I had a keylogger on a hundred or so computers at my high school....between teaching our computer teacher how to use computers and passing my classes I had to do something with brand new (400 MHz....oh yeah) computers nobody could make work....
One day my favorite teacher asked me if I could open a student's hotmail account because he had been typing a *ahem* creative e-mail about her during class, but had sent it and closed before she could get the computer away from him.....she only saw over his shoulder a few words that were slightly shocking to her, and about her.
So, innocent me, I pulled the entire letter he typed out of the logger and made it all pretty-like taking out all the [backspace] things in there where he couldn't type worth beans, and gave it to her.
Unfortunately I wasn't there at the time, but I hear his eyes were quite large when she handed it to him......*sigh*....the good ol' days.
And of the 10 home-schooled kids I know, fully five of them couldn't handle real college and ended up in local community colleges to stay close to their parents.
So 100% of the home-schooled kids you know went to college, and 50% went to (at least) a state college? That's pretty good.
heh, your school was one of the ones that the board cited when they were pushing setting up the laptops program in my school. =D
I'm pretty sure that's not even illegal.
The teacher keeps the computer in a public area and doesn't know any better.
TEACHER... Supposedly intelligent person... Instructor of knowledge...
Sounds like the teacher got schooled.
+++OK ATH
Except that neither Microsoft nor Toshiba gear any of their products towards students in any way.
Not since Marie-Antoinette played milkmaid has looking simple and honest been so fake and complicated.
Hmmm... Where do I start? (there are soo many).
..."
First thing I guess was in the 7th grade (1994 or so)I would take the encylopedia CD computer in the library/media center offline and play QBASIC's Nibbles and Gorilla. They didn't like that. I would also go into the computer lab every morning before school and figured out how to use the Mac LAN to connect to one of the modems and dial my favorite BBSs. I would play the games, chat with people, and send mail over FidoNet. This got me kicked off of all computers for the rest of my middle school/junior high career.
In high school I was in the A/V club (my career is now audio engineering) and I got permantly kicked out of the theater sound booth for re-adjusting the room EQ.
In my 'intro to computer' class our teacher was cool and I would fix his laptop for him often (Windoze 95). One day we had a sub and the guy was a real jackass. So my friend and I wrote a program in QB that would loop the PC speakers climbing in frequency and make the screen go blank. We then put it on disk and copied it to ever other computer that wasnt being used and setup a delayed countdown on it for like 10 minutes. This guy didnt know jack about computers so we turned the monitors off. My friend and I set this in motion and then went to the bathroom. The next day our regular teacher was like "what did yall do to that poor guy?". It was hilarious - he deserved it.
I was in NJROTC too and we had our student in charge who was a nice guy but really waaaay too uptight about things. So one day we decided to play a joke on him. We wrote another QB program to simulate a hard drive formatting upon boot-up. I could hear him scream at the top of his lungs from 3 rooms over; it was great.
Then the idiots at the school system decided to move off of their WANG mainframe grading system to a GUI Windoze over the LAN type of application. It handled all student records and such. What a JOKE! Let's just say I extracted my fair share of information from there; having every single networked PC in the county open to the "Windoze Neighborhood" wasn't a smart move either heh heh heh.
Then of course there was the normal stuff of having all of the computers supposedly 'locked down ' so that the students couldnt change the background and screensaver and such. Another joke which was fixed by either a boot disk or a boot to safemode.
And of course putting PC Anywhere on the staff's computers without them knowing it was loads of fun.
And my favorite was back in 1997 when I was a freshman. I was in this typing class with a bunch of senior girls who had bigger tits than brains. Well I quickly figured out how to send network messages to individual computers. Ohhh the fun I had with that... things like "I am the computer and Im watching you pick your nose" or "nice red dress" or "your name is
By the way I grew up in Seminole County Florida, the second wealthiest county in the state; Palm Beach is the first. There were soo many times where these guys were just pissing money away because they had it to spend. Ahhhh the memories.
Libertas in infinitum