Slashdot Mirror
Student Logs Teachers Keystrokes
handy_vandal writes "A 16-year-old student has been charged with a misdemeanor for rigging a keystroke-recording device onto a teacher's computer. School district police received a tip from students that the boy was trying to sell answers to final exams. The District Attorney's Office has charged the teen with breach of computer information, a Class B misdemeanor punishable by a fine of up to $2,000 and up to 180 days in jail. This sort of thing has happened before. The problem is so pervasive that the GRE board has switched from computers back to paper and pencil."
Tell that to my old High School who bought everybody new iBooks, I know *alot* of places that same money could of been put to better use. No i'm not trying to rag on Apple here, the school has *alot* of things wrong with it and throwing computers out to everybody on their kind of budget was probably the stupidest thing they could of done.
Your hair look like poop, Bob! - Wanker.
It's common knowledge that the kids are smarter than the teachers, computer-wise... but hasn't it always been that way?
;)
This is true. When I was in junior high in the early 90s, we had some basic computer course that involved filling out answers to some questions on a computer. I don't really remember that much about it now. But one day a bunch of us were in the lab and we found the teacher's disk, which had the answers to everything. We entered the disk and the program asked for a password. My friends were ready to give up. I thought for a moment and typed in "hello". It worked... first try. It was hilarious. My friends, most of whom hadn't used computers much by that time, thought I was some kind of serious hacker.
I guess this was a lot funnier in 1992. But the point is... I'm sure then, just like now, the teachers thought everything was secure. There's always someone who's going to prove them wrong.
I disagree, some keyloggers can be very discreet and look just like an adapter. Like this one... Unless the teacher is at least somewhat computer savvy, they will be none the wiser.
When I was in the 8th grade, I got stuck in both a typing course and "Technology education." The computers were Apple IIe's and 8086's (dated but not REALLY old -- I had a shiny new 286!).
Every friday in typing course we got to play lemonaide stand and whoever got the highest score got a candybar. The highest score ever was like 5000$. The game was written in basic, so I changed the score print line to print score+1000000. We liked to play it cool, so we kept playing the game like normal until some kid walked up behind us, saw the score, them promptly flipped out.
We also got a program that made letters in text mode fall off the screen. It was funny as hell and everyone just assumed the computer had a virus.
I also brought a bunch of games for the tech ed class to play. However, altruism has its price. I wrote a program that displayed some choice words about the teacher, but only once every 50 times the game was loaded. We also put it on most of the schools disks. We had intended it to go off sometime after we were long gone from that class. But we grossly misestimated the ammount of useage the programs got, and two weeks later we were banned from using pretty much anything with electricity :)
When I got to highschool, the library computers were locked down tight, they had a menu program that was pretty secure. So I brought a boot disk, stole the menu program (I had intended to find a security hole in it). Never did find a hole -- but I attached a TSR program TO the menu program, then used a bootdisk to insrt a script which activated the altered menu program after the NEXT reboot (so I would be long gone by the time the payload hit). The TSR I attached made the computer "sing" a song. You have to imagine this was in the days where computers didnt even have SOUND CARDS. And this one was warbling this godawful tune (sampled audio) out its pc speaker.
All the kids in the school knew I did it, but I didn't get offically caught... But I was kicked out of the library for the entire year in another incident altogether which didn't involve a computer :)
Religion is a gateway psychosis. -- Dave Foley
Once had a lecturer (in Networking) who said in the first lecture every year, that if anyone hacked into his network, they would recieve an automatic High Distinction, even if they didn't do the test or attend a lecture. AFAIK no-one ever managed it (though I'm not sure anyone ever bothered to attempt it).
In my senior year of high school, the school I went to implemented a pilot program called, "Anytime, Anywhere Learning." It was some sort of thing done by Microsoft and Toshiba where we were supposed to learn with laptops.
Apparently, the plan was that giving kids computers and having them use them in class would lead to instant learning.
I will say that we did learn a lot. I learned how to pierce firewalls, how to tunnel traffic through firewalls, and how to spend my days downloading MP3s and chatting with classmates rather than listening to lectures.
The teachers, for their part, learned to tell us to keep the laptops in their bags. They also learned that there are about eight million things you can do with a chalkboard that you can't do with PowerPoint, and that the things you can do on both take less effort on a blackboard if you take the time to prepare a set of real lecture notes. They learned that there are a lot of things you can do with textbooks that you can't do with webpages, and they learned that if you let kids use webpages as sources for papers, you're going to get a lot of really crappy papers. They learned that it's impossible for the students to take good notes on a laptop from the moment the lectures start involving diagrams, and it's never possible to take good notes on a laptop in a math class. They learned that there are 8,542 ways to break a laptop, and a pack of 64 students are perfectly capable of finding all of them in less than two weeks.
All in all, they learned that putting a computer on every desk makes about as much sense as putting a TV on every desk.
The network login we had was some version of Novell Netware. I just made a program that looked like it in BASIC and ran it from DOS-PROMPT. After an attemptive login, I would just make it freeze there, like the computers would sometime do; they'd reboot and lauch the regular one. After I got a teacher's password whose accounts had administrator status(or were able to make new users who had admin status, one of those two), then me and my friends made new accounts and we could install games on them, just stupid stuff, we were like 11 and 12. We got caught because my one idiot friend saved a poem assignment he wrote on one of the admin accounts he made so he could print it later. When the admin came around from the central office for the school board to do whatever maintenance, it was all found out. I got fingered in the scheme by my friend, but I was a much better social hacker than computer hacker and just lied and convinced my way of the situation, even though I was the main culprit.
I remember my teacher asking the whole class for a show of hands, "who knew that this was going on?" and over half the class raised their hands. Anyway, goes to show, you can only trust yourself. Or, maybe, perform better network security so 11 year olds aren't able to bring it down.
I note that I haven't kept up my deviant ways, in fact, I haven't kept up my computer ways, I've only got university Programming I, which is to say I don't have anything.
I was an admin at a high school for a year. Some of the fun things I discovered...
I'm sure I found keystroke loggers on a few lab machines. Reimage time.
VNC made it on to the master image. Discovered it as midterm marks were being inputted on the same machines. Of course, there is a paper verification, but still, I had 4 labs of compromised machines with no trusted image.
Caught a student once logging into a teacher area while reviewing the logs. How? He used his own user id, in a place where students don't have access. Instant visit to the administration and a suspension. I had no problem with keeping him locked out for the rest of the year, but I was overruled. Obviously not the brightest... use someone else's account!
Students loved creating shortcuts to the C drive. My daily "shortcut scan" took care of those. 24 hour lockout.
The IT department was either overworked/underpaid, or not actively monitoring things. Students downloaded fun things like kazaa, morpheus, winmx, etc plus associated spyware (before I knew what it was). Yet the board firewall blocked outgoing ssh, so I couldn't update the school's web site from within the building.
Image was broken so students couldn't change their password. So, they wrote down their user id's and assigned alpha-numeric passwords. Of course, that left no accountability ("I didn't download that!")
Teachers were also a part of the problem. I immediately forced everyone's password to expire when I discovered the security problem. I had to reset half of them to "password" with the "do not expire password" flag. No matter how many times I explained why they needed a secure password (it only takes one teacher password to compromise ALL the marks, for example).
I also would have liked to set better lockout policies, including a 1 concurrent login policy. Teachers tended to let students share accounts, instead of sending them to me for a password reset. In some cases, students were already locked out for violations, and the teachers let them "borrow" another student's account!
I had control of my own machine, and I had a group policy denying all student logins on it. I wish I could have set it on the teacher workstations though. I didn't trust some of the teachers to not let students log in on those machines. 1 logger and we're back to the beginning.
One of the IT people said it best. The average demographic of a hacker is a 14-18 year old male. That described half of my students.
I use Macs to up my productivity, so up yours Microsoft!
There was a lab that I used to hang out in. Being one of the few geeks in the school, I pretty much had run of the place. The teacher who oversaw the lab encouraged creativity and ingenuity. Sometimes he'd get pissed with something I did, but in those cases I just fixed it and moved on. This kind of activity, over a year or so, ended up earning his trust as I would also fix the odd problems with windows/autocad and such that would crop up.
:)
Eventually I became the de-facto admin for that entire lab. During my required study period he would give me a pass to hang out in his lab--sometimes even when other classes were in there. Talk about heaven. I had the run of a computer lab that was networked. It was like being a king.
Around my junior year or so, they replaced the computers in the lab (aging 386/486 era machines with DOS, mostly) with shiny new Pentiums running Windows. For a few months they were basically just open and normal Windows machines. I think they even had Internet access. This was, of course, a total disaster. The net was new, then. People didn't have it at home. They downloaded anything and everything. Porn, viruses, music, etc.
The result was a *cough* admin *cough* who ended up being the room almost everyday for awhile. He would spend his time poking around in control panels and "fixing" the computers. Eventually be must have gotten sick of that because they hired a local consulting company to come in to secure them all. Pretty soon the whole place was all passworded up with all these layers of cheap third party locks, etc.
I broke all of them--with full (unofficial) support of the teacher who taught in the room. They had tried to lock the systems down so much that half his programs wouldn't work right anymore. He had endless problems with students just trying to save their completed CAD drawings. I made a lot of those problems go away by circumventing the security, showing him how, and then giving him pointers to try to minimize the visibility of the hole so that other kids and the admin dude wouldn't find it. Not perfect, but it helped.
After some time of this the teacher pulled me aside one day and tells me in a reasonably loud-so-that-others-near-by-can-hear voice that I need to be careful because Mr. Admin is getting pissed that someone keeps getting into his system and he's going to try for suspension of that person when he is caught. Of course nearly every one of his students knew it was me--but they weren't talking. I had helped them all out of jams at some point or other. So after doing the public speech, he later pulls me aside in private and says, "Hey, keep doing what you're doing. I'll make sure they don't do anything to you. Those bastards are making my life such a living hell and they won't listen to my needs that I've given up trying to deal with them. You at least make it possible for me to teach my classes."
So of course after the next round of "security upgrades" I was once again on the job. Eventually I figured the way into the system and changed all the screen savers to be the marquee one and had it read, "Ha ha! I got in Mr. Security Guy!" Hoo boy did the shit hit the fan. I was shielded from it, but the teacher just loved it. The admin dude was pissed. The consulting guy was there almost everyday for like 2 weeks. My teacher would just smile and nod. Eventually they locked it down pretty heavily, but by this point I was a senior and I was graduating early and was out of there.
Those were some good times. Seriously, though, I swear that in this day and age I'd be arrested for information terrorism or some such bullshit. Sure, I made life somewhat difficult for an admin or two, but they brought a lot of it on themselves. They had tried to lock the computers down so much so as to make them almost useless as a teaching tool. And of course Windows itself was so prone to holes, viruses, and other crap that it only made the problem worse. I sure did learn a lot, though. After all, isn't that what school is supposed to be for?
Hexy - a strategy game for iPhone/iPod Touch
Yeah, very similar stories here... Got to "high school" aged 13 (weird school system where I grew up), and within a year a friend and I had admin accounts on the RM Nimbus (RMNet) Win3.1 network. Within another six months we were actually maintaining the network, (after we watched the "Head of IT" sit and stare at an autoexec.bat file for over half an hour, then solved the problem for him in thirty seconds from another terminal). Eventually we were just solving problems before the IT guy even noticed them (all, of course, unofficially - the Powers That Be would have had the screaming hairy ab-dabs at the thought of the access we had, and did, whenever they found out).
Highlights included:
The Head of IT had a deal with RMNet (the Nimbus ISP that offered cheap rates to educational insitutions) - in return for cheap hosting, he had to look for and report any porn sites he could access so they could be added to the blacklist (still a bit suspicious about that...).
Anyway, the Head of IT used to sit on the only machine with a modem (for hour or two every morning before school), surfing for porn/credit card/warez sites sites, recording the URLs and reporting them to RMNet. The only problem was... he'd never heard of a browser cache.
We actually had friends who'd come in at lunchtime, copy the cache full of porn onto disk and sell it to the other kids for a couple of pounds a time.
Everything in moderation, including moderation itself
When my HS put new security software on their computers I got around it with a bit of social engineering. I created a fake company email address and emailed the creators of the software. I told them that I was interested in how to temporarily disable their software without shutting off the computer because we used the software at my business and I occassionally needed to bypass the security. They told me a back door. Simple as that.
Full-Featured GPL Web Hosting Control Panel