Slashdot Mirror

← Back to Stories (view on slashdot.org)

Student Logs Teachers Keystrokes

Posted by samzenpus on from the cheating-made-easy dept.

handy_vandal writes "A 16-year-old student has been charged with a misdemeanor for rigging a keystroke-recording device onto a teacher's computer. School district police received a tip from students that the boy was trying to sell answers to final exams. The District Attorney's Office has charged the teen with breach of computer information, a Class B misdemeanor punishable by a fine of up to $2,000 and up to 180 days in jail. This sort of thing has happened before. The problem is so pervasive that the GRE board has switched from computers back to paper and pencil."

5 of 722 comments (clear)

  1. Re:What kind of idiot... by jmrobinson · · Score: 5, Interesting

    I disagree, some keyloggers can be very discreet and look just like an adapter. Like this one... Unless the teacher is at least somewhat computer savvy, they will be none the wiser.

  2. Re:My wife just started teaching... by Monkelectric · · Score: 5, Interesting
    It's common knowledge that the kids are smarter than the teachers, computer-wise

    When I was in the 8th grade, I got stuck in both a typing course and "Technology education." The computers were Apple IIe's and 8086's (dated but not REALLY old -- I had a shiny new 286!).

    Every friday in typing course we got to play lemonaide stand and whoever got the highest score got a candybar. The highest score ever was like 5000$. The game was written in basic, so I changed the score print line to print score+1000000. We liked to play it cool, so we kept playing the game like normal until some kid walked up behind us, saw the score, them promptly flipped out.

    We also got a program that made letters in text mode fall off the screen. It was funny as hell and everyone just assumed the computer had a virus.

    I also brought a bunch of games for the tech ed class to play. However, altruism has its price. I wrote a program that displayed some choice words about the teacher, but only once every 50 times the game was loaded. We also put it on most of the schools disks. We had intended it to go off sometime after we were long gone from that class. But we grossly misestimated the ammount of useage the programs got, and two weeks later we were banned from using pretty much anything with electricity :)

    When I got to highschool, the library computers were locked down tight, they had a menu program that was pretty secure. So I brought a boot disk, stole the menu program (I had intended to find a security hole in it). Never did find a hole -- but I attached a TSR program TO the menu program, then used a bootdisk to insrt a script which activated the altered menu program after the NEXT reboot (so I would be long gone by the time the payload hit). The TSR I attached made the computer "sing" a song. You have to imagine this was in the days where computers didnt even have SOUND CARDS. And this one was warbling this godawful tune (sampled audio) out its pc speaker.

    All the kids in the school knew I did it, but I didn't get offically caught... But I was kicked out of the library for the entire year in another incident altogether which didn't involve a computer :)

    --

    Religion is a gateway psychosis. -- Dave Foley

  3. Re:My wife just started teaching... by urbaer · · Score: 5, Interesting

    Once had a lecturer (in Networking) who said in the first lecture every year, that if anyone hacked into his network, they would recieve an automatic High Distinction, even if they didn't do the test or attend a lecture. AFAIK no-one ever managed it (though I'm not sure anyone ever bothered to attempt it).

  4. Happens all the time by myov · · Score: 5, Interesting

    I was an admin at a high school for a year. Some of the fun things I discovered...

    I'm sure I found keystroke loggers on a few lab machines. Reimage time.

    VNC made it on to the master image. Discovered it as midterm marks were being inputted on the same machines. Of course, there is a paper verification, but still, I had 4 labs of compromised machines with no trusted image.

    Caught a student once logging into a teacher area while reviewing the logs. How? He used his own user id, in a place where students don't have access. Instant visit to the administration and a suspension. I had no problem with keeping him locked out for the rest of the year, but I was overruled. Obviously not the brightest... use someone else's account!

    Students loved creating shortcuts to the C drive. My daily "shortcut scan" took care of those. 24 hour lockout.

    The IT department was either overworked/underpaid, or not actively monitoring things. Students downloaded fun things like kazaa, morpheus, winmx, etc plus associated spyware (before I knew what it was). Yet the board firewall blocked outgoing ssh, so I couldn't update the school's web site from within the building.

    Image was broken so students couldn't change their password. So, they wrote down their user id's and assigned alpha-numeric passwords. Of course, that left no accountability ("I didn't download that!")

    Teachers were also a part of the problem. I immediately forced everyone's password to expire when I discovered the security problem. I had to reset half of them to "password" with the "do not expire password" flag. No matter how many times I explained why they needed a secure password (it only takes one teacher password to compromise ALL the marks, for example).

    I also would have liked to set better lockout policies, including a 1 concurrent login policy. Teachers tended to let students share accounts, instead of sending them to me for a password reset. In some cases, students were already locked out for violations, and the teachers let them "borrow" another student's account!

    I had control of my own machine, and I had a group policy denying all student logins on it. I wish I could have set it on the teacher workstations though. I didn't trust some of the teachers to not let students log in on those machines. 1 logger and we're back to the beginning.

    One of the IT people said it best. The average demographic of a hacker is a 14-18 year old male. That described half of my students.

    --
    I use Macs to up my productivity, so up yours Microsoft!
  5. Yeah, same here by Shaper_pmp · · Score: 5, Interesting

    Yeah, very similar stories here... Got to "high school" aged 13 (weird school system where I grew up), and within a year a friend and I had admin accounts on the RM Nimbus (RMNet) Win3.1 network. Within another six months we were actually maintaining the network, (after we watched the "Head of IT" sit and stare at an autoexec.bat file for over half an hour, then solved the problem for him in thirty seconds from another terminal). Eventually we were just solving problems before the IT guy even noticed them (all, of course, unofficially - the Powers That Be would have had the screaming hairy ab-dabs at the thought of the access we had, and did, whenever they found out).

    Highlights included:

    • When they discovered two students insulting each other by e-mail (nothing stronger than "arsehole"), and decided to take e-mail away from everybody. That night I went home and wrote a simple (file-based) e-mail server in C, and a friend wrote a simple client in VB, the next day half the students secretly had "e-mail" again. They eventually relented and turned e-mail back on when they dicovered ten different people using our system during a single IT lesson (heh).
    • A one-page "school newsletter" that was written featuring the headline "Mr Brown Takes the Boys Hockey Team to Victory in the Inter-Schools Cup"... but printed out and distributed with the story "Mr Brown Takes the Boys Hockey Team in the Showers" (hey, we were all 14 - it was funny at the time). Amusing statistics from this incident:
      • Number of newsletters printed: 300
      • Hours between distribution and horrified emergency recall: 4
      • Number of newsletters successfully recalled: 14
    • When the Head of IT removed the admin (superuser) account a friend had been using to do essential network administration (that the HoIT didn't know to do!), so we removed admin privileges from the "admin" account for a day. It never, ever got mentioned... but funnily enough he stopped looking for unauthorised superusers after that.
    • And finally, the best of the lot:

      The Head of IT had a deal with RMNet (the Nimbus ISP that offered cheap rates to educational insitutions) - in return for cheap hosting, he had to look for and report any porn sites he could access so they could be added to the blacklist (still a bit suspicious about that...).

      Anyway, the Head of IT used to sit on the only machine with a modem (for hour or two every morning before school), surfing for porn/credit card/warez sites sites, recording the URLs and reporting them to RMNet. The only problem was... he'd never heard of a browser cache.

      We actually had friends who'd come in at lunchtime, copy the cache full of porn onto disk and sell it to the other kids for a couple of pounds a time.

      • Admin accounts on the school network: A small investment of time.
      • Occasionally getting caught with an admin account: A quick telling-off
      • Being regularly supplied with porn by the guy supposed to stop you seeing it, and making a tidy profit into the bargain: Priceless
    --
    Everything in moderation, including moderation itself