Slashdot Mirror
Charges Against High School Hackers Dropped
ZosX writes "According to eSchool News Online, the 13 students from Kutztown, PA originally charged with felonies for hacking have been given a deal, dropping charges in exchange for 15 hours of community service. From the article: 'The probation department realizes this is small potatoes,' said William Bispels, an attorney representing nearly half the accused students. This is great news for the students and their families."
In meetings with students over the last several days, the Berks County, Pa., juvenile probation office has quietly offered the students a deal in which all charges would be dropped in exchange for 15 hours of community service, a letter of apology, a class on personal responsibility, and a few months of probation.
"The probation department realizes this is small potatoes," said William Bispels, an attorney representing nearly half the accused students.
The 13 initially were charged with computer trespass and computer theft, both felonies, and could have faced a wide range of sanctions, including juvenile detention.
The Kutztown Area School District said it reported the students to police only after detentions, suspensions, and other punishments failed to deter them from breaking school rules governing computer usage. (See "Felony charges for computer-abusing kids.")
But the students, their families, and outraged supporters around the nation said that authorities overreacted, punishing the kids not for any horrible behavior but because they outsmarted the district's technology workers.
The trouble began last fall after the school district issued some 600 Apple iBook laptops to every student at the high school, about 50 miles northwest of Philadelphia.
Students easily breached security and began downloading forbidden internet programs, such as the popular iChat instant-messaging tool. Some students also turned off a remote monitoring function that let administrators see what students were viewing on their screens--or used the monitoring function to view administrators' own computer screens.
School district officials and prosecutors did not return phone messages left Aug. 25 and had not been heard from by press time.
In legal terms, the students have been offered an "informal adjustment"--the least severe form of punishment.
Bispels said a few students are thinking about refusing the deal because they don't feel they have broken any laws. "A lot of these parents would like to fight this on principle, but it's hard to put the kids at risk on principle," he said.
Mike Boland, who represents one student, said his client likely will accept the offer. "It doesn't require my client to acknowledge he is guilty of anything," he said.
"It's about as mild as you can go," agreed James Shrawder, whose 15-year-old nephew was among those offered the deal. "It's more of a face-saving measure."
One student who has had prior dealings with the juvenile probation office was not offered a deal. That case is expected to proceed.
Links:
Students' web site
http://www.cutusabreak.org
Kutztown Area School District's response
http://www.kasd.org/districtinfo/kasdPressrelease
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
This wasn't really hacking, it was more like typing in the password which was conveniently supplied on a label on the back of the laptops.
Some students did some minor hacking after the passwords were changed, but that still didn't amount to much more than executing "hacks" that were readily available on the internet, more akin to the work of a script kiddie than a hacker.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Yeah, but now if they asked you to do that you'd be commiting a felony, and your teacher would be guilty of soliciting criminal activity. YAY circumvention!
stuff
Some students did some minor hacking after the passwords were changed, but that still didn't amount to much more than executing "hacks" that were readily available on the internet, more akin to the work of a script kiddie than a hacker.
Does this somehow reduce the significance of the crime, or was it just an aside you were adding?
When I first read about this case, I thought the school was justified. When I found out that the passwords were taped to the machines, I changed my mind. When I found out that later, there was indeed "hacking", I changed my mind again. The students broke the law--the very same law that protects you from having to worry about unauthorized computer access.
I know that, you know that, but they didn't believe it. So I told her where to stick it.
beside you don't actually have to be a hacker to know how to secure your system.
Sorry, but that's not right. I have been doing information security for a living for a long time, and I can assure you that knowing how to hack is intrinsic to securing a system. I've been to sites where the admins thought they were secure (they did all the updates, they followed all the advisories, etc.), but they were clueless when it came to how a real attack works, and as such they were extremely vulnerable to a knowledgable attacker.
Just last week I did a post-mortem on a box that had a rootkit. If I hadn't known where to look and what to look for, I would never have been able to identify what vector or tools the attacker used to gain entry, which was critical to closing the holes so it didn't happen again with a new box.
Now as far as getting caught - even the best people have bad luck sometimes. And I think the best people often go after the biggest targets, which really increases the resources of the people trying to stop them. I would rather hire someone who had hacking skill and balls than someone who just had skill.
Accessing parts of the computer to which you are not authorized falls under computer trespass laws, plain and simple.
(a) Offense defined.--A person commits the offense of unlawful use of a computer if he:
(1) accesses or exceeds authorization to access, alters, damages or destroys any computer, computer system, computer network, computer software, computer program, computer database, World Wide Web site or telecommunication device or any part thereof with the intent to interrupt the normal functioning of a person or to devise or execute any scheme or artifice to defraud or deceive or control property or services by means of false or fraudulent pretenses, representations or promises;
The key word, of course, being "exceeds authorization"
3 is interesting, too:
(3) intentionally or knowingly and without authorization gives or publishes a password, identifying code, personal identification number or other confidential information about a computer, computer system, computer network or data base.
So any student who gave out the password would also have broken the law, whether it was before or after the passwords were changed.
So yes, they DID commit a crime. The school had no particular burden to make the computers ultra-secure. Whether the school was wrong for getting the law involved is a matter for debate.
You should be aware, however, that the students WERE given ISS and detention. The charges were pressed after the school had already tried to curb the problem internally.
Well, you'll get your wish...
"One student who has had prior dealings with the juvenile probation office was not offered a deal. That case is expected to proceed."
That's incredibly stupid. "People A-L get off light, but M did something completely unrelated before, so we have to make sure he learns his lesson." I don't know, I guess my assumption is that it's not computer related, but in my mind if you kill someone, serve your time and then get arrested for robbery, your punishment shouldn't take into account that you killed someone in the past.