Slashdot Mirror

← Back to Stories (view on slashdot.org)

3rd Grader Accused of Hacking Schools' Computer System

Posted by samzenpus on from the give-that-kid-a-gold-star dept.

Gud writes "According to The Washington Post a 9-year-old was able to hack into his county's school computer network and change such things as passwords, course work, and enrollment info. From the article: 'Police say a 9-year-old McLean boy hacked into the Blackboard Learning System used by the county school system to change teachers' and staff members' passwords, change or delete course content, and change course enrollment. One of the victims was Fairfax Superintendent Jack D. Dale, according to an affidavit filed by a Fairfax detective in Fairfax Circuit Court this week. But police and school officials decided no harm, no foul. The boy did not intend to do any serious damage, and didn't, so the police withdrew and are allowing the school district to handle the half-grown hacker.'"

72 of 344 comments (clear)

  1. Dade Murphy? by Tumbleweed · · Score: 5, Funny

    Zero Cool strikes again. Mess with the best, die like the rest!

    1. Re:Dade Murphy? by WrongSizeGlass · · Score: 2

      Or maybe Oliver Wendall Jones?

    2. Re:Dade Murphy? by AlamedaStone · · Score: 2, Informative

      Or maybe Oliver Wendall Jones?

      You must be old here.

      --
      "All these years believing you're the signified monkey, only to find out you're just a big hunk of nobody cares."
    3. Re:Dade Murphy? by cosm · · Score: 4, Interesting

      When I was in high school, I was in the library one time working on a project. The internet was acting flaky, so I fired up the command prompt. A nearby librarian saw me running ipconfig, and immediately notified the principle. I was sent down to the office and screamed at by the principle and a few other administrators for exhibiting 'possible terrorist activity'. They banned me from computers for the rest of my senior year, and I had to go to 2 after-school detentions, (A+ student, no prior record at the school). Even after trying to explain myself to the district IT admin, I was fed the line "You were doing something unauthorized, so you pay the price".

      Fuck you WHS.

      --
      'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    4. Re:Dade Murphy? by severoon · · Score: 4, Informative

      Whoops, I think there's a minor error in this summary and the headline of the article. It should read, Fairfax County public school system administrators criminally negligent in securing sensitive data. There, glad I fixed that...

      --
      but have you considered the following argument: shut up.
    5. Re:Dade Murphy? by gnasher719 · · Score: 4, Insightful

      And you are wondering why Europeans laugh hysterically when Americans tell us they live in the freest country in the world.

    6. Re:Dade Murphy? by History's+Coming+To · · Score: 2, Informative

      It is kind of funny (I'm in the UK), but I'll tell you what, I could be arrested in this country for the fact that I sympathise with people who carry out suicide bombings. Honestly, I do, I mean how bad must things be if they really feel that blowing themselves up in a busy public place is an appropriate action? They must be absolutely desperate. I'm not saying I agree with their methods, I'm weird because I'm an atheist who for some odd reason also believes in the "no killing" rule. But the point remains that the state here can arrest me for sympathising. I'll leave the argument of whether the state or suicide bombers are a bigger threat to my "freedom" (whatever that is) to the reader. I'm not sure yet.

      --
      Please consider this account deleted, I just can't be bothered with the spam anymore.
    7. Re:Dade Murphy? by bragr · · Score: 2, Interesting

      I recently started working IT for a University, and one thing that I learned very quickly, is that, especially in a Uni with a large CS department, there are so many people that think they are "1337 h4xoR$" because they can abuse net send, or figured out how to use Slowloris, or other such things, in addition to all the other fires that need to be put out, like worms spreading over the wireless network, that we don't have time to be nice to people that are screwing around on the network. We are more interested in solving problems quickly than making friends.

    8. Re:Dade Murphy? by Bob+Cat+-+NYMPHS · · Score: 3, Insightful

      >they can abuse net send

      If ONLY there were a way to disable that!

      Boy, this computer stuff sure is hard!

      --
      The latest Slashdot meme.
    9. Re:Dade Murphy? by tompaulco · · Score: 2, Funny

      You had the internet in High School? Luxury! ipconfig hadn't even been invented when I went to high school. It was so early in the computer era that they still thought keyboarding ought to be a prerequisite to a programming class.

      --
      If you are not allowed to question your government then the government has answered your question.
    10. Re:Dade Murphy? by arekusu_ou · · Score: 2, Insightful

      1. UK doesn't not represent Europeans. I think UK is one of the worst in terms of liberty in Europe.
      2. US and European are not the only ones in the World.

      Europeans laughing; that America is not the freest country in the world, does not infer that they feel Europe is the freest "country/continent" in the world. That would be an interpretation of the statement.

  2. More likely, by PhrostyMcByte · · Score: 5, Insightful

    Some dumb teacher probably just left their admin password laying around on a post-it note, or hell even left some admin interface open unattended, and doesn't want to admit it. Therefor, "hacking"!

    1. Re:More likely, by Rary · · Score: 5, Informative

      Some dumb teacher probably just left their admin password laying around on a post-it note, or hell even left some admin interface open unattended, and doesn't want to admit it. Therefor, "hacking"!

      Actually, although TFA doesn't provide any details about how the "hack" occurred, they do differentiate between this and a similar case where someone merely obtained someone else's password. The implication of the article is that there was actual technical skill of some kind involved.

      --

      "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

    2. Re:More likely, by Anonymous Coward · · Score: 2, Informative

      FTFA:

      In January, students at Churchill High School in Montgomery County broke into their system to change grades, but that involved stolen passwords, not hacking, and did not involve Blackboard, Montgomery police said.

    3. Re:More likely, by $RANDOMLUSER · · Score: 4, Insightful

      Even more likely: Had security been adequate to keep out a determined nine-year-old, it also would have completely stymied the teachers and administrators.

      Even more likely than that: Some teacher who "knew a lot about computers" set up the system in his/her spare time.

      --
      No folly is more costly than the folly of intolerant idealism. - Winston Churchill
    4. Re:More likely, by digitalunity · · Score: 2, Interesting

      Probably not much skill required. Anecdotal I'm sure, but I've read online of other "hacking" done to Blackboard's software.

      This kind of leads me to believe they just have really shitty security. Reminds me of the screen lock software they installed on the old Mac's we had when I was in middle school.

      Move the mouse and it appears to ask you for a password, but click in the very far lower left corner and it let you in...

      Any security device designed with an intentional circumvention probably has a security hole also.

      --
      You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
    5. Re:More likely, by commandermonkey · · Score: 5, Informative
      ABS News has another article about the incident:

      According to a search warrant, the computer savvy boy was able to get a hold of an administrator's password at Spring Hill Elementary to get into the Blackboard learning system

      http://www.wjla.com/news/stories/0410/726170.html

    6. Re:More likely, by G00F · · Score: 3, Insightful

      for a 9 year old, that would be skill.

      --
      The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive
    7. Re:More likely, by nametaken · · Score: 5, Insightful

      Let's not make excuses for the fact that Blackboard SUCKS in every conceivable way, as it has since schools first started using it.

      If there's any problem at all with some staff member's abilities, it manifest itself in the decision to license that pile of trash in the first place.

    8. Re:More likely, by coolsnowmen · · Score: 2, Insightful

      Agreed, noone starts programming w/o ever seeing someone elses code. Most of my code now is from scratch (or from my own previous code), but at one time I looked at a lot of examples from books/internet to see how things were done.

    9. Re:More likely, by spazdor · · Score: 5, Funny

      Yeah, preteens ain't got any skillz unless they've coded their own sploit. I bet this kid doesn't even know how to write kernel patches. What a retard.

      --
      DRM: Terminator crops for your mind!
    10. Re:More likely, by $RANDOMLUSER · · Score: 3, Insightful

      Having been a teacher at the local community college, and having used that egregious POS, I have to agree completely. I'd think rather be homeless (or be sentenced for life to use Access) than have to deal with Blackboard again.

      --
      No folly is more costly than the folly of intolerant idealism. - Winston Churchill
    11. Re:More likely, by Anonymous Coward · · Score: 2, Interesting

      This happened to my younger brother when he was in junior high (10 years ago).

      He had a relatively good understanding of computers at the time, and decided to go to 'right-click, explore' on the start button and found out a number of network mapped drives.

      He clicked on a few, and a password box poped up. He typed in "admin" and "admin" for both user and password. He looked around and found some interesting documents pertaining to school administrative officials. Before he was able to read them, the teacher came by and caught him.

      They sent him to the principal's office and called my Mom. They said they were going to charge him with "hacking" and theft, unauthorized access, criminal mischief, etc.

      My mom freaked out and called me. I set up an appointment with the principal to see what he had actually done. They called in their network administrator and superintendent and all 5 of us had a meeting.

      After they had told me exactly what he had done, I mentioned their security must have been lax enough that anyone could access it, even by mistake. We agreed he probably didn't know what he was looking for, if anything.

      The network administrator, not content to be outshone after we had all agreed to dismiss it and give my brother a suspension, decided he wanted to prove to me it was secure.

      He showed me the firewall. So I showed them all how the network admin had the default user and password still set.

      I wish I could say he got fired, but no. He still works there. They just required him to get more training. He's not so bad now.

    12. Re:More likely, by shogun · · Score: 3, Funny

      Agreed, noone starts programming w/o ever seeing someone elses code.

      I suspect Ada Lovelace may disagree with you on that one.

    13. Re:More likely, by poena.dare · · Score: 2, Funny

      It's Blackboard Learning System (BLS) - many schools use it. Chances are he did it through URL manipulation. I tried to get my son the hack it but he refused. He said, "I don wanna know about web sites and stuff and then end up haffin to fix Mom's computer like you, Pop." Broke my heart. :(

    14. Re:More likely, by TougaSempai · · Score: 2, Funny

      or be sentenced for life to use Access

      Oh, come on -- it couldn't be THAT bad.

    15. Re:More likely, by RobDude · · Score: 4, Interesting

      Nobody cares - but here is my evil 'hacker' story.

      When I was in high school, I was kicked out of my programming class, along with five other of my friends. We were marched down to the principal's office. I was given the title of 'ring-leader'. It was interesting stuff. Apparently, I was an evil hacker.

      At first, I was like, 'Don't worry guys' because, after all, I didn't do anything bad. I did some cool stuff - like a program to change the desktop resolution, so I could write code in 1024xwhatever instead of 800x600. We'd also enabled sharing of our network drive so that we could work on our class stuff from anywhere in the building (which meant I could do homework in the library).

      When I was in the room with the principal, she asked me to explain what increasing the resolution did, exactly. I tried my best, I told her....'Well, ummm....it means there are more pixels on the screen than you'd have otherwise....and it....ummm....gives you more space.'

      She paused....and said.....'So, you mean to tell me, you were able to see parts of the screen you weren't supposed to? Did you ever think that maybe there was a reason those parts of the screen were hidden!'

      I'm not joking. I'm not exaggerating. And at that point, I was basically forbidden to speak. Her mind was made up, my fate was sealed.

      I thought it was a pretty good explanation from a 16 year old kid who didn't really know jack and who was fairly nervous at the time.

      I was threated with expulsion from my school, kept out of class, given an F in my programming class (prior to this, I had an A+ and would literally go around and help other kids, the same as the teacher would. I'd spend hours in the library making my program do things far beyond the scope of the assignment. I was a great student).

      Eventually, after much drama, it was decided that I could remain in my school - but that I couldn't touch any school computers for the rest of my high school years. That's to say, for the entirety of my senior year, if I was in English class and we were supposed to type a paper - I had to sit there and not touch a computer.

      The stupidity is overwhelming to the point where it seems unfathomable.

      I still don't know what trigged it all. The things I did, I had permissions and access to do - so I don't see how that really fits as hacking. We had an idiot running the school, and apparently, an idiot running the IT department. I'm guessing that nothing was locked down and someone did something actually malicious and they looked and saw that, OMG, some kids are working on their homework in the library via their network drive! And so, we (and more specifically, I) became the target of their rage.

      Schaumburg High School/Sharon Cross - you suck.

    16. Re:More likely, by RobDude · · Score: 4, Insightful

      In my experience - this.

      I don't know why schools are this giant black hole of suck - but they are. My school was very well-to-do, and had some of the highest paid teachers in the country. I don't know why they could find an IT guy who could follow industry accepted best practices.

      If you can't stop a curious, bored, student - who really doesn't know jack; you have no business working in IT.

      I love how everyone wants to attack the kids in these school + computer security cases. Nobody ever wants to talk about the trained 'professional' whose job is to prevent these things - getting schooled (haha) by a kid.

      Instead of kicking the kid out of school - why not fire the IT guy, get a real IT guy, and then, let the kid (who will proudly offer it up) show the new IT guy what he did. The new IT guy will shake his head and go, 'Yeah - that should be locked down'.

    17. Re:More likely, by Minwee · · Score: 2, Insightful

      Oh, come on -- it couldn't be THAT bad.

      Oh, yes, Access certainly is bad enough to be compared to Blackboard.

    18. Re:More likely, by tsm_sf · · Score: 2, Funny

      Some dumb teacher probably just left their admin password laying around on a post-it note[...]

      The password was "pencil".

      --
      Literalism isn't a form of humor, it's you being irritating.
    19. Re:More likely, by ooshna · · Score: 2, Funny

      And you had to walk uphill both ways to school with 5 1/2 floppys tied to your feet because you couldn't afford shoes. We know Grandpa we know.

    20. Re:More likely, by fuzzyfuzzyfungus · · Score: 2, Informative

      She has a stronger claim than most; but not entirely ironclad...

    21. Re:More likely, by Minwee · · Score: 2, Informative

      you can expect the price to be tailored to your individual institution, or in other words, likely several hundred dollars at least, probably in the thousands.

      I think you missed "Per student" and "annually" at the end of that.

      The typical customer licensing the works will pay $160,000 - per year. Even small victims are being bled for upwards of $50,000 every year just for the joy of being permitted to use Blackboard.

      Blackboard doesn't sell to teachers or even individual schools, they target entire districts and school boards, aiming high enough up in the organization to be sure that nobody they meet will ever have to use their product, or have any idea of what Moodle is.

    22. Re:More likely, by AngryNick · · Score: 5, Insightful
      As my 8 and 12 year old daughters have explained it to me, it is more likely that Junior guessed the username/password for a few key accounts and leapfrogged up the food chain from there. The student accounts in the lower grades are generally based on the student's id and a formula driven password that any 2nd grader could figure out. More cracking that hacking.

      This is just one more thing to add to my list of worries for my girls:
      • Getting knocked up
      • Locking me out of their Linux machines
      • Going to jail for hacking blackboard
    23. Re:More likely, by Anonymous Coward · · Score: 4, Insightful

      I don't know why schools are this giant black hole of suck

      Multiple reasons. First off, schools don't pay shit. If you have the skills to do IT for public K-12 schools then you have the skills to get a far better job in the corporate world. And secondly, schools are horrible places to work. I worked in IT from 1996 through to the summer of 2009. During that time I had a couple of short stints where I worked IT in two separate K-12 school districts and they were easily the worst jobs that I have had in my entire life. In one of the places I was something like the twelfth IT director that they had hired in the past few years. The turnover rate was approximately one per every eight weeks. It sucked that bad.

      IT in schools sucks because nobody with any skill is willing to do it. It is shitty work, you are treated horribly and you are paid poorly.

    24. Re:More likely, by Beardo+the+Bearded · · Score: 5, Funny

      I've got a six-year-old girl, and the only one that I'm worried about is #1. If that happens before she's ready, then I have failed as a father.

      #2 gets rewarded. "WTF did you do here? I've got physical access and you've locked me out. Let me order you some RAM and you can show me what you did." (She uses Puppy now.)

      Long before #3 happens, there would be a legal and media shitstorm to keep her out of jail. We've got a family lawyer, and really, Blackboard, do you want Everyone to know that a teenager can easily bypass your security protocols?

      She got one of her friends to give up their "webkins" password. It's really hard to tell her "that's wrong" when you're really thinking, "fucking AWESOME! High five and ice cream!"

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
    25. Re:More likely, by chromas · · Score: 2, Funny

      You kids today! They were 5¼" floppies, dagnabbit and we had to make them ourselves out of leaves—which we couldn't even afford—we had to steal those from the rich neighbors across town to which we had to walk in eight feet of snow, uphill backward both ways at the same time with the sun beating on our backs as the sand filled our eyes with not a trace of water visible for miles and constantly slipping on the ice, breaking our bones over and over—bones which were on loan from the charitable twelve-year-old boy next door.

    26. Re:More likely, by Dragonslicer · · Score: 2, Interesting

      Just to toss in a contradictory story, I actually had pretty good experiences in high school with our computers. The school's system administrator was also a math teacher, but she knew what she was doing (as far as I could tell, anyway). I played around with Pascal programs a lot, and I hit the system's disk quota pretty easily. This was in the mid 1990's, so quotas were on the order of a few MB for each student. When I told the teacher that I was having a problem, she pretty much said "Oh, that's easy to fix," and set my disk limit to something like 100 MB. It was definitely a huge benefit to have teachers with a clue.

    27. Re:More likely, by iamhassi · · Score: 2, Interesting

      "Let's not make excuses for the fact that Blackboard SUCKS in every conceivable way, as it has since schools first started using it."

      The problem is the system has to be easy enough for your average teacher to use it but hard enough a child can't hack it.

      That's probably very difficult to do. I'd imagine this "hack" was easier than they're willing to admit, let's not forget this 9 yr old just recently learned how to read most the content required to even start hacking.

      But let's play devil's advocate, let's assume this is a super genius kid, that he's been reading since 3, coding at 5 and is now at a college level, that would explain how he figured how to do a real hack, but then wouldn't Blackboard and the school report that? Because as the article reads he's just a "very intelligent 9-year-old". Yeah, so is every 3rd grader now days, but that won't help sell Blackboard systems, couldn't you Doogie Howser up the kid a bit more? Perfect SAT score at 6 would certainly make me feel like this could never happen again. So this kid was not a genius, this had to be a easy hack.

      Makes me feel very safe about my info at my old university that has switched to blackboard.

      --
      my karma will be here long after I'm gone
    28. Re:More likely, by fuzzyfuzzyfungus · · Score: 5, Insightful

      I've done some school IT work.

      Here's my experience: The pay is pretty unexciting; but the pressure is correspondingly low. Corp pays better; but teachers are so much nicer to deal with(obviously teachers aren't 100% angels, and corporate isn't 100% nutjobs; but the difference between working in a place where the average response is "Hey, thanks a lot for fixing that!" and one where the average hovers around "OK" or "Well, why wasn't it done yesterday? I have things that need to get done!" makes a fair difference in one's state of mind at the end of the day). Because the pay isn't so exciting, you don't get many of your truly driven types; but because the conditions are OK, you do get better help than you would expect.

      The real kicker, security wise, in my experience is the demand for ease-of-use and heavy use of various ghastly legacy software(stuff that shipped with textbooks and whatnot). I spent a lot of time grovelling through psmon traces, trying to get crap to run under limited accounts with as few security-compromising modifications as possible. Still, sometimes, you just had to do gross stuff to make it work.

      The ease of use thing caused some limitations as well. Yeah, we knew that kids were bringing in crap on flash drives. Could we have stopped that trivially? Sure. No big deal. Except the shitstorm that would break out when all the faculty and students who shuttle work to and from school on flash drives learn what they can no longer do. Internet filtering was in the same bucket. Yeah, we have a firewall and a proxy, we can be as draconian as you like. Wait, so you don't actually want draconian? Ok. Yup, we knew that we could use Software Restriction policies, make sure that the set of locations that users can write to/mount from external media and set of places from which the system will execute binaries are disjoint, all that stuff. No problem. We could even set it so that ain't nothing gonna run unless the IT department has signed the binaries with their own private key. Guess what? The users, and Admin, would have had our heads. Teachers shoving in CDs from various textbooks and expecting the (usually Macromedia director based) content to Autoplay was a daily use case, among numerous others.

      Then you get into the issue of legacy server software. Just as "enterprise" can be used as a epithet when describing software quality, and most enterprises of decent size have some real horrors lurking at the dark heart of their IT-assisted business processes, so does education. Bespoke crap, student information databases that were designed by people who thought that Windows 3.1 was too visually elegant and user-friendly, and that SQL was something that happened to other people, that sort of thing.

      I don't intend this as a general apology for the state of educational IT, some of it is incompetence driven; but, a lot of it is pretty much like corporate IT, just with less money(and corporate IT has a few security issues of its own.) The same basic dynamics are in place. Some incompetence, some crap legacy software that you can't get rid of for organizational reasons, some security measures that are possible; but would cost too much or upset too many legitimate users, and so forth...

    29. Re:More likely, by fuzzyfuzzyfungus · · Score: 3, Informative

      Oh, I've heard some real horror stories from colleagues who have worked in other districts. It sounds like there is some seriously mismanaged crap going on out there, horrible churn, completely unclear mission, near-nonexistent resources(obviously, schools don't need the newest and shiniest; but if admins are being forced to use their personal vehicles to drive from building to building because the "IT Director" won't approve any sort of remote management tools, or make even basic efforts in the direction of maintaining decent network uptime, that just doesn't make sense).

      My personal experience, though, has been pretty benign. Some sub-optimal stuff(some of which I was able to get fixed, some not); but mostly the same dynamics you'll see in IT anywhere, just with a somewhat longer replacement cycle, lots of customish apps, and fewer 50k SANs.

    30. Re:More likely, by RanCossack · · Score: 5, Interesting

      I had a similar yet oh-so-different experience in elementary school; I was less innocent to begin with, having found out the school was keeping test scores on a shared network drive with no password while I was trying to do something I vaguely recall had to do with getting a bomberman clone running.

      I told a teacher and happily went on my way; a few days later, the principal, a very friendly and well liked guy, called me to his office and nicely asked me not to browse the network shares on the school computers; it wasn't until years and years later that I found out what had almost happened to me.

      Years and years later, I found out from my parents that the school IT adminstrator had wanted to press criminal charges against me, expel me, and all that, and had convinced the board to go along with it. The school principle refused to do it and threatened to resign.

      Now, after college and after years of hearing all these horror stories from friends and reading about them online, I appreciate what an amazing principal my school had, and how lucky I was.

    31. Re:More likely, by dominious · · Score: 4, Funny

      Dear 3 digit UID /.er, we were talking about THIS century...

      I'm getting off your lawn

    32. Re:More likely, by Ltap · · Score: 2, Interesting

      These little stories make me wonder - why didn't you appeal? Also, that feels far too extreme. The school could have the power to suspend/expel you, but not to alter your mark.

      The trouble I see is that most people think that schools principals have no superior, when it's possible (although hidden and heavily discouraged by schools, obviously) to appeal just about anything and complain up to the highest level. This was done with a bad math mark on one of my exams (which the teacher, who disliked me, thought I wouldn't check after I noticed that it affected my final overall average) - the school refused to do anything, and ultimately the director of education for the district awarded me the lost marks after I had independent verification from a university math prof.

      If I had to sum up my story, it'd probably be "schools suck, but they are not immune to being smacked around like a bitch if you can find someone to help you."

      --
      Yet Another Tech Blog
      (but so much more, including game and movie reviews)
      http://yanteb.peasantoid.org
    33. Re:More likely, by RobDude · · Score: 2, Interesting

      It did end up getting escalated to the district superintendents who ultimately decided upon the punishment.

      By the time they told us what it would be, I just wanted it all to be over, so I didn't much care. They didn't say they were going to give us F's - they just said that we'd be unable to return to the class and we'd receive 0s for everything we missed. And that, in the future, we'd be unable to use any of the school's computer equipment for any reason.

      I honestly figured I'd *still* get an A - the class was almost over and I had a ton of extra credit. Maybe a B. And, I'd taken all the Computer classes the school offered - so it wasn't really much of a punishment at all.

      When I got my report card though - it was an F. Mathematically, there is no way it would have worked out like that; but it was the summer and my GPA wasn't anything special. I'd received an A in the AP Computer Science class, scored a 4 on the AP test (as a sophomore) - but received an F in the Intro to Programming class. Despite having done excellent on all the assignments and despite having received lots and lots of extra credit. Some adult, some professional educator who was well paid by tax payer dollars, was angry and decided to give me an F.

      My parents wanted to raise hell down at the district over it - but it didn't bother me and, being perfectly honest, I just wanted to be done with the whole mess. So, at my request, they dropped it.

      I went through my senior year avoiding the math department, the principal, and all of the computers. It sucked. But, on the plus side, I became somewhat infamous; and pretty much everyone except my closest friends were convinced I'd done something much cooler - like hacked into the grading system or something.

    34. Re:More likely, by dingram17 · · Score: 2, Informative
      I did part time computer support for the computer classroom at the high school I went to (yes this was awhile ago, and the computers were BBC Model Bs or BBC Master Compacts) while I was at university.

      I was told that I was offered the position because I had been one of the chief troublemakers when I was a pupil and I'd kept my predecessor on his toes and so it was thought that I'd be able to keep things in order :-) The previous guy (also a David) went on to work for a small company in the UK called ARM and designed a processor that could work with 16b and 32b instructions (US Patent 5740461) -- the 'Thumb', which is the T in ARM7TDMI.

      I'm glad that I had such a good 'adversary' to go head to head with :-)

      Working with the classroom computers helped when I applied for a more general PC admin role at a school closer to the university. Running a Novel network was quite a different experience, esp. when the 'standard' computer of the day was a 486DX-33 and the school was running discless XTs @ 8MHz.

  3. Didn't see that one coming. by migla · · Score: 5, Interesting

    Pleasantly surprised by the last part of the summary:

    "But police and school officials decided no harm, no foul. The boy did not intend to do any serious damage, and didn't, so the police withdrew and are allowing the school district to handle the half-grown hacker."

    Didn't see that one coming. I thought I was in for a story of stupid teachers overreacting and a poor kid dealt with harshly.

    --
    Some of my favourite people are from th US; Vonnegut, Chomsky, Bill Hicks.
    1. Re:Didn't see that one coming. by Fantastic+Lad · · Score: 2, Insightful

      No kidding!

      That brightened my day considerably. Though in a perfectly sane world, the police would never have become involved in the first place.

      -FL

  4. Two words by Jawn98685 · · Score: 2, Interesting

    ...come immediatley to mind as I RTFA, "Terry Childs". This kid, admittedly, commits a crime by breaking into the school's computer system. Childs, on the other hand, did arguably prevent harm by carrying out his duty to maintain the network's security, and he's the one in jail.
    [shakes head]

  5. In reality by mbone · · Score: 4, Funny

    ...so the police withdrew and are allowing the school district to handle the half-grown hacker.

    Of course, that's just what they are telling the press. In reality, of course, the boy is being put in charge of a supersecret underground Government cybersecurity lab on a deserted island even as we speak.

  6. Google by mightysw · · Score: 3, Interesting

    The words, hack (crack) blackboard, and see how many cases come up. That thing is an abomination of teaching software that, unfortunately, is used across the country. Let the kid off. He did something that everybody else has already done.

  7. Obvious solution by dkleinsc · · Score: 2, Funny

    Send this kid to study with Knuth immediately.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  8. I doubt the kid is the 2nd coming of Kevin Mitnick by axl917 · · Score: 3, Interesting

    It is more plausible that the school's Blackboard was mis-managed/mis-configured to allow access to areas it was not supposed to.

  9. Blackboard - the biggest educational POS EVER by Khyber · · Score: 4, Insightful

    I could hack that POS in my sleep, and have multiple times. The University of Redlands has some of the most incompetent IT administrators EVER - hack blackboard, get access to student accounts, surf the web on their network with not a goddamned one of them being the wiser, under an account that I could use to frame that person.

    Doesn't help their wireless AP broadcasts into my apartment at such a high power level that it blocks out most of the other wireless APs when it's engaged. 5 bars on my router two feet away? As soon as a game starts up in their sports complex, I lose my router and I get a big fat UoR signal. I hack it EVERY SINGLE TIME and they're still not smart enough after several warnings to ditch blackboard and ResNet and find something more reliable.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    1. Re:Blackboard - the biggest educational POS EVER by BitHive · · Score: 5, Funny

      This sounds like BS to me. If Blackboard was so bad, they would fail in the free marketplace and be put out of business. Since the value judgments of the free market are beyond reproach, the fact that Blackboard still exists and in fact is very expensive, means it is highly valuable and therefore good.

      I suspect you are just a communist detractor with elitist opinions.

    2. Re:Blackboard - the biggest educational POS EVER by Khyber · · Score: 3, Funny

      It can sound like BS to you but a third grader just fucking owned the system. Even AOL wasn't THAT easy.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    3. Re:Blackboard - the biggest educational POS EVER by BobMcD · · Score: 2, Informative

      Could be a POS, not commenting there. However:

      1) You're admitting to a crime. Stop it. There is absolutely zero reason to do so unless you're desperate for the wrong kind of attention.

      2) Try a distinct channel. Assuming 802.11b/g you have three viable options. Try Channels 1/6/11. These are the only ones that do not overlap. They can't be occupying all of these at the same time, at the power levels you're stating they are. Or, if they genuinely are doing so, call the FCC and I imagine it'll stop fairly soon.

    4. Re:Blackboard - the biggest educational POS EVER by zippthorne · · Score: 2, Informative

      Oh yeah. Get a radio amateur to measure the power levels. 802.11b gear is unlicensed, and as such the maximum allowed power is very low. A local amateur is likely to have both the equipment and the inclination to measure and report violating emissions.

      --
      Can you be Even More Awesome?!
  10. Same for me!!!!!! Except..... by tacokill · · Score: 4, Interesting

    Same for me! Right up until I realized the kid was 9....

    Come on, really? You're gonna make that comparison?

  11. Kidding? by grishnav · · Score: 3, Funny

    I thought I was only kidding when I said the security on Blackboard was so bad a 9 year old could hack it.

    1. Re:Kidding? by Stick32 · · Score: 2

      I guess you could say, "hacking Blackboard..." *sunglasses* "is child's play..." YEEeeEeEAAAaAaAAaaaAAhhhhh!!!

  12. you can't seriously be defending childs by circletimessquare · · Score: 2, Insightful

    childs had a god complex: "i am the only one who has the right to administer this network"

    he built the network for san francisco. san francisco had every right to do whatever it wanted to do with the network they hired him to build. if san francisco wanted to hand out passwords to the network to hackers, san francisco has that right, and childs has no right to any say on the matter

    the man was not protecting the security of the network, the man believed he and he alone had a right to decide what to do with the network. the man has boundary issues: he felt attached to the network like it was his child. he probably invested a lot of time and energy into it, but so what? there's such a thing as taking pride in your work... then there is psychotically remaining attached to your work and assuming you and you alone can forever more decide how your work is used

    he was reimbursed for his work. end of story. his actions are completely indefensible. the man needs psychological help, you have no valid basis to defend the wackjob. lock childs up, he only deserves punishment and psychological treatment

    and furthermore WHERE THE HELL DO YOU GET OFF COMPARING TERRY CHILDS TO A NINE YEAR OLD

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  13. Obviously... by ewilts · · Score: 4, Funny

    ...their IT folks are not smarter than their 5th graders.

    --
    .../Ed
  14. Re:FTFA by FlyingBishop · · Score: 2, Informative

    My impression is that this says more about Blackboard's security than anything else.

    Time to switch to one of the FOSS (and in many ways superior) alternatives:

    Moodle and Sakai

    Really, it's amazing Blackboard is still around with two full-featured FOSS competitors in existence. I guess it's just testament to the power of lock-in.

  15. Blackboard by Arancaytar · · Score: 3, Informative

    Is the proprietary online education platform with an apparent side job as a patent troll, if memory serves.

    Given its closed nature, I wouldn't be surprised if their software is full to the brim of SQL injection, XSS and CSRF vulnerabilities that an interested elementary school student can exploit.

  16. I got accused of "Hacking" also... by DarthVain · · Score: 2, Funny

    I don't think many teachers really understand the word. I got suspended from school for "hacking" and bringing down the school network.

    I was in computer lab, which were all Macs, and not "Cool" Macs everyone has now, but the big square brick shaped monochrome screen macs. We had one PowerPC I think. Anyway I digress. So I was in lab finishing up an assignment, when I saw an option in the menu to "encrypt" my floppy disk after I had finished saving (as if I haven't dated myself already). Knowing what encryption was, and thinking it was neat that the option was available on the Mac I encrypted my floppy with a password to protect all my really important and top secret labs etc..

    Fast forward to the next day. I get brought into the Principals office in the morning, and accused of taking down the system. To which I have no idea what the hell they are talking about.

    Anyway long story short, my buddy that was sitting beside me, saw what I did, thought it was neat, and tried it himself. The differance being rather than selecting the "A:" drive... yes that's right he selected the "C:" drive. Encrypted the whole damn computer.

    Big deal you say? Well this was back when people still used "Ring" networks, which required being able to talk to its immediate two networked neighbors to function properly. One of them now a lump of encrypted uselessness. Though in defense the system was set up by our Grade 10 math teacher, not an IT professional.

    The guy also had no idea what he had entered for his password. Whole machine had to be wiped and re-installed. Which they also made me do as "punishment" after my suspension.

    Why did I get accused? Because they basically said my buddy wasn't smart enough to do it on his own, and that I "enabled" him to do it. So ya... that's how I got suspended for "hacking" when I was younger. I would not be surprised if it is something as idiotic or more so in this case.

    1. Re:I got accused of "Hacking" also... by profplump · · Score: 3, Informative

      6/10. Next time remember that drive letters belong to DOS, that most of the Mac with built-in monochrome CRTs didn't have internal hard drives, that token-ring devices were typically connected to a MSAU that took offline hosts out of the loop, and that encryption was not readily available -- particularly whole-disk encryption that can be applied while running from the disk in use -- anytime that the computers described in common use. Also try to work in an offensive or controversial person or group name for maximum effect.

  17. Re:FTFA by Kaboom13 · · Score: 2, Insightful

    As a youth in high school, I knew the passwords for 90% of the administration. With it I could have changed the grades, class schedule, modify the student record, or even suspend any student in any school in the entire county. How did I know it? I didn't hack anything. Teachers frequently told me their passwords so I could help them with computer problems (the only full time IT staff at the school was hired because he was someone's cousin, and a good basketball coach, and the county wouldn't give them funding to hire an actual basketball coach). It didn't take long for me to realize they followed a simple pattern based off the teacher's name. It was an easy jump to realize the administrators had the same pattern. They were supposed to change it when they logged in the first time but few knew how and even fewer bothered. I could have easily caused a lot of mischief, accessed confidential student records, or boosted my grades (something that would never be noticed because the scantron system teachers used to input grades frequently made errors, and administrators would fix them with only verbal confirmation) but I didn't, because it would have meant violating the trust of a couple of excellent educators who had truly gone above and beyond in a system that rewarded politics and actively punished excellence.

    The point being, security in schools is often terrible, and it does not require hacking skills to acquire the credentials or access to systems a student should not have access to.

  18. You gotta be kidding! by woboyle · · Score: 2, Insightful

    I imagine this has already been said, in some form or other, but if their systems were SO insecure that an 8 year old could compromise them, then the school officials themselves should be charged with gross incompetence and fired summarily!

    --
    Sometimes, real fast is almost as good as real-time.
  19. Re:FTFA by fuzzyfuzzyfungus · · Score: 2, Funny

    Oh, it is so. much. worse. than mere "lock-in".

    In order to help define their(utter shit) vs. the not-always-completely-brilliant; but far cheaper and better, FOSS competition, Blackboard has been expanding their offerings in new directions:

    Physical Access Control Systems...

    Video Surveillance...

    And, yes, ID cards, cashless transactions(on and off campus), etc..

    Yup. In order to protect their worthless core product from extinction, they've made it possible to bring the same level of quality to basically every corner of your campus and the lives of your hapless students. Be afraid. Be very afraid.

  20. NOT a hack, NEW Wash Post story clarifies: by superj711 · · Score: 2, Informative

    New Washington Post story today clarifies that it was NOT a hack of Bb – someone found and used a valid teacher login. http://www.washingtonpost.com/wp-dyn/content/article/2010/04/15/AR2010041505517.html Local Digest Friday, April 16, 2010; B02 VIRGINIA Boy had teacher's computer password A 9-year-old Fairfax County boy who changed course content and passwords in the Fairfax school system's online teaching system -- including the superintendent's -- accessed it using a teacher's password, officials said Thursday. The school district detected the problems last month and, with the help of Fairfax police, tracked them to a McLean boy's home computer. Police obtained a search warrant that said Fairfax's version of the widely used Blackboard Learning System "had been hacked" and that the boy's Blackboard account had "administrator privileges." Blackboard and school officials clarified Thursday that the boy had not found and exploited a security vulnerability, but rather that he had obtained a teacher's password. Fairfax schools spokesman Paul Regnier said the boy was able to use that access to enroll other users, including Superintendent Jack D. Dale, into his class and could then change their passwords. -- Tom Jackman

    1. Re:NOT a hack, NEW Wash Post story clarifies: by sreservoir · · Score: 2, Insightful

      if a teacher can change the superintendent's passwrod, you have a problem right there.