Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing Laptops For Class Credit

Posted by timothy on from the for-bonus-points-assassinate-the-prof dept.

First time accepted submitter core_tripper writes "Students at the University of Twente have stolen thirty laptops from various members of the university's staff. They were not prosecuted for this, so they could just get on with their studies. Indeed, these students even received ECTS credits for these thefts. UT researcher Trajce Dimkov asked the students to steal the machines as part of a scientific experiment. Stealing these laptops turned out to be a pretty simple matter."

3 of 138 comments (clear)

  1. Re:Looks like a familiar contest. by stephanruby · · Score: 5, Informative

    This sounds like Pwn2Own taken to the next (and otherwise illegal) level .

    They did not do anything illegal. They technically didn't trespass, they had prior permission from the University Security office. And they technically didn't steal anything but loaner laptops that had been loaned out to staff for the express purpose of this experiment.

    The only reason you think they might have done something illegal is because of this phrase in the summary: "They were not prosecuted for this, so they could just get on with their studies." And the fact is, this sentence is just poorly worded (by the original non-native English author), and they were not prosecuted for this, not because of some weird altruist reason given by the University. The real reason they were not prosecuted is because they were given prior permission to do this experiment by the University Security office itself (and furthermore, the laptops they were stealing had been supplied by the grad student who wanted them stolen in the first place).

    So in all regards, this seems like this was a well executed experiment. And it goes without saying that you should get prior permission before doing any kind of penetration testing or security audit. And ideally, such a permission should be clearly spelled out and obtained in writing, since executives have been known to go back on their word with security auditors once they find out how bad their security really is.

    Also note that sometimes, con artists will recruit people to steal things for them under the guise of having them doing a security audit, so if you're going to participate in such an audit yourself, you better be damn sure that the person who's asking you to do such an audit is really the person they're claiming to be (and even if they are, that they're not setting you up for a theft that they've already committed themselves).

  2. Re:Why stop? by Anonymous Coward · · Score: 5, Informative

    Cat's are perfectly capable of learning their own names. They simply don't give a fuck when you use it.

  3. Re:"Human behavior" by mattie_p · · Score: 5, Informative

    I assume you mean a citation for the Spielburg anecdote. Unfortunately, it is exaggerated. Read more here: http://www.snopes.com/movies/other/spielberg.asp