Slashdot Mirror
California High Schooler Changes Grades After Phishing Teachers, Gets 14 Felonies for His Efforts (gizmodo.com)
Police in Concord, California arrested a teenager earlier this week and charged him 14 felony counts after discovering the high schooler launched a phishing campaign directed at teachers in order to steal their passwords and change grades. From a report: The 16-year-old student, whose name was not released because he's a minor, was arrested Wednesday following an investigation launched by local law enforcement, with assistance from a Contra Costa County task force and the US Secret Service, KTVU reported. Reports of the hack first started to trickle into police two weeks ago, when teachers in the Mount Diablo Unified School District started receiving suspicious emails in their inbox. As it turns out, they were part of a phishing attempt launched by the student. The email messages contained a link that sent the recipients to a fake website constructed by the student to look like the school's portal. If a teacher clicked on the link, they were directed to the site that would prompt them to enter their username and password. The site would record any information entered, allowing the student to hijack the teacher's account.
Sometimes the legal system gets it right... but still rather lenient in my view.
That's almost 5 days' worth of felonies. Too bad 'zero tolerance' replaced 'let the punishment fit the crime.'
If he's lucky, the FBI will hire him and get him a shorter/commuted sentence.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
A felony is a massive life-altering consequence that is not necessarily the most useful way to address or punish a problem. The kid's sixteen. Would you charge a kid with sixteen felonies for opening a teacher's grade book and turning an F into an A with an old-fashioned pen? The fact that he used computers to do it shouldn't increase the punishment.
If he just raised random people's grades (so as not to point only to himself), it might have slipped by un-noticed. But students who got lower-than-expected grades would likely complain, causing an investigation. Hoist by his own petard, so to speak.
Should we ruin his life with 14 felonies over it? Nope. He needs a slap in the hand and some direction, not serious jail time and a record. Unpaid community service conducting teacher training on cybersecurity and Internet hygiene would be about right.
But 'murkah and harsh "justice."
Some of my middle school friends got caught breaking into a Radio Shack store to steal... drumroll, please! ... a TRS-80.
The fools that charge the kid with felonies risk putting a talented hacker onto a road to a life of crime by introducing him to real felony criminals in prison, if it went that far. While his hacks were easily reversible, they should show some respect for his skill at exposing the ignorance of this teachers, and put him on a good path and not possibly in prison, by forcing him to teach teachers how to avoid the folly that they fell for. This is the epitome of a victimless crime.
This is the kind of shit that needs two-factor authentication.
I used a keylogger entered into the machine with physically blocked ports via crashing the teacher app to DOS by entering a password longer than 255 characters then using "COPY CON: KL.COM" and ALT-numpad entered machine code from my notebook to copy the next characters typed (which would be the next teachers password) to high memory for me to retrieve later.
I only used it to lower bullies grades, not boost my own.
Why not? The kid who goes to those lengths has already decided to be an asshole.
Well maybe the school should smarten up and start using a mongodb where you cannot arbitrarily get the thing to perform commands by just messing with a string
For instance
In mongodb if you want to perform a find operation //passing in a string of 12311335612 as var string
db.find({_id:ObjectId(string),'user':{$exists:true}}).toArray(function(err,res){});
You can alter the incoming string to be whatever you like, but that db is only going to be performing a find function no matter what else you might want it to do.
In contrast SQL has both the operation and the data as a fused string letting you perform such fun magic as
"SELECT * FROM 'users' WHERE 'uid' = $string;DROP TABLE users"
I really cannot stress enough that using a database from 1974 is probably incredibly stupid but since most people are reading this on a windows machine...well you can probably figure out from personal experience why using the stupid solution is the dominant choice.
Evidently he wasn't hacking to learn.
My ism, it's full of beliefs.
Keep in mind these are 14 felony *charges*, not convictions. Prosecutors always go for the maximum they can charge so defendants can plea-bargain down to something more reasonable. Although a court date is set, it will probably be settled in a plea bargain and never go to a jury trial. Given how it's the kid's first offense and the lesser gravity of the "crimes" (altering grades is less serious than stealing money, copyright infringement, or NSA documents), the actual convictions will probably be plea bargained down to misdemeanors and the kid will probably be slapped with a hefty fine (which his parents will be on the hook for, as he is a minor), do some non-trivial community service time, and have restrictions placed on his internet access for a period of time (maybe 1-2 years). Worst case: the prosecutor is an overzealous asshole and wants to make an example of the kid. If so, the poor kid's life is seriously f**ked.
Was wondering if any of you slashdot homos will step up to the plate and do the job? TIA!
Prosecutors always go for the maximum they can charge so ... it will probably be settled in a plea bargain and never go to a jury trial.
You don't think maybe there is a problem with the legal system when this is a thing? That prosecutors have a tool they can use to avoid having to prove their cases? That they not only have the will to do this, it is basically standard operating procedure at this point?
Can you be Even More Awesome?!
Sadly, it pretty much is standard operating procedure anymore. I recall a quote about the justice system where somebody said that plea bargains aren't just a part of the justice system, they ARE the justice system. It isn't hard to see why that is. It takes time and money to schedule a judge, assemble a pool of potential jurors, select 12 from that pool to be on the jury, hold the trail to determine guilt, and then hold another court session for sentencing. The criminal justice system would quickly grind to a halt if every alleged criminal got a jury trial even if that is his/her constitutional right. I don't like the over-reliance on plea bargaining either, but that is the reality of what the criminal justice system has become.
1: We've shifted from requiring teachers discipline the students to just arresting the students when they misbehave due to budget cuts. A lot of states do this with elementary school kids.
2: It's amazing how some of the most educated people on earth can't seem to balance a budget; instead of IT infrasturcture and basic training, schools prefer to spend their money on lavish administrative pay packages rather than teachers.
3: The article states a dog sniffed out a flash drive under a tissue box. Really? I'm going to believe Sparky the K-9 can differentiate a flash drive from an alarm clock?
4: This kid thinks he's a minor and will get tried as one. Wrong. They will wait 2-3 years, then charge him, then put him away for 40 years. Why? Gotta make the quotas any way they can.
5: For any teacher to change any other persons grade, someone is storing the grades in excel. Unbelievable. How much money on smartboards and ipods did we spend?
Since terrorists hack shouldn't they have called in FBI and counter terrorist special forces as well!!! These hackers are dangerous!
Do not get caught! Dumbass, too stupid to be honest and even too stupid too cheat.
And since that's the state of things, you find it acceptable? Has it ever occurred to you to take a look at how the systems work in other countries where people doesn't get extorted into confessing stuff just to avoid the huge risk of catastrophic consequences if things don't go as they should.
The US judicial system has more similarities with witch trials than actual justice.
Should we ruin his life with 14 felonies over it? Nope.
I completely agree - this should be handled internally by the school. However, if parents are going to use the courts to stop their kids being punished by schools then it's not surprising that schools have ended up having to use the courts to punish students. Courts are not at all designed to cope with misbehaving schoolkids and the result is that either they get off scot-free or they end up with life-ruining consequences.
https://www.bop.gov/about/faci...
People need to stop thinking that what you see about prison in movies or TV (even reality TV) is the norm.
Nobody is arguing that he should not be punished it is the severity of the punishment that is in question. A badly behaved schoolkid changing a few internal school grades is not the sort of thing a court is designed to deal with. You cannot achieve justice in schools through the court system: either kids will get off without any punishment or they end up with extremely serious consequences. What is needed is serious, but not life-changing consequences so they have a chance to learn from their mistakes.
I bet that the teacher is not going to be at least reprimanded for being stupid enough to be phished by a kid.
This is why security doesn't work. Being stupid is not being punished.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Bueller. Bueller. Bueller.
Mind you, he never got caught.
Sounds like he'd be good for pen testing, which ALL organizations need more of...
Have these law enforcers gone completely mad? They charged a fucking schoolboy with 14 "felonies" for cheating on his grades. That's an outrageous abuse of office. I say let the little boy off, and lock up the deranged & dangerous law enforcer who laid those preposterous charges.
That there is even a small chance a schoolboy might be tossed in the Gulag for cheating on his grades, brings the Law itself into ridicule and disrepute.
we should be lucky he only did what he did and did not start a nuclear war!
..better to just bury him alive strapped into a chair and a Hannibal Lecter mask. Society will be wayyyyy safer then /extreme_sarcasm
Even if a student gets the login info for a teacher here, only a few subset of computers on a separate network are able to even access the portal for grades, because that stuff is governmental here, can't be anywhere near a public network.
So if he were to login from his home or other computers in school with the logins, he'd basically just get a very "basic" version of the portal, similar to what students gets. Heck teachers aren't even allowed to being exams home either, they have to grade them in school.
Fuck him. On behalf of all of us who worked hard in school, as well as those of us who slacked but never cheated, I hope he gets his butt fucked in prison.
The US system lacks a sense of proportion.
That describes most everything about America a good proportion of the time. We spend more on our military than the next 8 largest military budget combined despite there being no objective reason to do so. We spend more on our health care than anyone else and get worse results. We spend more on prison than anyone else and get worse results. We went to the moon just to to beat the Russians for bragging rights and haven't gone back since. Whether something actually works or not never seems to dent the consciousness of our "leaders".
Prisons help some by keeping criminals off the street
Not when you put FAR more people into the prisons than necessary. The notion that more prisons = fewer criminals is good politics but terrible policy.
I won't say his life is effectively over, but, it kind of is.
There was a similar incident when I was a kid about 20 years ago. The perpetrator was expelled and not charged with a crime, but it permanently altered the direction of his life. He could have had a promising tech career, but he ended up pursuing something different which never really went anywhere. My point is this kid's life will be forever altered even without 14 felonies.
This reminds me of the meme with a photo of a police officer and the caption "Drugs can ruin your life. If I catch you with drugs I will ruin your life."
This high schooler will probably get 20 years behind bars instead of being taught a reasonable lesson and channeling his/her skills in a more productive direction.
You are 100% IDIOT.
A Minor, who in effect was simply cheating on exams. is grounds for suspensions. This situation is only slightly different and is the same in spirit.
Expelled would be a reasonable punishment, and the law was not intended for this reason.
The individual who perpetrated these crimes might be non-white, hence, they are going to throw the book at him.
I could be wrong, but this just seems to fit a narrative. If the perpetrator is white, well then, the person will likely get lenient sentencing.
Place something witty here
Also, another executive took a sabbatical, and a second was poached by a competitor!
Maybe my parser is broken.
This is an example of the difference between intelligence and wisdom.
The kid is obviously intelligent, if he was able to do this. But he's not wise.
If he hadn't pulled this stunt, he could have gotten a good IT job after college (if not right out of high school). But now he might go to jail, and who will hire him when gets out of jail?
Intelligence: I can do this clever task.
Wisdom: Is it a good idea to do that task? Or would it be better if I didn't do it?
It's 2018 and they can't spot a phishing expedition? Should such stupid people be in charge of teaching our youth?
Believe it or not, engaging in fraud is actually illegal. No matter how dumb you think they are.
And if you just "slap on the wrist", there's little disincentive to do it.
...who was a New York Teacher Of The Year: http://www.informationliberati...
"Look again at the seven lessons of schoolteaching: confusion, class position, indifference, emotional and intellectual dependency, conditional self-esteem, surveillance -- all of these things are prime training for permanent underclasses, people deprived forever of finding the center of their own special genius. And over time this training has shaken loose from its own original logic: to regulate the poor. For since the 1920s the growth of the school bureaucracy, and the less visible growth of a horde of industries that profit from schooling exactly as it is, has enlarged this institution's original grasp to the point that it now seizes the sons and daughters of the middle classes as well.
Is it any wonder Socrates was outraged at the accusation that he took money to teach? Even then, philosophers saw clearly the inevitable direction the professionalization of teaching would take, preempting the teaching function, which belongs to everyone in a healthy community. "
See also: https://en.wikipedia.org/wiki/...
"In the United States, the school-to-prison pipeline (SPP), also known as the school-to-prison link or the schoolhouse-to-jailhouse track, is the disproportionate tendency of minors and young adults from disadvantaged backgrounds to become incarcerated, because of increasingly harsh school and municipal policies. Many experts have credited factors such as school disturbance laws, zero tolerance policies and practices, and an increase in police in schools in creating the pipeline. This has become a hot topic of debate in discussions surrounding educational disciplinary policies as media coverage of youth violence and mass incarceration has grown during the early 21st century."
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Maybe of interest: https://bullies2buddies.com/
From the website: "What the [Golden Rule] really means is, We should be nice to people even when they are mean to us. ... The [Golden Rule] is the therefore the ultimate empowerment. It is the solution to being a victim. A victim reacts. A victim's behavior is therefore controlled by the bully. But in order to not be a victim, we must act independently of the bully's actions. We treat them like friends even when they treat us like enemies. And that way we end up controlling them."
Essentially, from a cybernetic perspective, Bullies to Buddies treats bullying as a positive feedback cycle between bully's taunts and victim's responses/rewards and trains victims in how to reduce the amplification of that cycle -- including through the use of humor. Doesn't work in all situations (e.g. the bully is just crazy) but is intended for run-of-the-mill bullying.
Why train the victim and not the bully? Because the victim is more motivated to change.
Some of the instructional videos are quite amusing as Izzy Kalman demonstrates the escalating cycle and the alternative.
He also explains how these techniques can be beneficial in the workplace and in marriages.
https://bullies2buddies.com/re...
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Just because I explained the reality of the situation doesn't mean I find it acceptable. Until the system is reformed (and I hope it happens), this is the cold reality of what the so-called "justice" system has now become. What do you want me to do about it? Scream, cry, and have a temper tantrum? Move to a more enlightened country?
Hey, if you think plea-bargaining is an outrage, then you'll loooove civil asset forfeiture. Here's a link to get you started. Enjoy! :-)
The US judicial system has more similarities with witch trials than actual justice.
On that, we can both agree. It's all about the money. Saving it (plea bargaining) and making it (civil asset forfeiture).
His record won't show up, when he's an adult.
You don't think maybe there is a problem with the legal system when this is a thing?
Plea bargaining is not bad, it's the American mockery of it. Here in Norway a typical plea length is ~80% of what the prosecution will ask for at trial, which seem sufficient for the vast majority of cases where the evidence is compelling. It's not worth gambling on a 1% technicality, while if they're trying to bring a dubious case to trial the risk of the full 100% is not going to scare off the innocent. In the US it's more like we have this scrap of evidence of a misdemeanor, take this plea bargain for 3 months or we'll try to put you away for 30 years. There should be a law that told the jury what plea bargain the defendant got and refused, maybe the at-trial convictions would not be so crazy. Because the problem is juries are often willing to "upsold" to say maybe not 30 but 10 years where even that is ridiculous.
Live today, because you never know what tomorrow brings
The original Ferris Bueler's Day Off where he didn't go to jail was better.
Don't they have better things to do than catching teens changing their grades?
Should be fined to within an inch of their collective lives. There is no excuse for having a system vulnerable to phishing. Class III digital certificates and IPSec would be completely immune to phishing scams. Authentication via Kerberos would be beyond most teens.
Any member of staff that falls for phishing should be fired on the spot.
Any exam system that allows you to modify grades directly should be quietly buried in a landfill. A given answer gets a given mark. Actually, in the U.S., it's mostly multiple guess. The relative mark is thus fixed.
Only in countries with normalized grades for a region should allow the mean and standard deviation to be entered.
Excuses are reasonable, but whilst they can rationalize a grade, the grade is still the grade.
You're better off abandoning exams, but if you're going to have them then do it right.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
So last night when I lied to a pretty girl in the bar that I was wealthier than I am or have done things I have not done in an attempt to seduce her is also a felony? What is next...death penalty for lying about one's weight?
... was "pencil" (no quotes).
It little behooves the best of us to comment on the rest of us.
I think you completely misread me, and I probably did the same with yours. I got the impression you were saying "the system is broken, but there is no other way". Way too common that people just look at how things are "at home", and assume that's the only way.
If it came off as me jumping all over you, sorry, wasn't the intention.
... very soon.
Turns out, he's on the fast track to be the new front man for WikiLeaks and stuff.
It little behooves the best of us to comment on the rest of us.
Anyone know how this one turned out? https://www.geek.com/g00/geek-cetera/florida-teen-arrested-for-changing-teachers-desktop-background-1620144/?i10c.encReferrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8%3D&i10c.ua=1&i10c.dv=14
When will non-technical people stop writing up tech?
He's no technologist he's a young con man.
Phishing is not hacking (or cracking for that matter)...
Maybe he can hack in and reduce it to 1 misdemeanor?
-Dave
This is where a police officer can shoot and kill an unarmed person and not get charged with a crime, fired, or let alone lose any pay or be reprimanded.
Lawyers always win. They write the laws, and the laws on top of those laws, to ensure that they will always be employed. No matter what the charge, or the crime, you can be assured that lawyers will always come out on top. Funny how that works.
My beliefs do not require that you agree with them.
Stifle the genius, great work everyone involved.
Count the economically depressed minorities and the US is actually doing better than most of the EU.
For all of you saying this kid deserves to be a felon, fuck off. You've clearly never dealt with the legal system in any meaningful way. This poor kid is shitting himself right now thinking about years of psychological and physical torture. He'd be barred from participating in society for the rest of his life. He'll probably be raped in there and he'll definitely be assaulted by inmates and guards. What kind of person do you think he'll be when he does get out? You want another French revolution? Go ahead and keep handing out felonies like Halloween candy. Treating people like this is in no way good for society. He's innocent until proven guilty and you're already willing to lock him up and throw away the key. Despicable. I wonder how fast you'd change your tune if it was your ass on the line?
Why would anyone hire him? He's just a script kiddie. Not like he wrote the keylogger phishing tool or whatever he used.
Sentencing is almost always done by a judge, not a jury.
The jury's decision is whether or not the elements of the charge have been proved beyond a reasonable doubt.
http://www.bbc.com/news/world-us-canada-43461521 - (The teenager sentenced to 241 years in prison)
"I knew I was guilty of the case, but I always thought I had a better chance with the jury. As a 17-year-old, I still wasn't thinking clearly. But at the time, that's what I was thinking."
A lot hinges on the advice you are given. If you can afford a good lawyer, you get good advice. If not, you either take what the prosecution is offering, or take your chances in court. The deck is stacked heavily against you, and the prosecutor heaves everything he has, both to bolster his standing and to show people what happens when they don't take the deal that's on offer.
And how do you propose to solve it? Trials cost millions because we want them to be accurate. We could presumably hires a bunch of high school dropouts and illegals to run trials for you for cents on the dollars, but then are they going to be as accurate as just having police threaten criminals into confessions?
Troll is not a replacement for I disagree.
It's the civic duty of every citizen to ensure that justice is done. The ultimate expression of that is generally sitting in a jury box, but the general principle applies at every level. If more people decided to act in loco parentis instead of calling the cops, there'd be a lot less messed-up kids working their way through prison.
GARRY COLE
Hello, Do you need a good hacker to help you hack into the follow. e.g
Hacking of all company website
Hacking of university website and Grades upgrade
Hacking of all social media(facebook, instagram, twittwer,
Hacking of all Banks website
Hacking of Word press Blogs
Hacking of Security Institution and get Criminal Records wiped out
Hacking of Government agency
Hacking of Database
Hacking of Email and Text message
Hacking of PayPal Account
Hacking Server crashed
Hacking of all phones and untraceable IP and many more.
global world is right place to be
For further inquiry, contact us @ jamesfoxhacker@gmail.com
WhatsApp/text:--- +12168104481
Another life ruined to avoid fixing the real issue. 14 felonies is excessive for some under age hacking. What about the idiot end users who keep clicking on email links? They should be punished and shamed for falling for the kid's email scam too, not just the kid. This is a wasted opportunity to educate the kid in the good ways he could be using his skills. Now he's just going to hate society and keep hacking it.
And how do you propose to solve it? Trials cost millions because we want them to be accurate.
Not true.
The reason trials in the USA cost lots of money is because of ethics problems in US law and government. The cost of the criminal justice system in other developed countries is substantially lower - and they have a lot fewer people in prison. For example, many developed countries (including a bunch of EU nations) spend around 25% what the USA does on courts or prisons (2004,Farrell and Clark).
Economists estimate that at least half the income of the US legal profession comes from ethics problems such as rent-seeking (The Captured Economy). US lawyers are pulling in too much money relative to the key economic statistics when compared with other developed countries - it's a lot like the problem with US health care. There's probably legal ethics problems in other countries - so this is clearly an underestimate.
There are many things you could do to speed up the process, while still having it be reasonable. For example, you could force the prosecutor to pick one charge in situations where currently they can attack on many charges. There's no need to be stacking up lots of different offences for one period in a person's life - and hence putting them in multiple jeopardy.
From the lawyer's perspective, stacking offences is useful because it makes trials longer and it increases the demand for the services of their profession. But that doesn't mean that stacking in the interests of society. If somebody commits murder, who cares if they also robbed a bank?
Similarly, there's no reason to allow prosecution for the same offence under both federal and state law.
You could also limit the amount of time the prosecution has to put on a case (subject to extension by the judge to reflect any time spent by the defence). The defence would get the same amount of time.
The dual rights to ethical government and ethical practice of law can be asserted under the 9th Amendment, as rights "retained by the people". It follows that the current system - which has massive ethics problems involving both the legal profession and the government - exists in violation of the Bill of Rights - the highest law in the land - and hence is an illegal system. Reform is required for the government to be in compliance with the law - and is long overdue.
Now that's what I call a LIFE HACK.
That's a good question. The best I see so far from a quick search is satisfaction survey results posted on the website with a lot of "very helpful" results ( https://bullies2buddies.com/do... ) and a decade-old pilot study that shows negligible results from a brief training ( https://www.psychologytoday.co... ). One confounding factor obvious from the pilot study is that kids undergoing the Bullies to Buddies training are less likely to report incidents -- meaning ideally the evaluation should be done other than by self-reports. I agree it would be good to have more recent and more extensive studies of the Bullies to Buddies program. You are right to point to AA as an example of a social movement not being backed by evidence and perhaps pushing out other better options for many people.
Ultimately, there are quite a few "knobs" one could theoretically tweak to reduce bullying in schools, including:
* educate the Victim (Bullies to Buddies or a different approach)
* educate the Bully (most bully training materials)
* educate the Bystander (also, most bully training materials)
* educate the Adults -- Teachers/Administrators/Parents
* general custom emotion coaching for every kid (like say done at the Albany Free School http://www.albanyfreeschool.or... ),
* make it possible for the victim to walk away (e.g. more alternative education options including freeschooling and homeschooling)
* make the environment more interesting and less stressful so kids have many other things to do than taunt each other
* change the nature of the schooling system and teaching so it does not itself model authotarianism/bullying e.g. John Taylor Gatto's writings like (http://www.informationliberation.com/?id=11375)
* de-emphasize competition and promote cooperation (like Alfie Kohn suggests https://www.alfiekohn.org/cont... ) or pursue other ways of reducing needless stress in school like eliminating homework ( https://www.alfiekohn.org/dwh/ ) and grades ( https://www.alfiekohn.org/arti... )
* improve nutrition for everyone ("Omega-3, junk food and the link between violence and what we eat (Research with British and US offenders suggests nutritional deficiencies may play a key role in aggressive behavior" https://www.theguardian.com/po... )
* reduce the stress on families by progressive economics (better-paying jobs, basic income, universal health insurance, bugger tax credits to families with children, and so on)
* other?
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.