Student Logs Teachers Keystrokes 722
handy_vandal writes "A 16-year-old student has been charged with a misdemeanor for rigging a keystroke-recording device onto a teacher's computer. School district police received a tip from students that the boy was trying to sell answers to final exams. The District Attorney's Office has charged the teen with breach of computer information, a Class B misdemeanor punishable by a fine of up to $2,000 and up to 180 days in jail. This sort of thing has happened before. The problem is so pervasive that the GRE board has switched from computers back to paper and pencil."
way to go kid! (Score:5, Funny)
Re:way to go kid! (Score:3, Insightful)
Re:way to go kid! (Score:3, Insightful)
Not everybody has a local community college. I certainly didn't when I was in high school. My school had absolutely no idea what to do with me. You might have been in a better position, and people in large cities near universities may be as
Re:way to go kid! (Score:3, Interesting)
Really? Wasn't an option when I was in school. Isn't an option in the city where I am now. Where it has been an option, it was discouraged. You make it sound common and easy (not for the material, but to get in). That is not my experience.
So, I know in the last 18 years this has had to spread because every university I've worked with has had something like this.
Ah, that's different.
Re:way to go kid! (Score:3, Insightful)
My wife just started teaching... (Score:5, Insightful)
It's common knowledge that the kids are smarter than the teachers, computer-wise... but hasn't it always been that way?
Heh, brings back memories... (Score:5, Interesting)
This is true. When I was in junior high in the early 90s, we had some basic computer course that involved filling out answers to some questions on a computer. I don't really remember that much about it now. But one day a bunch of us were in the lab and we found the teacher's disk, which had the answers to everything. We entered the disk and the program asked for a password. My friends were ready to give up. I thought for a moment and typed in "hello". It worked... first try. It was hilarious. My friends, most of whom hadn't used computers much by that time, thought I was some kind of serious hacker.
I guess this was a lot funnier in 1992. But the point is... I'm sure then, just like now, the teachers thought everything was secure. There's always someone who's going to prove them wrong.
Re:Heh, brings back memories... (Score:5, Funny)
I think that A was even easier than the one I got in AP Computer Science (back when it was still Pascal)...
Re:Heh, brings back memories... (Score:3, Interesting)
Re:Heh, brings back memories... (Score:5, Interesting)
*Facepalm*
Re:Heh, brings back memories... (Score:4, Interesting)
Fun with At Ease (Score:3, Informative)
At least they had got a tad more of a clue than when I was there. I got banned from the computer room for locking a file (ie opening the properties box and clicking "locked"). They had to march me into the computer room and
Re:Fun with At Ease... and Foolproof (Score:3, Interesting)
In college I faced a similar b
Re:Heh, brings back memories... (Score:4, Interesting)
I've got a similar story that's similar (my relationship to them won't be shared to protect them from any reprecussions - you never know - but I can tell you that it was not me that was involved).
A science teacher (chemistry, I think?) in my acquantance's high school had already given the final exam for a class he was in before the last week of school. So, when he went in for his last actual class period for that course, she basically said "free day". She passed out pizza because a certain percentage of the class had gotten A's on the final (and in the course), and she wanted to reward them as she said she would. She had some board games and various chemistry-related fun things for students to do at their leasure for the hour (oooo! dry ice!), and let them at it.
Except for one thing. She started up her computer, opened up the gradebook application terminal, and told the students that they could come up, one by one, to check their grades. She then went back to her desk and read her book (until the dry ice fun began, at least).
Well, as it would be, she opened her grade book - not an exported spreadsheet or anything like that. Students were more than able to change their grades at whim, or the grades of their friends.
Well, this acquantance of mine changed a couple F's for incomplete homework assignments to C's and what have you - enough to bring him up to the A he needed (which reflected his exams). He also changed the grades of a fellow classmate of his, one who was notorious for beating up middle school kids and being an all around jackass - in the opposite direction. Nobody found out, and apparently a couple other folks did the same thing, too.
If there was reporting software for the gradebook, I suspect it made quite a few revision notes during that 30 minute period prior to the dry ice fun.
The irony is, this exact same thing happened to the same acquantance a couple years earlier as well (minus the grade altering). Teachers are just stupid (either that, or they want to do everything possible to make sure it looks like their students did well - the chem teacher in the first example was apparently quite easy.)
Re:Heh, brings back memories... (Score:5, Funny)
I love those similar stories that are similar.
Re:My wife just started teaching... (Score:3, Insightful)
Re:My wife just started teaching... (Score:5, Interesting)
When I was in the 8th grade, I got stuck in both a typing course and "Technology education." The computers were Apple IIe's and 8086's (dated but not REALLY old -- I had a shiny new 286!).
Every friday in typing course we got to play lemonaide stand and whoever got the highest score got a candybar. The highest score ever was like 5000$. The game was written in basic, so I changed the score print line to print score+1000000. We liked to play it cool, so we kept playing the game like normal until some kid walked up behind us, saw the score, them promptly flipped out.
We also got a program that made letters in text mode fall off the screen. It was funny as hell and everyone just assumed the computer had a virus.
I also brought a bunch of games for the tech ed class to play. However, altruism has its price. I wrote a program that displayed some choice words about the teacher, but only once every 50 times the game was loaded. We also put it on most of the schools disks. We had intended it to go off sometime after we were long gone from that class. But we grossly misestimated the ammount of useage the programs got, and two weeks later we were banned from using pretty much anything with electricity :)
When I got to highschool, the library computers were locked down tight, they had a menu program that was pretty secure. So I brought a boot disk, stole the menu program (I had intended to find a security hole in it). Never did find a hole -- but I attached a TSR program TO the menu program, then used a bootdisk to insrt a script which activated the altered menu program after the NEXT reboot (so I would be long gone by the time the payload hit). The TSR I attached made the computer "sing" a song. You have to imagine this was in the days where computers didnt even have SOUND CARDS. And this one was warbling this godawful tune (sampled audio) out its pc speaker.
All the kids in the school knew I did it, but I didn't get offically caught... But I was kicked out of the library for the entire year in another incident altogether which didn't involve a computer :)
Re:My wife just started teaching... (Score:4, Interesting)
Some of the things the admin did were rather amusing, like the fact that the original protection locked the machine down, but didnt lock you out of the autoexec.bat file, where it was called. So to disable, simply erase the program call in the autoexec and reboot (part of the problem was that our admin had very little experiance with windows in the beginning, knowing mac and unix far better). anyway, this went on and on, I would break the protection (usually leaving a message and description of how I did it in some log file or another) and the admin would put new protection on the machines. You should see those mahines now, locked down tighter'n fort knox.
Once I got a laptop I stopped doing this. Its ironic actually, at the time our admin hated me with a passion (she knew it was me, but could never prove it). Now everytime I visit my HS I drop by her office, hang-out for a while, and talk shop.
Re:My wife just started teaching... (Score:3, Funny)
I enjoyed graphics programming, though my teachers didn't. I wrote a program that filled the screen with B&W random dots,
Re:My wife just started teaching... (Score:5, Interesting)
Re:My wife just started teaching... (Score:5, Interesting)
Security (Score:5, Insightful)
Re:Security (Score:5, Insightful)
It takes many years (about 12 + 4 here in the states) to program a human, and for years the quality of that programming has decreased drastically due to bored, underpaid programmers and poor programming procedures in general. I'm not sure how you want to make the humans better, but currently there's no practical method aside from the non-profit "open source" method of human programming.
Re:Security (Score:4, Insightful)
Actually, I'd argue that both humans are designed quite well, its just one of them has a skill set that allows him to victimize the other with near impunity, as this case is a deviation from the norm.
A great deal of law is based on the concept that there will be those who have some power to take, coerce, hurt, etc others. In this case the student used his skills (albiet pathetic in terms of hacking) to vicitmize the teacher and make a profit off of stolen information.
In the context of a society where the world is shifting from property-based to information-based transactions and wealth, this is a very important distinction. The world is very much changing and it is up to the legislature and the judiciary to keep up with the changes. It wasnt too long ago where electronic identify theft wasnt really seen as a problem and now most states have specific laws on targetting this.
Of course, one can argue "well laws are already in place for x or y" but that is a half-truth at best. Many wiretap laws and false identification laws are worded in a specific way which gives the offender an unfair advantage. Telephone based wiretap laws do not protect people from sniffers (usually). Its also easy to imagine a lot of people screaming "We already have these laws for the telegraph" or somesuch when these laws were proposed. They fail to realize the fundamental difference between these technologies and their expliots.
Now, this case does involve a minor, which of course leaves the DA to opportunity to try him as such. It also leaves the jury the option to give a low sentance if they believe the defendant is worthy of it. This is a built-in checks and balance system to help control over-zealous prosecutors. In fact, a jury has no legal obligation to obey the law and can use a method called jury nullification to toss out the case on the premise that the law is unfair in itself.
The "wild west" mentality of information technology has to fold as more and more vital and important things are trusted to computers, networks, etc. The "hackers ethic" from the 70's and 80's certainly does not apply when we have people putting their lives on their computers, be it all the financial transactions, bank passwords, or even baby pictures. In short, the stakes have been raise by quite a bit and sending violators to county jail or even state prison cannot be dismissed out of hand as being a dystopian ideal.
A misdemeanor, frankly, for information theft and sale-of isnt that bad. Many computer crimes are felonies and personally I think the use of keyloggers should automatically be a felony as they void encryption schemes are are promiscious, thus unable to tell the difference between homework answers and bank passwords or pgp passphrases.
I would also like to see the hardware keylogger made illegal to sell, transport, or posses. And I would love to see a user's "bill of rights" which protects them from these threats wherever they originate, be it from the kid in some class or from the government doing something unethical without a warrant.
You reap what you sow (Score:5, Insightful)
Computers ought to remain in "computer labs" and perhaps on the desks for specialized "computer classes", but they definitely don't belong anywhere else.
Creative usage of computers for teaching is a copout on the kids. By removing the teacher/student relationship and replacing it with an inanimate object, the kids lose out on a great deal of education. This is why home-schooled kids typically do better in college than "computer schooled" kids do.
Is it any surprise that the more technology becomes a part of these kids' educations, the more likely it is that the bad apples are going to find ways to exploit the system?
Re:You reap what you sow (Score:5, Interesting)
Re:You reap what you sow (Score:5, Insightful)
Re:You reap what you sow (Score:4, Interesting)
In educational deals like this, remember that the cost for each iBook is somewhere between $275 and $500. School systems get great bang for the buck with technology grants and the like -- they aren't even necessarily tax payer funded.
Re:You reap what you sow (Score:2, Interesting)
I would rather t
Re:You reap what you sow (Score:5, Insightful)
I went to a high school that spent several million on thier sports program each year, but would have run of the mill computers around and not keep them up to date. They ran the very first version of Windows 95 (the one where you could close the start button) until late 1998 when I graduated. 2 years later, I visited the school and found they where using the same OS - couldn't believe it. But oh my, the parents would scream if they let the football program slip a little...
Re:learning with laptops (Score:5, Interesting)
Apparently, the plan was that giving kids computers and having them use them in class would lead to instant learning.
I will say that we did learn a lot. I learned how to pierce firewalls, how to tunnel traffic through firewalls, and how to spend my days downloading MP3s and chatting with classmates rather than listening to lectures.
The teachers, for their part, learned to tell us to keep the laptops in their bags. They also learned that there are about eight million things you can do with a chalkboard that you can't do with PowerPoint, and that the things you can do on both take less effort on a blackboard if you take the time to prepare a set of real lecture notes. They learned that there are a lot of things you can do with textbooks that you can't do with webpages, and they learned that if you let kids use webpages as sources for papers, you're going to get a lot of really crappy papers. They learned that it's impossible for the students to take good notes on a laptop from the moment the lectures start involving diagrams, and it's never possible to take good notes on a laptop in a math class. They learned that there are 8,542 ways to break a laptop, and a pack of 64 students are perfectly capable of finding all of them in less than two weeks.
All in all, they learned that putting a computer on every desk makes about as much sense as putting a TV on every desk.
Re:You reap what you sow (Score:2)
Ace school system you have there...
Re:You reap what you sow (Score:3, Insightful)
Even if the computers are not used for teaching, they are used for grades. This by far speeds the process of getting grades back to the kids. It also has led to
PowerPoint! (Score:2)
Re:You reap what you sow (Score:2, Insightful)
I agree that education should not degenerate to the point where kids are plugged into them all day (like the clones in Star Wars Episode II). However, computers can (and should) be used to complement the teacher's lesson plan and to allow the teacher to spend less time on busy work (manually grading papers, etc.) and more time interacting with the students.
As for abuses of technology, kids ha
Re:Hm (Score:2, Insightful)
Re:You reap what you sow (Score:5, Insightful)
Computers are misused by many teachers. I work for a school and my job is to make sure teachers understand how to use their computers, and when and why.
Homeschooled kids will do better. One of the reasons is that a homeschooled kid isn't competing with 29 other kids for the teacher's attention. Sometimes a computer can give a student instant feedback that is just not otherwise possible with the size of current classrooms.
Computers in the classroom allow teachers to present information in different ways, 3-D modeling, conferencing, visualizing abstract concepts, etc.
Federal law states that by the end of 8th grade that a student should be computer literate. There are many research skills that are necessary to understand on the computer. When was the last time you saw a card catalog that was not on a computer?
And how is a school district going to keep track of all of their attendance, discipline issues, etc, without a computer in the classroom? Districts are becoming more efficient and saving money by using programs to enter and track student information including grades and attendance. How would this happen without a classroom computer? And are you suggesting that every teacher should be forced to handwrite every assignment and test they give to the student? Where are they going to type it up without a classroom computer?
Technology is just a word for the tools we use. Tools are not evil, they are not detrimental just for existing. Isn't it more true that the problem is that students aren't using how or when to use the correct tools? Do I understand that you are stating that computers should be used for computer classes but not used to enhance the core curriculum? What a waste of time and money to teach a kid to use a computer if you don't believe computers are beneficial.
Re:You reap what you sow (Score:3, Interesting)
Re:You reap what you sow (Score:4, Interesting)
For example, imagine in a calculus class that is very large that students are working a problem out on a touch screen tablet PC. A teacher could work more efficiently if she could have an interactive terminal session and show where in the problem solving the student went wrong or give hints. Instead of having to walk back and forth to each student, the teacher could quickly jump back and forth from screen to screen from their desk. Sounds dumb until you realize that the teacher would have more energy throughout the day to help students better.
There could be many more examples, this is just one. Jsut because you lack the foresight to see how computers in the classroom could be good doesn't mean they couldn't be.
Re:You reap what you sow (Score:3, Interesting)
Re:You reap what you sow (Score:3, Insightful)
Whatever happened to actually studying and learning something? We've always had these "bad apples" who would rather cheat than learn, and the computers certainly do make things more interesting, but the real question is, why are these people more inclined to cheat their way through school, and what can be done to solve the underlying
Hello Oversight? (Score:2, Insightful)
Re:Hello Oversight? (Score:2, Informative)
Re:Hello Oversight? (Score:2)
It's really quite simple (Score:3, Informative)
You can get them at sites like this [staticusers.net] and this [keyghost.com].
I've never heard of USB keystroke loggers however (probably because the information transfered between USB keyboards is in an arbitrary format), so any computer using a USB keyboard (modern Macs only have USB keyboards) should be safe.
Finally, the method of data retrieval is also fairly simple. Simp
Re:It's really quite simple (Score:5, Informative)
I wish I had thought of this (Score:3, Funny)
Don't wanna go to jail.
But it would have been handy in several classes last semester.
But I did recently discover the admin password for the network, by looking at the only 5 worn keys on the server's keyboard ^_^
Re:I wish I had thought of this (Score:2)
Is it just me (Score:2)
What kind of idiot... (Score:5, Insightful)
Seriously. Did he think that the teacher wouldn't notice a DONGLE that was added to the computer?
Please. At least use a trojan-type keylogger, or something even slightly covert.
Re:What kind of idiot... (Score:5, Interesting)
Interesting... (Score:2)
Re:What kind of idiot... (Score:3, Informative)
RTFA. The teacher didn't notice. The kid confessed when they found him selling the exams.
No, seriously (Score:5, Insightful)
When you get down to it, most people won't notice for a long time. My computer is even exposed, and I walk past the back of it every time I go to sit down and use it, and I have to admit, it'd probably escape my notice unless I was doing some maintenance. I simply don't look closely at the cables regularly, no reason to, and a casual glance wouldn't register a small difference in the bunch that comes out the back.
It's quite effective, on PS/2 computers at least. Main problem is decyphering the data later, since all you get is keystrokes, in the order they came in. IF it's someone who multitasks ans switches apps a lot with the mouse, or does lots of mouse cut n' paste, you can get a real jumble that's hard to understand. However for a username/password combo, usually easy to find.
paper and pencil (Score:5, Funny)
Greedy (Score:2, Interesting)
--
Free iPod? Try a free Mac Mini [freeminimacs.com]
Wired article as proof [wired.com]
Of course, they could stay with computers (Score:5, Insightful)
Remove the computer (with the tests) to somewhere that only teachers' can go, and you'll mostly eliminate the problem, without resorting to pen and paper.
Calm down (Score:4, Insightful)
Re:Calm down (Score:2, Interesting)
Re:Calm down (Score:4, Insightful)
Computer crimes are elevated well beyond reason by a public afraid of the boggyman that technology represents to a luddite populace. We've been throwing people in jail for decades, whether it's a "phreaker" who can whistle a 2600hz "red box" tone back in the days of Ma Bell or a social recluse that demonstrates a flaw in a school computer security system only to face "justice" far harsher than hardened shoplifters or even carjackers might face -- all in the name of setting an example to legions of pasty youth who might wreak havoc on the Internet and by extension a number of normal people by their exploits.
My suggestion is to drop all computer laws until they can be evaluated by competent unbiased professionals in computer science for logic and reprecussion. Things have gotten out of hand.
Re:Calm down (Score:5, Insightful)
Jail time would be overkill. (Score:4, Insightful)
Re:Calm down (Score:3, Insightful)
You also have to remember (Score:4, Informative)
In the case of a misdemeanor carrying this little time, it's highly likely the kid will get probation, or a suspended sentence, plus some community service. Means that provided he keeps his nose clean for a few months after this and does what the court tells him, he'll be fine. Being he's a minor, it'll all go away at 18 also, the record will be expunged or sealed.
That's something people often forget when quoting sentences, it's the max being quoted, not the normal or minimum. Even minor crimes generally have a highish maximum, in relation to the crime, to deal with repeat or flagrant offendors. If this kid tries it again, clearly didn't learn his lesson, and perhaps some jail time is in order. However for misdemeanors, it's rare to see more tham a small amount of jail time, and often none.
Remember: a misdemeanor is a rather minor crime. Even as an adult, it doesn't cause you much trouble. It doesn't stick with you like a felony (employers can generally only ask about felony records) and prevent you from getting a job, owning a gun, etc. If it's a first time thing, espically for lesser ones, it's generally a slap on the wrist.
It's real different than felony computer crime, which is more serious. Also felonies quite often mandidate minimum jail time. There's a little more room to be concerned there.
Here, sounds like justice is being served. This kid broke the law, make no mistake. It is NOT legal to go and record keystrokes or otherwise take data off a computer you don't own, any more than it's legal to break in to a house that's not yours.
In this case, it's more akin to taking and copying a key. Just because you get a hold of my keyring and successfully make a copy of my key, does not give you permission to get yourself into what that key accesses. Likewise, jsut because you find out my password, doesn't give you the right to access my computer. Both are methods for securing something, indicating unauthorized access is forbidden and you need permission. Copying/stealing the key isn't permission.
So the kid broke the law. However, no real harm was caused and it's not a big deal. So he's being charged with a minor crime, and will get a small sentence. He keeps his nose clean, in 2 years they'll be no legal record of it, and likely nobody will know he did it. However, if he does it again, maybe he gets a couple months in jail to consider where the path he's choosing leads him.
To me, it sounds like justice being served as it should.
My rights online? WTF? (Score:5, Insightful)
This isn't some poor misguided kid who got thrown in jail because the "lab monitor" saw him using "that Linux hacking tool" on the school Windows machines. Nor is it some grey-hat hacker pushing boundaries. When you actively go and install a keystroke monitor on a machine that is not yours, you're out to get information that you shouldn't have, period. It's totally premeditated, too - it's not like he was poking around in /tmp and found a MS Word auto-save backup file with the answer key in it, or was rummaging around in the trash can because he dropped his retainer and found the answer key - he deliberately went and got a keystroke logger and put it on the machine. There's no possible way to spin this as an innocent kid getting screwed.
Re:My rights online? WTF? (Score:5, Insightful)
Re:Nice strawman. (Score:3, Insightful)
The law distinguishes between violent and non-violent crime.
The question is, what is the non-technological equivalent of what he's done, and what are the consequences for it?
god, what is this... (Score:2)
Kuro5hin seems just as bad nowadays, too.
dumb kid (Score:2)
Hopefully he learns his lesson.
If you're going to break the rules/law DON'T TELL ANYONE ABOUT IT EVER!
Amazing! (Score:5, Funny)
Diabolical technique! Who would have thought!
I've done this before... (Score:5, Funny)
Only a misdemeanor? (Score:4, Interesting)
Damn it (Score:5, Funny)
The way we learn now (Score:2)
That this kind of cheating is so prevalent as to drive the GRE board back to humble graphite and tree pulp can only mean that the once noble relation of student and teacher has degenerated into adversity, and the institution of the examination, once seen as a test to be passed honorably and as a way of betterment of the self, is now seen as nothing but an inconvenient obstac
So? (Score:3, Interesting)
Re:So? (Score:3, Insightful)
Bad kid. No cookie. (Score:3, Insightful)
Yes, he *could* have done that. The article, though, seems pretty clear it was just about the tests. Shouldn't the punishment fit the crime? Does potentially sending a kid to jail and giving him a huge fine fit the crime of trying to cheat on a couple tests in school?
I'm sure there's going to be many claims of "but he could have done more!" Except, by all accounts, he didn't do more. So.. I don't understand the idea of having extensive punishment for something he *could* have done if he had just been a smarter or more patient criminal. This is about as serious as finding a copy of the answer sheet sitting on the desk and copying it down while the teacher is busy somewhere else, isn't it? Isn't that the crime that was alleged and admitted to? Would a kid get charged with "breach of teacher's desk, a class B misdemeanor" in that case these days?
Maybe school has just changed a lot from when I was there. Scary world we live in.
Happens all the time (Score:5, Interesting)
I'm sure I found keystroke loggers on a few lab machines. Reimage time.
VNC made it on to the master image. Discovered it as midterm marks were being inputted on the same machines. Of course, there is a paper verification, but still, I had 4 labs of compromised machines with no trusted image.
Caught a student once logging into a teacher area while reviewing the logs. How? He used his own user id, in a place where students don't have access. Instant visit to the administration and a suspension. I had no problem with keeping him locked out for the rest of the year, but I was overruled. Obviously not the brightest... use someone else's account!
Students loved creating shortcuts to the C drive. My daily "shortcut scan" took care of those. 24 hour lockout.
The IT department was either overworked/underpaid, or not actively monitoring things. Students downloaded fun things like kazaa, morpheus, winmx, etc plus associated spyware (before I knew what it was). Yet the board firewall blocked outgoing ssh, so I couldn't update the school's web site from within the building.
Image was broken so students couldn't change their password. So, they wrote down their user id's and assigned alpha-numeric passwords. Of course, that left no accountability ("I didn't download that!")
Teachers were also a part of the problem. I immediately forced everyone's password to expire when I discovered the security problem. I had to reset half of them to "password" with the "do not expire password" flag. No matter how many times I explained why they needed a secure password (it only takes one teacher password to compromise ALL the marks, for example).
I also would have liked to set better lockout policies, including a 1 concurrent login policy. Teachers tended to let students share accounts, instead of sending them to me for a password reset. In some cases, students were already locked out for violations, and the teachers let them "borrow" another student's account!
I had control of my own machine, and I had a group policy denying all student logins on it. I wish I could have set it on the teacher workstations though. I didn't trust some of the teachers to not let students log in on those machines. 1 logger and we're back to the beginning.
One of the IT people said it best. The average demographic of a hacker is a 14-18 year old male. That described half of my students.
Re:Happens all the time (Score:4, Insightful)
You serve the teachers, and you serve the students. You are support for them, not the ruler of your own private kingdom. You apparently aren't even competent enough to keep people from installing software on your systems, but instead of fixing the problem, you just kill the messenger.
Stupid... but (Score:3, Interesting)
While what this kid did was stupid, the fact remains that he is, a kid. Based on the tone of the article, it seems that he is being charged as an adult. You may argue that he had full comprehension of his actions when he did it, but, if you want to charge him as an adult, then we should afford him all of the benefits of adulthood, including voting, but I digress.
I was a total ass and thought I could get away with a lot when I was still in high school. I know that I was wrong, but it's not something I realized at the time. Think what would have happened to you if you were a) caught, and b) charged as an adult for the goofy things you did when you were in high school.
Confessions of a former punk kid... (Score:3, Interesting)
When I was in Jr. High, my school got a grant or a donation or something, and ended up getting a computer in every classroom - a Mac (the iMac before the iMac... PPC 603-based all-in-one performa thingy)
It was my joy at the time, to collect Mac viruses. I would infect a copy of TextEdit or something, put it on a disk, and then clean my system. I knew what most of these viruses did, due to the virus program detecting them...
There was one in particular that was a piece of MDEF resource code, it made it so when you clicked a menu in any program, it would only pull-down like half the time, and when it did, the menu was blank -- you had to scroll your mouse over the items to make them show up. It was annoying, but most people just continued to use their system. It would spread to any other running apps, so it didn't take long for this to infect several computers on the campus. I never confessed to it, just quietly enjoyed making a bad week for the resident computer-dude.
A friend and I also used a program called DisEase to circumvent At-Ease (Apple's old restricted launch environment) in the computer labs. Once breaking in, a copy of the "Finder" file was created, and altered with ResEdit to change its file type to an application. This way, when it was discovered that we were getting through the system by running nasty applications from our own media, and that feature was disabled, we were still able to open documents with the CREATOR attribute set to our finder-application, and viola, full access to the system. System 7 was fun.
And who can forget my first programming experience: writing the following program and running it simultaniously on every Apple ][ system in the library, and leaving. Oh the poor librarian....
10 FOR I = 1 TO 1000
20 PRINT
30 NEXT I
40 PRINT "^G HACK THE PLANET!"
50 GOTO 40
It took a while for those slow computers to iterate 1000 times, which gave us time to make our get-away. Then they'd all go on infinte loop of childish messages accompanied by a system bell/beep.
Never did much in High School, as I had no laptop to run a sniffer when the counselor telnetted into the scheduling system to change my classes. I had the knowledge, and the intent, but lacked the means. Oh what a senior prank that could have been!
Keylogging? Nah USB Drive (Score:3, Interesting)
So I was sitting in my self study class while the teacher taught regular Physics. I asked a question and he reffered me to his computer. I'm thinking ok, there must be some sort of helpful software.
He then preceded to open some folders and boom, a
He never found out, and I never did homework again. I looked for tests but they were all outdated. I did manage to find house and phone numbes of a class that graduated 2 years before me. Dunno why he had that one.
jail (Score:3, Insightful)
Jail is a prison for the body, compulsory education a prison for the mind. Given a choice between the two, I'll take jail any day. The student was more then justified in his actions. Most schools have extensive monitoring of students including the use of security cameras, random "drug" searches, and varous other methods of privacy invasion(a friend of mine who was kicked out of HS for subverting network security showed me a web accessable section of the school lan...(this was the best funded public school in the state) they had a secret searchable database that contained a psychological profile of every student along with standard information: age, grades, ssn, address). If you dare attempt to transcend the passive role assigned to you; if you even look like your going to help other students learn about history (you must be an anarchaist), chemestry (you will be accused of making bombs and drugs) or computer science (you'r a hacker), you will be interogated or expelled. Public education is a system that imposes ignorance on those too young and therefore too curious and independent minded to be good workers. It breaks them down to either drug induced apathy, or complacent submission. If we are ever to have a population with some conception of how technology, society, and self function, we must destroy the high schools. A just, equitable, and sustainable society cannot be built when our fellow citizens are subject to the forced indoctronation of dogmatic bullshit like nationalism and religion. Both public and parocial high schools are amoung the most destructive forces facing creativity, intellectual development, and society itself.
How to avoid this - if you're truly paranoid (Score:3, Informative)
This only works for GUIs, I'm afraid. It's important to use the *mouse* for cursor positioning, not the keyboard, as described below.
The basic approach is this: When you type in a username and/or password, don't type the username and password straight in. Instead, swap betwen the two fields, don't enter the characters in order. You will have to position the cursor where appropriate. For example:
Click on the password field, and enter the 4th letter of your password. Then click on the username field, and enter the last letter of the username. Then click at the front of the field and enter the second character. Then back to the password, and enter the first character. Etc etc. Even if you only do this for a few characters, it will help security immensely.
At the end, the keystroke logger will have collected all the characters in your username, but any spy will have a nice anagram to reconstruct.
The truly paranoid can add extra characters early in the process, and then overtype them later on. This is particularly useful if the selection is done by the mouse and not the keyboard - the spy wil have no chance of reconstructing the password if some of the captured kestrokes aren't even part of the final password.
A simpler method is to stop typing the password partway through, click on another app (don't use alt-tab or another keyboard shortcut; the logger will capture this) and press a few keys, then return to the browser/whatever and complete the password.
Back in high school... (Score:5, Interesting)
Eventually I became the de-facto admin for that entire lab. During my required study period he would give me a pass to hang out in his lab--sometimes even when other classes were in there. Talk about heaven. I had the run of a computer lab that was networked. It was like being a king.
Around my junior year or so, they replaced the computers in the lab (aging 386/486 era machines with DOS, mostly) with shiny new Pentiums running Windows. For a few months they were basically just open and normal Windows machines. I think they even had Internet access. This was, of course, a total disaster. The net was new, then. People didn't have it at home. They downloaded anything and everything. Porn, viruses, music, etc.
The result was a *cough* admin *cough* who ended up being the room almost everyday for awhile. He would spend his time poking around in control panels and "fixing" the computers. Eventually be must have gotten sick of that because they hired a local consulting company to come in to secure them all. Pretty soon the whole place was all passworded up with all these layers of cheap third party locks, etc.
I broke all of them--with full (unofficial) support of the teacher who taught in the room. They had tried to lock the systems down so much that half his programs wouldn't work right anymore. He had endless problems with students just trying to save their completed CAD drawings. I made a lot of those problems go away by circumventing the security, showing him how, and then giving him pointers to try to minimize the visibility of the hole so that other kids and the admin dude wouldn't find it. Not perfect, but it helped.
After some time of this the teacher pulled me aside one day and tells me in a reasonably loud-so-that-others-near-by-can-hear voice that I need to be careful because Mr. Admin is getting pissed that someone keeps getting into his system and he's going to try for suspension of that person when he is caught. Of course nearly every one of his students knew it was me--but they weren't talking. I had helped them all out of jams at some point or other. So after doing the public speech, he later pulls me aside in private and says, "Hey, keep doing what you're doing. I'll make sure they don't do anything to you. Those bastards are making my life such a living hell and they won't listen to my needs that I've given up trying to deal with them. You at least make it possible for me to teach my classes."
So of course after the next round of "security upgrades" I was once again on the job. Eventually I figured the way into the system and changed all the screen savers to be the marquee one and had it read, "Ha ha! I got in Mr. Security Guy!" Hoo boy did the shit hit the fan. I was shielded from it, but the teacher just loved it. The admin dude was pissed. The consulting guy was there almost everyday for like 2 weeks. My teacher would just smile and nod. Eventually they locked it down pretty heavily, but by this point I was a senior and I was graduating early and was out of there.
Those were some good times. Seriously, though, I swear that in this day and age I'd be arrested for information terrorism or some such bullshit. Sure, I made life somewhat difficult for an admin or two, but they brought a lot of it on themselves. They had tried to lock the computers down so much so as to make them almost useless as a teaching tool. And of course Windows itself was so prone to holes, viruses, and other crap that it only made the problem worse. I sure did learn a lot, though. After all, isn't that what school is supposed to be for?
Here we go! (Score:5, Insightful)
Teacher = you (Score:5, Insightful)
Re:Teacher = you (Score:4, Insightful)
first 99.9% of all these kiddies are confused when their scripts or "hack pak" does not work on that non-windows machine. secondly a hardware logger does not work on a laptop.
Schools usually have no IT department and what they have is usually a teacher doing it part time or someone who is horribly inadoquate because the school refuses to hire someone that is qualified by making the salary liveable (I checked out school IT positions before, you get incompetent boobs if you only pay $29,500 a year...)
Yes there are exceptions, some school boards understand that hiring and keeping decently paid IT professionals is important, but those are extremely rare.
The Kids in school have much higher knowlege of the computers than the entire staff put together, It's an arms race that the schools will continue to lose until the boards pull their heads out of their asses and hire competent IT professionals at wage levels that ATTRACT competent IT professionals.
Re: (Score:3, Interesting)
Re: Happens so often the charge is ridiculous! (Score:5, Insightful)
I disagree. People seem to think that commiting crimes on a computer is somehow "not as bad" as the normal physical crimes of theft, tresspassing, etc. People need to be taught at a young age that doing things like putting a keystroke logger on a teachers computer is a real crime and not just harmless fun.
If that kid gets a job in an office and throws a keylogger on his bosses computer he will get into some real trouble and rightfully so. They need to learn early on that this kind of behaviour is unnacceptable.
But this is slashdot so I expect a bunch of replys saying that it is not the kids fault but it is the schools fault for not securing their computers.
Re: Happens so often the charge is ridiculous! (Score:3, Insightful)
Excuse me? I'll agree that computer crimes aren't "harmless fun", but do you actually think any computer crime is as serious as assault, rape, or murder? If you do, you have some seriously screwed-up v
Re:I did this 6 years ago in Middle School! (Score:2)
Re:I did this 6 years ago in Middle School! (Score:3, Interesting)
Actually, I used it to install Escape Velocity on the computers, with my friends and I having custom ships as NPCs (they did have games on them already). Some of the teachers even knew that I somehow was getting around secur
Re:Responsibilty (Score:5, Insightful)
A Class B misdemeanor. Maximum punishment of $2000 and 180 days in jail. When ever there is a crime reported in the news, they always list the maximim possible punishment. Makes it sound much worse.
How much you wanna bet he gets a fine and community service? Not all judges automatically give out the max punishment, especially for a first time HS kid offender, and especially for a crime where there was no physical harm or actual property/monetary theft
I did it in Elementary school. (Score:5, Interesting)
I remember my teacher asking the whole class for a show of hands, "who knew that this was going on?" and over half the class raised their hands. Anyway, goes to show, you can only trust yourself. Or, maybe, perform better network security so 11 year olds aren't able to bring it down.
I note that I haven't kept up my deviant ways, in fact, I haven't kept up my computer ways, I've only got university Programming I, which is to say I don't have anything.
Yeah, same here (Score:5, Interesting)
Yeah, very similar stories here... Got to "high school" aged 13 (weird school system where I grew up), and within a year a friend and I had admin accounts on the RM Nimbus (RMNet) Win3.1 network. Within another six months we were actually maintaining the network, (after we watched the "Head of IT" sit and stare at an autoexec.bat file for over half an hour, then solved the problem for him in thirty seconds from another terminal). Eventually we were just solving problems before the IT guy even noticed them (all, of course, unofficially - the Powers That Be would have had the screaming hairy ab-dabs at the thought of the access we had, and did, whenever they found out).
Highlights included:
The Head of IT had a deal with RMNet (the Nimbus ISP that offered cheap rates to educational insitutions) - in return for cheap hosting, he had to look for and report any porn sites he could access so they could be added to the blacklist (still a bit suspicious about that...).
Anyway, the Head of IT used to sit on the only machine with a modem (for hour or two every morning before school), surfing for porn/credit card/warez sites sites, recording the URLs and reporting them to RMNet. The only problem was... he'd never heard of a browser cache.
We actually had friends who'd come in at lunchtime, copy the cache full of porn onto disk and sell it to the other kids for a couple of pounds a time.
Re:in high school... (Score:5, Funny)
I never stole tests or anything of the sort. However, I did have fun when the final project came around. While everyone was writing little text games or whatnot, I wrote this full-featured graphical demo. One of the scenes in the demo was a stereogram generator. The hidden image in the stereogram was the teacher's administrator login and password.
Re:in high school... (Score:4, Interesting)
I suppose it's for the best, I would have been bored and slacked off in the class anyway.
As it was, I discovered how to get the computer to allocate me raw memory without zeroing it out first, so I would print off giant sections of raw data, take them home and look for login IDs and the strings that inevitably followed them. Got lots of regular logins and even a few admin logins that way.
Re:Computer Security (Score:4, Insightful)
Ummm, what? I don't think you understand how these things work - it's basically some flash memory and a microcontroller. All the thing does is record the keystrokes that it receives and passes them along to the computer - it's totally OS-independent. There's no way to "lock down" the OS to prevent something like this from being installed, as it neither needs nor uses any resources on the host computer. The only way to prevent it is to prevent physical access.
Re:Would a TCPA PC with Linux block SW keyloggers? (Score:3, Informative)