Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Courts Government Portables (Apple) Security News

Kutztown Students get Felony Charges 825

gone6713 writes "The 13 students from Pennsylvania who were accused of hacking the iBooks provided to them by the school (Slashdot had a previous story on them back in June) have offically been charged. It seems that the admin passwords were taped to the back of the iBooks!"
This discussion has been archived. No new comments can be posted.

Kutztown Students get Felony Charges

Comments Filter:
  • Human error (Score:5, Insightful)

    by bigwavejas ( 678602 ) * on Saturday August 20, 2005 @10:28AM (#13361808) Journal
    "It seems that the admin passwords were taped to the back of the iBooks!"

    You know, I'm really not surprised to hear this. Despite all the precautions companies/ institutions take, it's typically human negligence or social engineering that leads to many compromises. While doing a spot check of security at work, I was surprised to find many employees had taped their passwords to the bottom of their keyboard or mouse.

    Rule#1 make sure your users (employees, admins, etc) understand the importance of confidentiality.

    • Re:Human error (Score:5, Insightful)

      by TykeClone ( 668449 ) * <TykeClone@gmail.com> on Saturday August 20, 2005 @10:34AM (#13361832) Homepage Journal
      Rule #2 - have a sane password policy

      Forcing people to have different passwords for different systems that change on different timetables is just asking for them to break Rule #1.

      • Re:Human error (Score:4, Insightful)

        by Freexe ( 717562 ) <serrkr@tznvy.pbz> on Saturday August 20, 2005 @11:36AM (#13362200) Homepage
        Why do people write down the real password?

        I have to change my passwprd once a month and I always write down a password hint

        So if my password was 'omg_this_is_hard_password!' i would write down 'you will never guess this months password, it's hard!' and that would be enough for me to remember

        • Re:Human error (Score:3, Informative)

          by Urchlay ( 518024 )
          So if my password was 'omg_this_is_hard_password!' i would write down 'you will never guess this months password, it's hard!' and that would be enough for me to remember

          But what would you write down if it were "k%XFl3n]" or something equally impossible to remember? Sometimes they're machine-generated and you don't get a choice...

        • Re:Human error (Score:3, Informative)

          by Herkum01 ( 592704 )
          Because it does not work when you have 10 or 20 different systems that get changed at different times and some you do not use regularly.

          There were times I had not accessed a system for over 30 days and then when I need to get in the account was locked.

          If you have only one account, no big deal but it is overwhelming when you a number of accounts and you cannot keep up.
          • Re:Human error (Score:3, Interesting)

            by arminw ( 717974 )
            ....Because it does not work when you have 10 or 20 different systems...

            Computers are much better at remembering stuff like passwords than most of us. Let the computer remember all your passwords in an encrypted password file. Then all you have to remember the ONE very good password that unlocks that file. Macs come with a nifty thing called keychain, where all password are stored. Many Internet sites and other servers get the password from the keychain automatically if it is already unlocked. The default i
        • Re:Human error (Score:5, Interesting)

          by Jah-Wren Ryel ( 80510 ) on Saturday August 20, 2005 @01:49PM (#13362950)
          Why do people write down the real password?

          Because no one ever suggested otherwise!

          Seriously, the biggest part of "having a sane password police" is to TEACH THE USERS BEST PRACTICES.

          Everywhere I've worked, and I've worked at a lot of places since I've been contracting since the early days of the internet bubble, there has been zero user education about passwords.

          Typically the IT department comes up with some rules and they think their responsibility stops there. Since they never bother to teach their users the best way to follow the password rules, it is no surprise that the users come up with all kinds of cockamamie schemes.

          These people aren't computer security experts, they are just regular schmoes who want to get their work done wit h the last amount of hassle. They've never had to think deeply about password security, so of course most of them never will on their own. They will take the path of least resistance to getting their work done and writing their password down in an easy to find place is very low resistance.

          Teaching them smart and effective password techniques is one of the surest ways to improve security that there is.
        • by Seumas ( 6865 ) *
          I have to change my passwprd once a month

          You think you have it bad?!

          I have to piss into a cup and pour it into a biometric reader next to my thin-client to get access in the morning. Sometimes if I splash too much, I end up spreading pee germs all over the keyboard - and all the other hardware in the office. I think it's all just a scam by my employer to gather plentiful urine for operating the urine batteries they're sure to start including in their bulky laptops.

          Too bad they didn't use sperm biometric tes
    • Some time ago, I made the stupid mistake of purchasing one of these legal packets of policies and legal documents to get your business going. It was all boilerplate, of course, but I decided that I could not trust the quality of the packet after reading the computer security policy provided.

      This policy stipulated that passwords were only to be changed by the MIS department, and that all password requests must go through them. I have no idea what the writer (probably a second-rate lawyer) was thinking here
      • This policy stipulated that passwords were only to be changed by the MIS department, and that all password requests must go through them.

        Under most circumstances that is actually a very wise policy. Many products, MS Windows Terminal Services among others, do not allow the admin to access the user account without his password. That is you can get at the files but not actually log-in as that user to diagnose problems. Some other products require out-of warranty service depot excercise to reset their passwor

        • Re:Additionally (Score:3, Insightful)

          by einhverfr ( 238914 )
          Many products, MS Windows Terminal Services among others, do not allow the admin to access the user account without his password.

          If software requires that the admin knows the user's password to do basic administration, then you need to consider alternative technologies.
          • Re:Additionally (Score:3, Interesting)

            by blincoln ( 592401 )
            If software requires that the admin knows the user's password to do basic administration, then you need to consider alternative technologies.

            I can see both sides of this issue.

            The reason Windows doesn't allow superusers to su to other accounts without their password is for accountability. It's a lot harder to notice a rogue admin reading and modifying files of execs when he/she can do it without knowing their password.

            There are ways around the restriction in terms of necessary administration. If someone is
            • Anyway, that was kind of a ramble, but my point is that it's a philosophical difference. Windows is designed in most ways to be Nerfed so that you don't shoot your eye out, and most of your admins don't know how to access restricted information without leaving a trail.

              The only thing it achieves is to make pointy-haired cretin bosses warm and fuzzy and the admin's life miserable. Keyloggers, fancy stealth rootkits etc etc. If a competent admin goes "rouge" watch out. Windows is a system by idiots for idiots


        • This policy stipulated that passwords were only to be changed by the MIS department, and that all password requests must go through them.


          Under most circumstances that is actually a very wise policy. Many products, MS Windows Terminal Services among others, do not allow the admin to access the user account without his password.

          Requiring the admins to know the user password is NOT a wise policy. That policy mixes authentication and authorization. If two people need to know the password to an account to do som

    • Re:Human error (Score:5, Informative)

      by Heian-794 ( 834234 ) on Saturday August 20, 2005 @10:36AM (#13361846) Homepage
      Visit www.cutusabreak.org

      The kids are protesting and even selling T-shirts.

      A *felony* for something that, for any non-police-state-oriented mind, should result in reduced computer privileges? Outrageous.
    • Re:Human error (Score:5, Interesting)

      by aussersterne ( 212916 ) on Saturday August 20, 2005 @10:46AM (#13361915) Homepage
      Having attended and later worked in an American high school where the mentality was definitely one of suspicion and enforcement (ala prison) rather than education, I'd suspect that these passwords were taped there on purpose to try to catch and then be able to endict nonconforming students, who, the thread of thought would go, are the same ones likely to create disciplinary problems through the introduction of unrest and disobedience.
    • Re:Human error (Score:5, Interesting)

      by ZX81 ( 105194 ) on Saturday August 20, 2005 @11:02AM (#13362021) Homepage
      Or you could just call and complain:

      http://www.cutusabreak.org/Pages/policeletter.html [cutusabreak.org]

      Hmmmm can just see the police switchboard getting slashdotted now! :D
    • Re:Human error (Score:5, Informative)

      by monkeydo ( 173558 ) on Saturday August 20, 2005 @11:28AM (#13362162) Homepage
      I'm really not surprised that you didn't RTFA, but if you had, you'd see that:

      "In addition, they're accused of using hacking tools to find the new admin password when it was changed from the password that was taped on the back of the machines."
  • by rune2 ( 547599 ) on Saturday August 20, 2005 @10:33AM (#13361827) Homepage
    That's like saying do not push the big red button!
    • by slughead ( 592713 ) on Saturday August 20, 2005 @10:36AM (#13361853) Homepage Journal
      That's like saying do not push the big red button!

      Stimpy: "What does it do?"
      Ren: "That's just it. No one knows! Maaaaaaaaaybe something good. Maaaaaaaaybe something bad. But we'll never know. Cuz you're going to guard it. You won't let anyone touch it, will you?!"
      • by RiffRafff ( 234408 ) on Saturday August 20, 2005 @11:40AM (#13362230) Homepage
        Oh, how long can trusty Cadet Stimpy hold out? How can he possibly resist the diabolical urge to push the button that could erase his very existence? Will his tortured mind give in to its uncontrollable desires?
        Can he resist the temptation to push the button that, even now, beckons him even closer? Will he succumb to the maddening urge to eradicate history? At the MERE...PUSH...of a SINGLE...BUTTON! The beeyootiful SHINY button! The jolly CANDY-LIKE button! Will he hold out, folks? CAN he hold out?
  • Taped? (Score:5, Insightful)

    by AdamReyher ( 862525 ) <adam@@@pylonhosting...com> on Saturday August 20, 2005 @10:33AM (#13361829) Homepage
    While the students should face some kind of consequences, in my opinion, the sheer stupidity puts this at the fault of those "victims" rather than the students.
    • Re:Taped? (Score:3, Insightful)

      by daniil ( 775990 )
      No, it does not. The students did it all of their own free will. Noone forced them to install and uninstall software, let alone hack these computers (and they did apparently hack them).
      • Re:Taped? (Score:4, Interesting)

        by AdamReyher ( 862525 ) <adam@@@pylonhosting...com> on Saturday August 20, 2005 @10:56AM (#13361980) Homepage
        And that's why I agree they should face consequences for their actions. Let's say someone goes to downtown Miami at 2 AM in the morning with their brand new BMW. They park it, walk away leaving the doors unlocked, and the car gets stolen 10 minutes later. Who actually did the stealing? The theives, of course. Should they be punished? Absolutly. But the person who owned the car easily enabled that to happen when he should have known that 1) He was in Miami, one of the highest crimerate cities in the nation, 2) at 2 AM in the morning, 3) With a $30k+ vehicle. His stupidity opened the door for the car to be stolen. Serves him right, in my opinion. Does that make the these kids guilty, though? Absolutly.
        • Re:Taped? (Score:4, Insightful)

          by canadian_right ( 410687 ) <alexander.russell@telus.net> on Saturday August 20, 2005 @11:18AM (#13362106) Homepage
          These are kids.

          In civilised countries kids who use a password TAPED to the computer have their computer privleges revoked, a lecture, and a meeting with their parents and the administration. They are NOT turned over to the police. In civilised countries the authorities know that children, even older teenagers, sometimes do stupid things and need more help and guidance than adults. When children screw up treating them as criminials just makes it more likely that they will become criminials.

          Many countries have (even some states in the USA) have programs for first time offenders that diverts them from the normal criminal law courts. The diversion usually involves an apology, restitution, and community work. 90% of first time offenders that are diverted this way never commit another crime.

          USA highschools, as reported in the media, are the most screwed up institutions on the planet. Scholastic achievment is punished, sports achievement is lauded, minor incidents are harshly punished. It is like some twisted Kaffkaesque prision.

          • Re:Taped? (Score:3, Insightful)

            by anagama ( 611277 )

            Not sure if it would be making better criminals, but someone needs to explain to these kids about booting in target disc mode. Get a firewire HD shell, preferably a laptop size, a HD, and a copy of Panther of ebay for $30. Then, when they want to do their evil and nefarious iChatting, they can simply reboot off the external HD. Circumvents everything, lets the kids explore (while not at school), and the school should be none the wiser for it.

            For about free, they could use an ubuntu live cd. Either way
      • Re:Taped? (Score:5, Interesting)

        by utlemming ( 654269 ) on Saturday August 20, 2005 @11:24AM (#13362134) Homepage
        Agreed. However, if you read their account on the website, some of the students that had been charged attempted to turn their laptops in, but the school gave it back and told them they had to use the laptops -- they even told the administration that the laptops were a temptation to misbehave, and asked that the administration take the laptops. Requiring the children to have a laptop, which the children admitted posed a temptation is tantamount to encouraging the progression of a problem. In any other element of society, if you attempt to surrender something because it posses a danger to you or to someone else, the organization will take it. If I go to the DMV or the Sherifs office and state that I feel that my driving is a danger, they will gladly take my license away. Or if I go to the doctor and tell him that a medicane I am taking I am gettting adicted to, then he will change it. The main thing that I see is that the students are being punished after attempting to give up the temptation, when the administration forced them to have the temptation. The way I see this is that some of the students were responsable enough to admit the problem, seek help, but were turned away -- that, in my mind, is an endorsement of failure. The students parents might be able to make a claim of criminal neglegence. If the students had said that they were going to commit another criminal activity, and did, then the school would hold liability for failing to take preventative steps if the school indeed failed to take such steps.

        Do the student's bear some of the responsability. Yes. It would assinine to say that they didn't. However, the school system should have taken the computer's security more seriously, and should have used stronger passwords, and should not have put them on the computers. When the problem was discovered, the school should have taken steps to provide new passwords, which are stronger and not publicly known. For students that had been disciplined for misbehaving on the computers, a more proactive steps should have been taken to make sure that future violations would be adverted.

        The other question that I have, is what education about the use of computers was implemented? Was there an AUP? And did the students understand what the implications of using the computers in that manner would mean. Second question, did the student's parents know that they were being interrogated under the threat of prosecution? If the parents of the children were not present or given the opportunity to be present and if the children were not given their rights, then any evidence collected would be inadmissable in court. The third question, is what point would prosecuting these children accomplish?
        • Re:Taped? (Score:5, Interesting)

          by bmo ( 77928 ) on Saturday August 20, 2005 @11:55AM (#13362350)
          The taping of the password to the backs of the machines is what I call an "Attractive Nuisance", in my not so humble opinion. Here's a sample definition:

          attractive nuisance doctrine

                  There is normally no particular care required of property owners to safeguard trespassers from harm, but an attractive nuisance is an exception. An attractive nuisance is any inherently hazardous object or condition of property that can be expected to attract children to investigate or play (for example, construction sites and discarded large appliances). The doctrine imposes upon the property owner either the duty to take precautions that are reasonable in light of the normal behavior of young children--a much higher degree of care than required toward adults--or the same care as that owed to "invitees"--a higher standard than required toward uninvited, casual visitors (licensees).

          http://insurance.cch.com/rupps/attractive-nuisance -doctrine.htm [cch.com]

          By taping the passwords to the backs of the machines, the school system had created an attractive nuisance, especially considering the "behaviour of normal children". This was like installing a pool, placing a sign saying "Don't Swim", REFUSING to put up a fence, and then disclaiming all responsibility when someone drowns (violates policy).

          The school administration in this case is a fucking waste of oxygen.

          --
          BMO
    • Re:Taped? (Score:2, Insightful)

      by Anonymous Coward
      yes, but the administrators of the school must save face. I don't think the kids are guilty of anything other than making the teachers and administrators look like fools. I blame lax security methods, but I think the worst crime committed by the involved school officials is underestimating the intelligence of the kids. Kids are just as smart, if not smarter, than we are; they just lack experience. Rather than screwing up the kids future, I'd fire the supervisor of the IT department. He/She is ultimatel
    • Agreed. Can you say "attractive nuisance?" I knew you could.
  • retardville (Score:2, Insightful)

    See? This label of "hacker" to students who can read the back of a book is what is going to get them convicted of something. This is just all-around completely absurd. It's like if I were to always leave my keys in the ignition of my car: plain stupid.
  • by Bayleaf ( 809062 ) on Saturday August 20, 2005 @10:35AM (#13361841)
    Where I work, I seem to get three levels of password security. The worst are the ones who write their password on a post-it note and stick it on the monitor. The second level are the ones who write it in a notepad and put it in their desk drawer. The really smart ones write it in a notepad and put that in their bottom drawer. Sometimes I wonder why I bother.
    • Re:Password security (Score:5, Interesting)

      by BattleTroll ( 561035 ) <battletroll2002@yahoo.com> on Saturday August 20, 2005 @11:56AM (#13362358)
      Then stop making me change my account passwords every 30 days! That is the most irritating, counter productive thing IT groups do with password management. Sure, make me type in garbage with no repeating characters. Sure, make the password 12 or more characters with at least 3 numbers. This I can accept. But once I type in a conforming password, don't ask me to change it!

      Our IT department just implemented this 30 day policy on all of the IT services. Unfortunately they don't have a shared password system so each of the 10 applications I need to do my job have different passwords. And of course these passwords all expire at different times.

      I never used to have to write down my passwords. I had one that worked for all my work-related services. But now I'm writing them all down. If someone happens to find it, it's not my problem.

      Foist this stupid scheme on people and of course they're going to write them down. Better that than forgetting a password and have yourself locked out of the system you need to do your job. Next you waste 20 minutes of the day waiting for the arrogant IT guy to reset it all the while listening to him complain about all the password resets they've done that day.

      So frustrating. What's the point when a little social engineering can get a password without too much trouble?
  • by dubiousx99 ( 857639 ) on Saturday August 20, 2005 @10:36AM (#13361845)
    If your going to charge the kids with felonies, then you should charge the IT administrators with aiding and abetting for leaving the password there.
  • by Satorian ( 902590 ) on Saturday August 20, 2005 @10:36AM (#13361850) Homepage
    Yup, just go ahead and charge them for curiousity and doing something perfectly natural.

    Make sure to slap the hungry monkey's wrist that sees a stick next to an ant hill. Does wonders for intellectual development on a macro- and microscale.

  • by rolfwind ( 528248 ) on Saturday August 20, 2005 @10:36AM (#13361851)
    Isn't it? To make example of certain people to buy the compliance of the rest of us (sheep)?

    Especially in highschools. Or maybe just PA (I live 20 minutes from Kutztown). I remember a girl getting treated like a drug dealer because she a)bought aspirin to the school and didn't hand it over to the school nurse (so that she could subsequently go back to the school nurse when it's time to take them - talk about being treated like a 5 year old) and b)giving one to her friends that had a headache.

    IIRC, she was kicked out of the district.

    Variations of this heavy-handedness happens so often everywhere that I'm surprised it makes the news anymore. I think Columbine made it worse because now the administrators are going apeshit over every little thing - turning the schools into a sort of police state.

    What would be news would be the punishment fitting the crime. But then the school administrators would have to admit that they are mostly at fault in this case (really: taping the passwords to the back of the computers?!)
    • I remember a girl getting treated like a drug dealer because she a)bought aspirin to the school and didn't hand it over to the school nurse (so that she could subsequently go back to the school nurse when it's time to take them - talk about being treated like a 5 year old) and b)giving one to her friends that had a headache.

      A bit over ten years ago when I was in high school yet, I was kicked out for a short time (it was later reversed because of how stupid it was) because I brought in a pair of heavy scis
    • by glitch0 ( 859137 ) on Saturday August 20, 2005 @11:54AM (#13362341) Homepage
      It's worse than that. I'm 17 and in a high school in Florida. Someone could walk up to you and punch you in the face, and even if you just stood there and did nothing you would both get suspended for 5 days.

      It's horrible because the kids that come from shitty neighborhoods do this to the kids that come from the good neighborhoods all the time because the shitty neighborhood kids get a week long break from school (their parents don't care, they have other things to worry about) and the good neighborhood kids get screwed by their parents.

      A friend of mine was recently expelled for a conversation that went something like this:

      Friend 1: "oh you won't believe what john did at lunch - he told everyone about your crush on cindy!!"

      Friend 2: "ugh he did? *in a joking playful tone* i could just kill him sometimes!"

      Teacher heard this whole conversation, told the dean, next day kid gets pulled out of class and is never seen again. And I was there for all of this - there is NO WAY that anyone could mistake him for being serious when he said that.


      Also recently at my school I witnessed a gross exercise of power by the principal. Food and Drink are not allowed in any buildings (except cafeteria) including water (yeah, i know, its florida. they do this to "reduce bathroom breaks." i'm not kidding either.) So, a kid runs 7 miles in the morning (cross country team) and buys a gatorade from one of the machines on campus. He's heading towards his locker and the principal is outside the building his locker is in. The principal tells him that he can't go inside with the drink. He tells the principal in a calm non-condescending tone "I don't agree with this rule, but I respect you enough to obey it and not bring this drink inside." and calmly waits outside periodically drinking his gatorade and talking to friends (keep in mind that this was like 20 mins before school starts, so he wasn't going to be late to class or anything.) With the principal still there, a teacher comes over and tells my friend to move out of the way because he is blocking traffic. Now, he is standing about 5 feet to the left of the door, and is clearley not blocking traffic, but he does as he is told and moves about 5 steps off the wall. About 10 seconds later, the principal begins yelling at him for moving from the spot. My friend tries to explain himself calmly and without attitude, but the principal will not have it. He then tells him to go to guidance and wait there. My friend went to guidance, waited an hour and no one showed up so he went to class.

      You would be suprised what goes on in public schools. Yesterday my history teacher who was giving a lesson on religions around the world did not know if Budda was fat in real life and when I asked about it I was told that it was of no significance anyway. I told him that in fact it could be rather important, as he had just taught us that Buddhism promotes freeing yourself from useless indulgences and possesions and that if Budda was actually fat then it would be contradictory to what he taught (as fat people are usually observed to be grossly indulgent.)

      I was then yelled at for "interuppting class" despite the fact that I had raised my hand and been called on as per procedure specified by him. Basically he tried to blame me instead of just saying something like "Actually, I'm not sure. If we have time at the end of class we can look it up on the internet."

      Anyway those are just some of my observations spending 12 years in the public school system.
  • Hack? (Score:5, Insightful)

    by Doc Squidly ( 720087 ) on Saturday August 20, 2005 @10:38AM (#13361861)
    Really, can't we get the media to stop using the work Hack in this way? Finding a password taped onto a notebook isn't hacking.

    Sure, they may have used the computers in way which they shouldn't but, they didn't have to hack them.

    I know, I know... the average Joe couldn't tell the difference between anything remotely technical but the media shouldn't be encourage it.

    I think I'll go let Windows Hack into my neighbor's unsecured wireless access point.
  • I'll be happy to lead the way in /.'ing their phone system with my phoned-in question of "Why, public citizens?" until they answer.

    Sorry, this is publicly federally-funded property. The 1st Amendment protects their freedom of expressing themselves on any federally-funded property.

    Let's get that phone number, I've got time to remind them that they're responsible to me, the taxpayer.

  • Yes and no (Score:4, Insightful)

    by davmoo ( 63521 ) on Saturday August 20, 2005 @10:40AM (#13361871)
    First, I will agree that felony charges here is rather extreme, and someone isn't thinking. A few days of detention (for both the students and the security administrator) would be more appropriate.

    But the fact that the passwords were on the back of the iBooks does not mean everyone was free to use them at will.

    I can tape the key to my house on to the front door of my house, and while that is extreme stupidity on my part, that does not give you permission to unlock the door and come inside.
  • by Cerdic ( 904049 ) on Saturday August 20, 2005 @10:40AM (#13361873)
    From the article:

    Now that's not the only thing that the kids are accused of doing, they also turned off the monitoring software (Apple Remote Desktop?) and even used it to monitor the admins. In addition, they're accused of using hacking tools to find the new admin password when it was changed from the password that was taped on the back of the machines.

    Also, if you click on the little update link at the bottom of the story, you'll see that the kids were also found to be downloading pornography. Might sound innocent to some of you, but adults / the school can get in trouble for "allowing" them access to X-rated material.

    Now, a third degree felony sounds harsh, but they still need some punishment. If they had stopped at using the password taped onto the back of the computers I'd feel sorry for them, but they were spying on admins and using other means to get the password once it was changed.
    • by stevew ( 4845 ) on Saturday August 20, 2005 @10:51AM (#13361946) Journal
      yep - the other little detail folks are not mentioning here is that the kids used some sort of rootkit equivalent to find the password AFTER it had been changed.

      Doesn't that qualify for breaking and entering?????

      These kids aren't angels...and whoops - there was consequences for their illegal actions..oh and to make sure everyone here gets that. These kids committed a crime. They KNOWNINGLY violated the machines by using the admin password they weren't suppose to have. Look - if I leave my house unlocked, does that make it any more wrong for someone to enter and start taking my things?

      The other issue is that these are still kids, and if they're under 18.... it isn't on their permanent record. If you guys are constantly going to make excuses though about oh- it wasn't that bad, then the rest of the rules of society might as well fly out the window as well.

      • by _Sprocket_ ( 42527 ) on Saturday August 20, 2005 @11:08AM (#13362046)
        These kids aren't angels...and whoops - there was consequences for their illegal actions..oh and to make sure everyone here gets that. These kids committed a crime.

        You're right. Hardened felons, all of them. Criminals. Malcontents. Society can't possbily function with these kinds of challenges to authority... much less the status quo. Fly out the window, indeed! Thankfully, this kind of spirit has been identified early and, we can only hope, properly quashed. The last thing we need is any of the kind of insanity that lead to the shennanigans in Silicon Valley.
        • Those who didn't miss the irony in my post may appreciate the fact that the laptops in question were manufactored by Apple. And Apple is a company founded by individuals who partook in simular activities [textfiles.com] as those that the parent poster claims would be the downfall of our society. It might be noted that these types of people are not unique in the Valley or the IT industry in general.
      • by Darkman, Walkin Dude ( 707389 ) on Saturday August 20, 2005 @11:51AM (#13362322) Homepage

        You want to wake up, son. Lets put this in context, shall we? We are talking about a felony, that is entering children into the criminal justice system because the school admins didn't have clue one about how to secure their own systems from... children. The mini emporers in academia need a taste of their own medicine. Honestly speaking, a previous poster pointed out that taping the password to the backs of the computers was tantamount to incitement and solicitation of a minor. I wouldn't just use it as a threat though, I'd go afer the little hitlers until every man jack of them had spent a few months trying out the local prison facilites. Such irresponsible and knee jerk reactionists should under no circumstances be educating children.

        Don't get me wrong, I know some kids are wretched creatures that shouldn't be in general education, but in this case I think an example does need to be made. Of the so called teachers.

      • by nxtw ( 866177 ) on Saturday August 20, 2005 @12:20PM (#13362506)
        The issue here is that the kids were _given_ these laptops to use for the school year. They were permitted to take them home and use them on networks other than the schools'.

        A computer is NOT a house. A computer can essentially be restored to its original (software) state with minimal effort. I highly doubt all six hundred laptops were individually configured, and instead had some sort of imaging or automated network install, so any broken installations could be restored easily. From what I have been told about Mac OS X, there is an option to reinstall the system without deleting user profiles, so students wouldn't even have to lose files (if they weren't stored or backed up on a network.)

        But if I walk into someone's (unlocked) house, and steal their TV, jewelry, and other items of value, they've lost them. They can't go restore the backup. They can't put in a few CDs and reinstall their stolen TV and jewelry. Their only hope is to have the items recovered somehow.

  • by BiO_FeNiX ( 908968 ) on Saturday August 20, 2005 @10:40AM (#13361874)
    I went to this high school and grew up in this town. Let me tell you this...The system administrators never had a firm grip on the students, I assure you...and they had been outdone several times before this. Suffice to say, the school tends to overreact about things that they don't understand...and Computers is one of those topics. I work in IT now and now that I understand security and such, I realized how much my high school sucked about security...they never really thought about it. Anyways...its kind of amusing to find my hometown on Slashdot...its little more then a farming town with a college in it. My graduating class was 140 people.

    L8tr all.
  • Regardless... (Score:2, Interesting)

    by sexyrexy ( 793497 )
    Only the sensationalist news media has called the teens "hackers". Believe it or not, most judges understand the difference, and their defense lawyers will at least argue the point enough to inform any jury that gaining access is not the same as hacking.

    Regardless

    The law is not about hacking, it is about Unauthorized Entry. You don't have to pick the lock to be somewhere you shouldn't, and you don't have to cut through any fences to be prosecuted.
  • by UpLateDrinkingCoffee ( 605179 ) on Saturday August 20, 2005 @10:41AM (#13361881)
    in our increasingly vengence based culture. Some principal or admin got his feathers ruffled that student's would actually use the passwords taped to their computers and is now on a rampage to bring them into submission or destroy their lives. I'm surprised they haven't been labeled terrorists by now. This goes way beyond this school district... witness the proliferation of "no tolerance" policies. Everyone makes mistakes, especially teens... we as a society should be focused on correcting mistakes and giving people the chance to learn from them. It's only those who refuse to recognze they made a mistake or continually fail to learn from them that need to be dragged in front of the courts.
  • by OeLeWaPpErKe ( 412765 ) on Saturday August 20, 2005 @10:42AM (#13361887) Homepage
    And "looking at what people give you" stop ?

    I'd assume they'd WANT me to know the admin password if it was taped to the back of the laptop.
  • I'm crossing Pensylvania off the list of states where I'd ever live. Felony charges?. Geez, maybe suspend them from school for insubordination, but giving them a criminal record is.. well criminal.
  • More to this story (Score:4, Informative)

    by guice ( 907163 ) on Saturday August 20, 2005 @10:46AM (#13361914)

    This story is short and doesn't give the fully story of what happened.

    *At first* the passwords were on the laptops (not exactly tapped; they were apart of some tapped data. It didn't say "Password:" if that's what you're thinking).

    After the admin changed them all, the kids then used a brute force cracker to break the passwords which they found on the local machines (password file?) and proceeded to install unauthorized software.

    They were punished multiple times and they still continued to do it. Calling the cops on them was a last resort the schools were forced to do.

    You can read more of the full story here: http://www.cnn.com/2005/TECH/internet/08/09/kutzto wn.hackers.ap/index.html [cnn.com]

    • by tkrotchko ( 124118 ) * on Saturday August 20, 2005 @11:07AM (#13362044) Homepage
      "They were punished multiple times and they still continued to do it."

      So a rational adult would simply take the laptop away from them. Either play by the rules or take it away.

      To me, this is the equivalent of sending your kid to reform school because he talked back one too many times. Its overreaction and really, its an admission of failure by the school authorities.

      Everybody in Kutztown should be ashamed of themselves.
      • I get tired of this /. wanna-be hacker mentality that seems to be if you CAN do something you SHOULD be allowed to, and face no repercussions for it.

        I mean look, if someone has physical access to a machine, they can get root, period. Any barriers you put in the way are only superficial and will only slow them down, if anything. We always operate under that assumption at work. We don't try and pretend we have an unhackable system because there's no such then when someone is physically at the computer. Rather
    • by putch ( 469506 )
      last resort? how about take their laptops away. voila, no more problem.
  • by nxtw ( 866177 ) on Saturday August 20, 2005 @10:52AM (#13361952)
    Police [kutztownpd.org]:
    45 Railroad St.
    Kutztown, PA 19530
    (610) 683-3545

    Borough of Kutztown [kutztownboro.org]:
    45 Railroad St.
    Kutztown, PA 19530
    (610) 683-6131
    fax (610) 683-6729

    Kutztown Area School District [kasd.org]: District Administration
    50 Trexler Ave.
    Kutztown, PA 19530
    (610) 683-7361
    fax (610) 683-7230
    more addresses and phone numbers for the District [kasd.org]

    I find the quote "We are a country awakened to danger and called to defend freedom." at the bottom of the Borough's webpage inappropriate for this town.

  • by keraneuology ( 760918 ) on Saturday August 20, 2005 @10:53AM (#13361958) Journal
    If not a single member of the board of education loses the next election over this then I will chalk this up to this being the will of the people and forget about it.

    Whoever taped those passwords to the back of the computers needs to be fired. Whoever gave that person a job needs to be fired. Whoever has the authority to demand that the people above must be fired immediately but hasn't needs to be fired.

    But this isn't happening. Rather than start demanding even a fleeting glimpse of intelligence within the public schools the parents simply get together and whine that the people they voted for have their heads so far up their rectum that you can't distinguish a fart from a whistle don't engage in sphincter-yoga.

    Yes, there is the possibility that these parents didn't vote this particular schoolboard (and mayor , who allowed this particular police chief and DA to make such stupid decisions), but I'll hedge my bets and say that either they voted for them or didn't vote at all.

    Are they demanding the resignation of the board? No.

    Are they demanding the resignation of the DA? No.

    Are they even promising to vote for somebody else in the next election? No.

    So if they don't care enough to actually DO something about the situation, why should anybody else?

  • by erroneus ( 253617 ) on Saturday August 20, 2005 @10:55AM (#13361975) Homepage
    It was one thing to essentially commandeer borrowed government property. (It doesn't matter if they negligently made the key available for use or not.) They also went about expanding their control first by blocking the admin's ability to monitor then by breaking into the admin account again... it was not taped to the computer the second time.

    Afterward, they went on to monitoring the admin.

    This is their defiance of authority and that's the message here.

    On one hand, I think it's "harsh" what is being done to the kids -- I really do. But there's a larger picture here that should be acknowledged.

    How many times have you been completely and utterly insulted by children who know there's nothing you can do about it. That is, in essence, what has happened here. When it was realized that the kids were breakign rules, they were essentially given the chance to straighten up when they were discovered and their admin passwords changed. The kids responded by being even mroe defiant and even aggressive about it.

    We have a cultural mess on our hands. I'm just sick enough of defiant children to endorse the reaction we are seeing here. You can't spank children any more. Somehow it became a crime. You can't even talk "mean" to them -- it's somehow psychological abuse as well. As a culture, we cannot control the children. And it's clear that most parents will not regulate their offspring as well... (at least without fear of criminal problems much of the time)

    I have two sons of my own and at the moment, my biggest problem is getting them to tell the truth. I haven't seen evidence of anything worse... not yet anyway. Respect for authority is a critical lesson in life that needs to be learned. If we have to make 13 examples of these kids, then so be it. It could help in changing the path for millions of other kids out there... kids that will one day grow up and lead this world. And if you think I'm over-reacting myself, look around you at the many "adults" out there who are early evidence of the things to come... people who never actually grew up and took responsibility for themselves. Examples are not hard to find.

    Respect, in general, should be restored as a key value in our culture and at the core of respect is fear of what might happen if you don't.
    • by Anonymous Coward on Saturday August 20, 2005 @11:24AM (#13362135)
      I completely agree with you that our culture has an issue with young people growing up irresponsible and disrespectful. I am 18 myself, and I am regularly disgusted and appalled by the behavior of my so-called "peers" and other young people.

      However, I disagree with your assessment of how to respond to the issue. Over and over again you are talking about "controlling" children - about "respecting authority". You bemoan the demise of spanking and complain that you can't "talk mean" to kids.

      Now, I am not a psychologist nor have I studied child rearing - as I said, I'm only 18 myself. But what I would like to suggest, for whatever it is worth, is that respect isn't something that is instilled by control. It's something earned and taught. My parents never tried to control me and my siblings. We were never spanked, punished, or yelled at for things we did "wrong". Rather, they gently explained our error and, if necessary, had us make amends. Our parents raised us with respect for *us* - and helped us learn to respect others as well, by being living examples. I am not saying this approach necessarily works with all children (or all adults - some of y'all need to to think about the example of respect you're setting!). But I was dismayed by your advocacy of what is essentially parental authoritarianism, and I felt that a counter-example might be worth writing.

      I would also dispute your statement that Respect for authority is a critical lesson in life that needs to be learned. Why? I agree with you that respect is an important lesson, but I would argue that respect should simply be for people and for property in general. Why should we respect authority? Teach kids to think for themselves, and educate them in moral principles so that they can make responsible decisions in their own right.

      In closing, your post states:

      Respect, in general, should be restored as a key value in our culture and at the core of respect is fear of what might happen if you don't.

      I cannot say loudly enough how much I disagree with that. Respect isn't about fear at all. It's about doing what is right. It's about holding others in high enough esteem to want to treat them well. Heck, the good old "golden rule" is a simplistic but reasonable enough definition of respect - treat others the way you'd want to be treated, set their rights equal to your own. But fear of retribution? Where is the moral strength in that?

      My 47.5 cents.
    • A reasonable punishment would be to take away the laptops.

      If the kids won't follow the rules then take away the toys. If they are flounting the school rules then use one of the normal school punishments to deal with it. Even after repeat offensives of this type the school and parents should be able to deal with it without resorting to trumped up charges of "hacking". This is the school being vindictive.

    • I really do think you have it all wrong here. First of all you can still spank kids depending on the severity of the marks left (in almost all states) Second of all unless you really go off the deep end no one is going to charge you with psychological abuse. The Klutztown 13 aren't "defiant children", that conjures up 8 year olds who are running into the street when they are being told not to. They are teenagers with minds of their own who are probably never given an explanation for anything by the adminis
    • As a parent (Score:3, Insightful)

      by tkrotchko ( 124118 ) *
      "How many times have you been completely and utterly insulted by children who know there's nothing you can do about it. "

      I think you're presented a false set of choice here. The choice isn't "accept lack of respect" or "send them to jail"

      Generally, if the administration is in a position where it feels that it can't control the children properly, it's the adults fault. Lets face it; Kutztown isn't exactly "The Blackboard Jungle". These are basically middle class kids who will do either the right thing or
    • I give the keys of a car to a kid. He (er, she) gets a ticket for speeding. Or driving under the influence. Or some other offense. They get a ticket. They do it again. They get another ticket. Fairly quickly they will lose their license. Because, driving is a priviledge.

      These kids repeatedly violated the rules of use of the machines. So take the machines away from them! The only unbreakable security strategy is to prevent access to the system.

      Each time the machines were returned to these kids

  • by Crashmarik ( 635988 ) on Saturday August 20, 2005 @10:57AM (#13361984)
    You have the implicit right not to have your travel patterns monitored when you rent a car, but a school has the right to watch what students do with PC's ???.

    Then again it really shouldnt surprise me that incompetent people in the I.T. field wind up blaming everyone around them for their faults. In this case it seems they managed to get a sympathetic ear out of their local PD. Its sad that, you can have people harbor a child molestor and not be charged with so much as obstruction of justice, but here you have children being charged with unauthorized use of devices placed in their possesion.

    IANAL but the fact that the schools handed the PC's to the students, said use them to do their work will probably knock down any charges concerning them. It will be really hard to prove unauthorized access when they were handed the quipment and given access to the network. Taping the password the back of the machine should also throw out any claims that the systems were meant to be secure.

    This case shows what happens when legislators make law without understanding what they are trying to legislate or considering the consequences. If this application of the law is held valid it will allow any corporation, organization or group to take revenge on any employee or member that uses its computers and is disliked. To do so, all that would have to be done is change an employee manual or circulate a policy memo in a way that it would either not be read or misunderstood, and then call the police when someone keeps on doing what they had been doing.

  • by gone.fishing ( 213219 ) on Saturday August 20, 2005 @11:37AM (#13362207) Journal
    Forgive me for a moment, this post may seem slightly off topic but I think that what we are seeing is the symptom of a larger problem and that is what I want to address in this post. So, flame away if you want.

    Kids, by their very nature are curious and, a bit rebelious. That hasn't changed in generations, kids have always been tempted by things that they know they should not do and kids have always been known to defy authority. I know I did, and I'll bet you did too!

    I was very fortunate to have had several teachers who were actually able to harness my curiosity and my desire to "push the boundaries." To this day, I think they were the best teachers I had.

    I also had the other kind of teacher; I remember specifically one English teacher who told us to read a specfic chapter. I got in trouble for reading beyond the chapter! I loved reading and simply got caught up in the story. Why he got upset is still beyond me.

    Many teachers no longer teach kids, they teach cirruclium. They expect kids to march in lock-step to their plans. Kids going though this feel like they are prisoners and that their teachers are little more than glorified babysitters! They get bored, they don't understand why they are being limited and, they naturally fight this by defying the silly rules established by the people in authority. In short, the kids will be kids (just like they always have been).

    Yeah, the kids hacked the computers and used them for things that maybe they shouldn't have. I have to say that the administrators of the school should have expected this.

    It seems to me there were probably a number of other things that could have been done - including a policy of "if you hack this, we will take it away from you and you will fail the class". The way that it has happend smells like the administration has chosen, intentionally, to make examples out of these kids. I suspect that this was done to send a message to future students "Don't mess with us" - but this kind of thing against kids seldom works and can easily backfire (especially if nothing comes of the charges).

    I feel for the kids, I really do. Not because they hacked the computers but because the administration and staff of the school have obviously made some poor choices along the way. This problem is a symptom of something wrong much deeper in the system. The teachers should realize they are teaching kids who are naturally curious, naturally push the limits, and naturally defy authority. If these kids were challenged, rather than restricted, they would learn a hell of a lot more.

    Teachers, please go back to teaching kids, not cirriculum!

  • by PotatoHead ( 12771 ) <doug.opengeek@org> on Saturday August 20, 2005 @12:07PM (#13362428) Homepage Journal
    with kids.

    You will lose. Any sane parent knows this. The educators, with their specialized training totally should know this. As a father I know this.

    The policy should reflect the reality of computing today; namely, that any access control methods can and will be circumvented by those willing to do so. Period, end of story. There is very little the school could do to prevent this kind of thing, so why bother?

    Either the kids play ball, or they don't get their own computer. Have a lab room setup for those not willing to agree to the terms of use and those that think they are willing, but end up on the wrong side of the rules.

    Charging these kids with a felony crime is just wrong. It's going to affect their future far more than it helps the school keep control. I've a feeling this school is one of these zero tolerance, power tripping schools that does more actual harm than good.

    So, they could have just taken the computers, booted the kids, put them on an alternative learning track, etc.... But, continuing to escalate the issue the way they did invited trouble, was counter productive, and could easily be considered rather draconian. --> "Lets make examples of a few of them to keep the others in line". Yeah, like I want my teen going to a school like that.

    In the schools defense, the law has taken away a lot of their power these days. The school staff is sharply limited in what they can actually do without going to the courts. (Which makes a keen understanding of the whole power struggle thing all the more important!) When I went to HS, in the 80's, principles could still actually make kids *do* things. Breaking up fights, for example, often meant the principle stepping in there, grabbing some kids, and sorting things out. He was never in the office, walked around the school and kept order.

    Things are far different today where even touching kids can get educators in trouble.

    There is a fine line being crossed with the whole kids rights thing. In terms of things like expression, we should be yielding to the kids. However, in terms of behavior, we should let the schools do a bit more than they currently are, if we are to avoid the courts for teen struggles.

    Also, where the fuck are the parents in this whole thing? If this were my kid, I would quite honestly start working that school and legal system over until the problem was corrected. I'm all for kids towing the line, but it's a two way street. If the school creates an environment for failure, (which they clearly have), the punishment for that failure needs to serve some greater end. (Which it clearly doesn't.)

    This whole mess is a crock. Anyone, who has parented teens, who possesses just a bit of common sense would have been able to defuse this issue and move on. My gut says this whole small town is fucked up.

  • by vijayiyer ( 728590 ) on Saturday August 20, 2005 @01:20PM (#13362822)
    A laptop isn't a device meant to be secured. A basic tenet of computer security is that anyone with physical access to the hardware effectively has admin access. What if the students simply wiped the drive or put a different one in? Would that be "hacking" deserving of a felony charge too? It seems like these children were baited to have their lives ruined. How did the massive amounts of taxpayer dollars help them?
  • A letter from a Mom (Score:5, Informative)

    by Evets ( 629327 ) on Saturday August 20, 2005 @01:47PM (#13362938) Homepage Journal
    This letter was sent to the school administration by a student's mother prior to any charges being filed. The student is of course one of the 13 charged. If my memory of High School is even remotely accurate, this is exactly how my school administrators would have handled things (in absolutely the wrong manner) - however, my school administrators as quirky as they were, never would have filed criminal charges without even trying to get the parents involved.

    May 3, 2005

    I am writing this letter in response to recent events at the Kutztown
    High School concerning the manner in which my son was questioned about
    his use of the school laptop computer. My son was removed from an important chemistry review class and taken to an office where he was interrogated for more than thirty minutes by the school principle, assistant principle and laptop program director. During this questioning my son was accused of being involved in criminal activities and told that the Kutztown School District intended to press misdemeanor and/or felony charges against him in court. He was told that if he gave up the names of other students that they (meaning the school employees) would take that information into consideration when they filed the charges. I do not send my son to school to be intimidated, threatened, cajoled or bribed by school administrators under any circumstances. My son was told that he had destroyed school property and was in the same league as the kid who spray paints the exterior of the school buildings. I never heard such total rubbish. How dare any of you equate the abilities of my son with a group of mindless misfits who have nothing better to do than make graffiti? At the time of this meeting on May 2, 2005, none of the accusations being made against my son had any actual evidence to back them up because his laptop had not yet been checked for any current violations. My son was put in that intensely disturbing situation because some other students, who were probably terrified of what would happen to them, said my son had done something wrong.

    I, personally, do not know exactly what my son does or does not do on his school computer, but what I do know is that at no time in the past four months was I ever contacted, by phone or by letter, about any problems that would justify the way school officials behaved towards my son during that meeting. If, at any time, I had been contacted by the school concerning inappropriate behavior by my son I would have put a stop to it immediately. Apparently, the administrators at the Kutztown High School seem to adhere to a policy that undermines parental authority. The only evidence I was ever privy to was a paper that was mailed to my home saying he had been given a one hour detention for the installation of something called Acquisition. A one hour detention would not indicate to any parent that there was a serious problem. The irony in that was that his acquisition wound up putting him through an inquisition.

    I no longer trust the Kutztown High School administration to behave in a way that is professionally reliable or in the best interests of my child. Therefore I am stating, unequivocally, that there are to be no more meetings of any kind for any reason between my son and any Kutztown High administrator without my consent and/or physical presence at the meeting. If there is any problem at all with my sons conduct while at school I am to be notified immediately before any other action is taken.

    I will no longer honor the contract that was signed concerning the use of the school lap top last September. Had I any indication at that time how inefficiently the program would be administered, I would never have agreed to it in the first place. I will not sign any other contract for the use of school computers unless there is an amendment clearly stating that any violations concerning the use of the equipment will be dealt with by the district a

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...