Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Courts Government Security News

Hilton Hacker Gets 11 Months 390

B747SP writes "Well, the guy who 'acquired' the contents of Paris Hilton's Sidekick telephone and published them on the Internet has had his day in court. T-Mobile USA and the State of Massachusetts are pleased to report that he has been sentenced to 11 months in a juvenile facility. He's also not allowed to own or use a computer, a cellphone, or any other device that can access the Internet for two years. It turns out that the Hilton hack was just one of many Bad Things(tm) that he had been up to: calling in bomb threats to schools, creating T-Mobile accounts for himself and his friends, breaking in to data broker LexisNexis' systems are just a few of his exploits."
This discussion has been archived. No new comments can be posted.

Hilton Hacker Gets 11 Months

Comments Filter:
  • Last post! (Score:5, Funny)

    by Anonymous Coward on Thursday September 15, 2005 @03:25PM (#13569893)
    See you guys in 2 years!
    • But he's not allowed to use a computer! What kind of possible rooting could he experience in prison? It's not like he has a computer in his cell or in the shower room or anything.
    • RAEP IS FUNNY GUY (Score:5, Insightful)

      by Vicsun ( 812730 ) on Friday September 16, 2005 @02:27AM (#13574040)
      I've been sentenced for a D.U.I. offense. My 3rd one. When I first came to prison, I had no idea what to expect. Certainly none of this. I'm a tall white male, who unfortunately has a small amount of feminine characteristics. And very shy. These characteristics have got me raped so many times I have no more feelings physically. I have been raped by up to 5 black men and two white men at a time. I've had knifes at my head and throat. I had fought and been beat so hard that I didn't ever think I'd see straight again. One time when I refused to enter a cell, I was brutally attacked by staff and taken to segragation though I had only wanted to prevent the same and worse by not locking up with my cell mate. There is no supervision after lockdown. I was given a conduct report. I explained to the hearing officer what the issue was. He told me that off the record, He suggests I find a man I would/could willingly have sex with to prevent these things from happening. I've requested protective custody only to be denied. It is not available here. He also said there was no where to run to, and it would be best for me to accept things . . . . I probably have AIDS now. I have great difficulty raising food to my mouth from shaking after nightmares or thinking to hard on all this . . . . I've laid down without physical fight to be sodomized. To prevent so much damage in struggles, ripping and tearing. Though in not fighting, it caused my heart and spirit to be raped as well. Something I don't know if I'll ever forgive myself for.
      -A letter to Human Rights Watch ...and I'll keep posting this story every time slashdot advocates rape and moderators mod it up.
      • by mirio ( 225059 )
        These comments are very true. I've never been a prisoner, but my grandfather spent the last 12 years of his life incarcerated for a crime I sincerelly believe he did not commit.

        At the age of 68, he was accused of rape by a mentally distubed woman who had been in and out of mental institutions for almost 5 years (manic depression and many other problems). The woman said she raped him. My granfathers physician testified that my grandfather and been impotent since his mid-40's...this did not matter to the j
  • by NerdBuster ( 831349 ) on Thursday September 15, 2005 @03:26PM (#13569912)
    Paris should get 11 years for her acting ability and general ability to annoy people.
    • Actually, I watched a documentary about the celebrity publicity machine the other day. They mentioned Paris Hilton. Apparently, the public images of herself (as a party girl with loose morals and limited brains) and that of her sister (quiet and reserved) are carefully crafted creations of a PR firm. Real-life Paris is supposed to be very street smart, with an ability to add up figures with the speed and accuracy of a computer.

      Why does she want to have such a seemingly "negative" public image? Well, without
      • If I were given the choice of being set for life, or being still more ridiculously rich at the expense of my dignity, I'd definitely choose the former.
  • Hmm (Score:3, Insightful)

    by Henry V .009 ( 518000 ) on Thursday September 15, 2005 @03:26PM (#13569913) Journal
    I wonder if the job offers have already started, or if the security companies are waiting until this particular piece of human trash gets out of jail.
    • Re:Hmm (Score:5, Insightful)

      by fsh ( 751959 ) on Thursday September 15, 2005 @03:32PM (#13569974)
      This is one idea that I really don't understand. Why would the security firms want to hire someone who has hacked into computers? Homicide detectives don't hire murderers, the SEC doesn't hire fraudsters, the ATF doesn't hire drunk smokers w/ unregistered firearm violations....

      I wouldn't hire this kid simply because he would open me up to lawsuits from my stockholders.

      • Re:Hmm (Score:5, Interesting)

        by gstoddart ( 321705 ) on Thursday September 15, 2005 @03:40PM (#13570055) Homepage

        This is one idea that I really don't understand. Why would the security firms want to hire someone who has hacked into computers? Homicide detectives don't hire murderers, the SEC doesn't hire fraudsters, the ATF doesn't hire drunk smokers w/ unregistered firearm violations....

        When computer security was in its infancy, the person who broke into your system was the most qualified to stop other people. For a bunch of years, people who pulled off significant hacks (Mitnick) would get recruited. Basically, it takes a crook to catch a crook.

        The guy who the movie "Catch Me If You Can" was based on ended up in the employ of the FBI detecting counterfeit stuff because he was so damned good at it.

        Then people started arresting those who did such things. It's far less common for these people to get security jobs after their jail-time.
        • Well, even though he ended up at the FBI, he didn't start there right after being arrested.

          He spent a fair amount of time in jail. It's only once they discovered that he would be such an excellent resource for them that they brought him on.

          It's not just enough to break in, and do horrible things. You have to show a deeper understanding beyond that which could be obtained from simple learning.

          For instance, a hacker who knows more about social engineering than someone who's just studied it thoroughly. It i
        • Re:Hmm (Score:4, Insightful)

          by fsh ( 751959 ) on Thursday September 15, 2005 @03:59PM (#13570242)
          I understand that it can happen every once in a while, but the whole reason they could make a movie out of the counterfeiter was because it was so unusual.

          The problem with hiring a criminal for law enforcement is simply that the techniques the criminal would be most comfortable with are against the law. Sure, he might be able to track down more criminals than the trained enforcement personel, but he also wouldn't be able to back it up in court, and wouldn't be able to get the convictions.

          Certainly, law enforcement will interview known felons in order to help break a case, but the felons are rarely put in a position of trust, where they will be required to testify, simply because it's way too easy for the defense to pick them apart.

          • Re:Hmm (Score:3, Informative)

            The police could have the felon illegally get evidence that lets them know what the need to investigate, then all the need to do is find the right pretext to get at the data, like perhaps going into a business that the illegal investigation turned up some dirt on, buy something, and check the money you get back as change for drug residues (nearly 100% likely to be positive) and use that as a pretext for a drug investigation, and then "legally" find what you already illegally know and use the "legally" found
          • Re:Hmm (Score:4, Informative)

            by gid13 ( 620803 ) on Thursday September 15, 2005 @05:12PM (#13570885)
            Um, the point is not that the criminal will use illegal techniques to gather evidence.

            The point is that the criminal will be more comfortable with the illegal techniques others use, and be able to explain those techniques, expose whatever weaknesses to legal evidence-gathering they may have, and harden security against them.

            I'm not saying it always makes sense to hire a criminal for a security job, but I can certainly see the advantages.
        • Re:Hmm (Score:5, Informative)

          by Zordak ( 123132 ) on Thursday September 15, 2005 @04:30PM (#13570546) Homepage Journal
          The guy who the movie "Catch Me If You Can" was based on ended up in the employ of the FBI detecting counterfeit stuff because he was so damned good at it. Then people started arresting those who did such things. It's far less common for these people to get security jobs after their jail-time.
          Frank Abagnale, Jr. spent six months in a French prison where he could not stand erect and where he slept in his own excrement. He was borderline insane when he was finally released to the custody of (IIRC) the Netherlands, where he spent about a year in a much nicer prison. He was slated to be turned over to (again, IIRC) Spain, where he would have spent time in another miserable and inhumane prison, but his Dutch captors took pity on him and found a way to invalidate his passport. That meant they had to "deport" him to the United States, where he promptly escaped by crawling out of the toilet when his plane landed. He was re-captured and spent some time in a US prison. He still managed to start his own security consulting business and make millions of dollars. The difference was not the jail time. The difference was that he was truly brilliant and he apparently did not have a truly criminal disposition. He was basically a horny teenager (much of his crime was committed in pursuit of women). When he got some maturity, he was able to put his skills to a beneficial use. He also eventually paid back all of the money he stole.

          In contrast, I'm betting this little hacker twerp is some wannabe who got ahold of a computer and read a couple of "howto" sites. He may or may not have the disposition of a hardened criminal, but until he does something original, nobody will notice him. Maybe if he's lucky, he'll get a wikipedia entry.

      • Here [ranum.com] is Ranum's talk on the whole phenomenon—and why it should stop.
      • Comment removed based on user account deletion
      • Re:Hmm (Score:5, Insightful)

        by learn fast ( 824724 ) on Thursday September 15, 2005 @03:43PM (#13570090)
        Let me extend this by saying that we should not hire lobbyists to be regulators.
      • Re:Hmm (Score:5, Interesting)

        by Titusdot Groan ( 468949 ) on Thursday September 15, 2005 @03:43PM (#13570091) Journal
        the SEC doesn't hire fraudsters

        Actually they do. The famous example was Joe Kennedy who headed the SEC when it was first created. Roosevelt said it "took a thief to catch a thief." He basically outlawed every dirty trick he used to become rich himself.

      • Re:Hmm (Score:4, Funny)

        by Doctor Memory ( 6336 ) on Thursday September 15, 2005 @03:46PM (#13570129)
        the ATF doesn't hire drunk smokers w/ unregistered firearm violations

        Huh, no wonder they don't return my calls. Oh well, I guess I can always fall back on AOL tech support...
      • Ah, but the FBI did hire Frank Abagnale Jr. (dramatized into 2002's "Catch Me If You Can"), a successful con artist turned FBI agent who developed many of the anti-fraud methods incorporated into checks today.
      • >>> "Homicide detectives don't hire murderers"

        You mean to say all those TV shows and films have it wrong? Surely the police enlist genius murdering psychos to catch not so genius murdering psychos!!??

        </sarcasm, I think>

        <reality>
        Lots of rehab groups use ex-addicts ..
      • Because good help is hard to find...
      • This is one idea that I really don't understand. Why would the security firms want to hire someone who has hacked into computers? Homicide detectives don't hire murderers, the SEC doesn't hire fraudsters, the ATF doesn't hire drunk smokers w/ unregistered firearm violations.... I wouldn't hire this kid simply because he would open me up to lawsuits from my stockholders.

        The concept of hiring convicted hackers for security jobs is largely an urban myth at this point. It happened in a few well publicize

      • Watch the end of "Catch Me if You Can!" again. It's based on a true story.
    • Re:Hmm (Score:3, Insightful)

      Considering that the kid in question thought a bomb threat was a good way to start a school day, he'll probably be working fries for at least a few years before they trust him with network security. The guy's no hacker, he's just a juvenile thug who happens to be computer literate.

    • After reading info about his hacks, the only thing impressive was his supposed level of stupidity. Reminds me of a book named the Stainless Steel Rat, in where the main charachter goes to jail so he can talk to real criminals. When he gets there, he realises that anyone who is stupid enough to get caught is a moron anyway, and he was looking in the wrong place so he breaks back out of jail. Security companies should likewise have no interest in this person. If it was someone who turned himself in for so
  • Nice kid (Score:3, Insightful)

    by Anonymous Coward on Thursday September 15, 2005 @03:27PM (#13569915)
    All that and he only got 11 months? While there's a guy in California doing life for stealing a candy bar?

    Also, the blurb failed to mention that this nice young fellow wasn't acting alone (see the Register's coverage from this morning)
  • Radisson? (Score:2, Funny)

    by alexhohio ( 871747 )
    Can he stay at a hilton?
    • Yeah, actually, I read that all the jails are so overcrowded that the Justice Department has started to outsource some penal institutions. They said they were going to transfer this guy to the Bangkok Hilton :7
  • Less about Hilton (Score:2, Insightful)

    by CMF Risk ( 833574 )
    More to do with all those bomb-threats me thinks =)
  • by Mz6 ( 741941 ) * on Thursday September 15, 2005 @03:27PM (#13569919) Journal
    Or did I completely miss the story about the kid getting busted for this?
  • by 14erCleaner ( 745600 ) <FourteenerCleaner@yahoo.com> on Thursday September 15, 2005 @03:27PM (#13569920) Homepage Journal
    I'm sure we'll now hear that this poor kid's untapped potential for technical greatness is being stifled. Cry me a river. The kid sounds like a felon-in-training to me.

    Maybe during his probation period he should be required to listen to Paris Hilton's commentaries on current events, nonstop.

  • by crazygeek02 ( 915165 ) on Thursday September 15, 2005 @03:28PM (#13569931)
    Maybe T-mobile will get their act together now and fix all the problems. Who knows.
  • DOS? (Score:5, Insightful)

    by cached ( 801963 ) on Thursday September 15, 2005 @03:29PM (#13569936)
    From TFA:

    In June, a second phone company became a victim to the juvenile's attack, according to the U.S. Attorney's statement. A phone that had been activated fraudulently was disabled, and the teen retaliated with a denial-of-service attack on the company's Web site when it refused to reactivate the phone.

    Im not trying to troll, but what kind of professional website gets harmed by a DOS attack anymore. Slashdot alone should make webmasters think twice before putting up a service with a server that cant handle DOS attacks. :)
    • Re:DOS? (Score:3, Informative)

      With a DOS or the more popular Distributed version, it's just a matter of sheer strength.

      The amount of bandwidth these kids can harness to sling around is amazing, have you been on IRC (preferably EFnet) much? Now, with non-inept systems admins, and network guys... DoS attacks can be thwarted somewhat

      But, again, it's sheer power. Some kid has a bunch of obscure boxes rooted all sitting on fat pipes... it can be bad
    • They didn't say the attack wasn't distributed. And I hope you weren't trying to say that handling DDOS attacks is a piece of cake...
  • by Anonymous Coward on Thursday September 15, 2005 @03:29PM (#13569939)
    The numbers included those of rapper Eminem, actor Vin Diesel, singers Christina Aguilera and Ashlee Simpson, and tennis players Andy Roddick and Anna Kournikova.

    I count at least 4 mistakes in this one sentence alone!
  • by OxygenPenguin ( 785248 ) <mrunyon@gmail.com> on Thursday September 15, 2005 @03:30PM (#13569940) Homepage
    We present your leader. All bow to the alpha kiddie.
  • YRO? (Score:5, Insightful)

    by general_re ( 8883 ) on Thursday September 15, 2005 @03:30PM (#13569941) Homepage
    I can't for the life of me figure out why stuff like this keeps getting stuck in the YRO section. As far as I can tell, the only person whose rights were in any danger was Paris Hilton - granted, her privacy is largely a theoretical concept these days, but nevertheless, what possible bearing does this kind of thing have on my rights online?
    • Haven't you heard? All your (online) rights have been 'eroded', so there's really nothing left to post but gossip...
    • Re:YRO? (Score:3, Funny)

      by Otter ( 3800 )
      As far as I can tell, the only person whose rights were in any danger was Paris Hilton...

      No, it's Paris Hilton *and* everyone in her address book! That may not include dweebs like you, but the average Slashbot certainly has to be concerned about having his personal information get in the hands of the paparazzi.

    • I can't for the life of me figure out why stuff like this keeps getting stuck in the YRO section. As far as I can tell, the only person whose rights were in any danger was Paris Hilton - granted, her privacy is largely a theoretical concept these days, but nevertheless, what possible bearing does this kind of thing have on my rights online?

      Don't know about you, but I have a cell phone. Oh, and everybody that was in the phonebook had to get their phone numbers changed, notify people, etc.

      Seems like a reason
      • Well, sure. On the other hand, I once had my wallet stolen - had to get a new driver's license, credit cards, etc. It was a pain. But I don't think that single incident is indicative of a trend towards people losing their right to carry a wallet, or any other general pattern of infringement on one's wallet-carrying rights.

        Now, when the state starts breaking into cellphones, on the other hand, or stops punishing people who do so, then I think we can file this under YRO a bit more comfortably. Until the

    • Re:YRO? (Score:2, Interesting)

      by Seumas ( 6865 )
      Maybe because, in America, we have this sentimental nutty idea that "the punishment should fit the crime" and imprisoning anyone (much less a kid) for a year or more for cracking someone's cellphone while violent criminals get away with little or no penalty is hard to justify.
      • accessing T-Mobile USA's internal systems and posting data from Paris Hilton's mobile phone on the Web will serve 11 months in a juvenile facility. The teenager pleaded guilty last week to a series of hacking incidents, the theft of personal information and making bomb threats to high schools in Florida and Massachusetts, according to a statement from the U.S. attorney for the district of Massachusetts.

        All crimes took place over a 15-month period, beginning in March 2004. Victims suffered a total of abou

      • I'm not so upset about the year in prison as I am about not being able to use a PC or the Internet at all for a few years following. How is this kid supposed to get any kind of an education if he can't use computers? And the number of jobs he could get are severely curtailed by this as well. I'm just not sure the Judge in this case realizes how much this type of punishment will affect this child's future. Should he be punished? Yes. But cut the no computers crap and make him do community service inste
    • Don't you understand that everything on slashdot has to fit into only a few narrowly defined topics? Anytime there's ever a story involving the law it's filed under "your rights online". It doesn't matter if it involves the internet, anyones rights, or neither of the two. The story could be about someone caught stealing an ipod in Zimbabwe, but since it involves something electronic and theft, it's "your rights online".
  • by airherbe ( 638417 ) on Thursday September 15, 2005 @03:31PM (#13569952)

    An explanation of how Paris Hilton's Sidekick was hacked can be found here [macdevcenter.com]. A pretty interesting read.

    //J
    • He knew the answer to the "secret question"? How is that ha..err..cracking?

      Blue... No, yellow!
    • Interesting read? She used her stupid dog's name for the password hint question of: "What's your favorite dogs name?"

      This is like some of the questions that PeoplePC has for its hints: "In which city did you go to high school?" Um... about 90% of the people who are buying a $10.95 per month internet service are likely in the same town now, as when they went to high school. (This is why I stopped asking that question.)

      Also, "What's your favorite pet's name?" This is usually the currently living pet. And
    • Enough on this kid (who commited a crime and got what was deserved), let's talk about those annoying 'secret questions'. I've lost count of the number web sites that require you to answer one of these and don't even let you choose a decent question. Not just insignificant sites, like random forums, but important sites that pretain to things that matter in real life, like my college records or credit card information.

      I'm not a celebrity like Paris Hilton, but it is not hard at all to find out what my mom's
      • I've lost count of the number web sites that require you to answer one of these and don't even let you choose a decent question.

        You mean you actually use a contextually appropriate answer to the "secret" question? You're better off using an answer to a different question, i.e. your mother's maiden name as the response to where you went to high school. It's still top of mind information, and at least then your enemies (and friends) can't break into your account quite so quickly.

  • by Prophetic_Truth ( 822032 ) on Thursday September 15, 2005 @03:32PM (#13569968)
    its being a good con artist! So what, this guy was able to sound like paris hilton, and she picked a stupid 'password reminder' that he used to get the real info from a phone jockey at T-mobile. Calling this kid a hacker is JUST WRONG.
  • Gotcha... (Score:3, Insightful)

    by BrianRaker ( 633638 ) on Thursday September 15, 2005 @03:33PM (#13569982) Homepage Journal
    He hacked illegally, and now he's paying the price. I say he got what he deserved. Too bad the kid's a juvie. I'd like to have seen him go to a real prison.
    • And if my memory is correct, this doesn't even go on his adult record since he is a juvy. When he goes to get hired one day, they wont be able to find this information, or know what he did.
  • by ChrisF79 ( 829953 ) on Thursday September 15, 2005 @03:37PM (#13570025) Homepage
    Congratulations! You just earned yourself a high paying security job with the United States government. We are all very impressed with your unusual interview. See you in two years.
  • "Hacker"? (Score:5, Insightful)

    by HugePedlar ( 900427 ) on Thursday September 15, 2005 @03:38PM (#13570034) Homepage
    Some kid guessed her password reminder and we're calling him a hacker? Even "cracker" would be too good for this feat of leetness.

    Not sure I'd even deign to call him a script-kiddie.
    • Re:"Hacker"? (Score:3, Insightful)

      Guessed? He used her password hint which was "Favorite Pet's Name" and three seconds of google tells you Paris Hilton's dog's name.

      Not a guess, she put her password out there for everyone to know.

      So, the lesson here is that if you're a famous bimbo and your pet's name is on the internet.. don't use it as a password to hide your naked pictures.
  • ...largely for all the other stuff he did. Getting Paris' nudie pics were just icing on the cake.

    Of course, Hilton's connection is all you hear about this situation because it involves 1) a famous person and 2) titties, thanks to our starfucker-centric society and media. Just look at the title at the top of this page, for instance!
  • "Hacking" (Score:5, Funny)

    by pete-classic ( 75983 ) <hutnick@gmail.com> on Thursday September 15, 2005 @03:48PM (#13570140) Homepage Journal
    Hacking Paris Hilton's box would seem to be its own punishment. One is sure to contract a virus.

    -Peter
  • by soft_guy ( 534437 ) on Thursday September 15, 2005 @03:50PM (#13570162)
    I think 11 months is a reasonable sentence for the first offense of someone who committed a serious crime, but not a violent one.
  • by Leomania ( 137289 ) on Thursday September 15, 2005 @03:54PM (#13570211) Homepage
    breaking in to data broker LexisNexis' systems

    Now, I realize that no interconnected computer system can be 100% secure, but shouldn't a place like LexisNexis be able to keep kids like this out? Was he really that good, or are they just really lousy at computer security?
  • damn haxors (Score:3, Funny)

    by kronchev ( 471097 ) <kronchev@gmail.cNETBSDom minus bsd> on Thursday September 15, 2005 @03:59PM (#13570248) Homepage
    "Computer hacking is not fun and games. Hackers cause real harm to real victims," U.S Attorney Michael Sullivan said in the statement. "Would-be hackers...should be put on notice that such criminal activity will not be tolerated." ....or not. i mean i know the companies are blameless for having a really obvious security hole up, but these kids should be put to death if they are the ones to find it and just mess around, instead of someone doing it and causing REAL harm
  • Seriously 11 months? And hes not allowed to own a computer, cell phone or any internet devices for 2 years?!

    Thats silly.

    Thats a death sentence in todays world for a kid who is obviousy quite handy with such devices.

    Come on, what happened to silly pranks? :) Paris Hilton wasnt harmed at all. This is the high tech version of writing "For a good fuck and blow job, call Jen at 555-5555" on your highschool bathroom.

    Make the kid do some community service, and move on.

    Better yet, get creative with his sentence and
    • bomb threats are silly pranks? go ahead and make one then, see how silly the police think it is.

      ddos are silly pranks? go ahead and ddos then, see how long you get away with it before the fbi pay you a visit.
  • Sen. Dick Durbin from Illinois actually made reference [washingtonpost.com] to this guilty plea in Judge John Roberts' confirmation hearings in the Senate today.

    What is this world coming to?

    On an even lighter note, some of this kids' buddies - including AOL hacker YTcracker - have made up a pretty entertaining rap song [ytcracker.com] about him.
  • Why bother? (Score:3, Funny)

    by Guppy06 ( 410832 ) on Thursday September 15, 2005 @04:29PM (#13570543)
    His life is so devoid of meaning that he hacked the handheld of some rich strumpet that everybody now knows isn't even a good lay. Isn't that punishment enough?
  • by Jherek Carnelian ( 831679 ) on Thursday September 15, 2005 @04:51PM (#13570713)
    So, what I want to know is, what punitive measures were taken against T-mobile for having such poor security processes that a teenager could pull this off for so long without being stopped?

    It is easy to send one kid, who probably couldn't afford more than a public defender, to jail. But what does it do to fix the problem? There are thousands more kids who could do the same thing, there are probably tens of professionals who are doing it right now and are smart enough to say under the radar.

    Other than the fact that T-mobile has the big gun lawyers, big gun lobbyists and big gun 'campaign contributions' - why haven't they been prosecuted for negligence?
  • by 1nt3lx ( 124618 ) on Thursday September 15, 2005 @09:03PM (#13572468) Homepage Journal
    I have first hand experience with this particular individual. I wanted to reply to every post I've read on this page and address each point individually. However, there are too many points to address and too many of my own to add.

    My Experiences
    My first experience with this kid was three years ago. I am a consultant for the school department in which he was attending high school.

    One afternoon I got wind of a report that a couple of computers were "operating themselves." Of course, they were not, they were being controlled by VNC. We took the computers out of the library, found the backdoor, and analyzed all the files. We were also able to identify the backdoor that was installed, as well as the many utilities that were downloaded from a file-serving website he had setup.

    Many of the files contained portions or the entirety of a first name. The website the files were downloaded from contained the same first name.

    The backdoor was installed on the premesis. It was installed before the start of school. The utilities were downloaded during school hours.

    We did a first name search in the SIS system, we found five or so individuals with the same first name. None were enrolled in a class that had a computer in the classroom. We then did an attendence search on those individuals. Only one was absent the date the utilities were downloaded. We had our guy, we were confident, but the evidence was circumstantial.

    We decided to put the compromised (Windows 98) systems back on the network under surveillance, or specifically tethereal. The systems immediately connected to irc.mircx.com and joined a channel with the first name, again.

    For a few days nothing happened. No activity, other than the PING/PONG of IRC. That weekend, however, he bit. He bit hard, too. He searched the names and phone numbers of guidance counsellors, secretaries, and other school personnelle. He obviously conducted some rather trivial social engineering. He was able to gain access to the SIS system, which runs on OpenVMS.

    We tracked his every move, I laughed and laughed as he struggled with VMS. Time after time he would break the telnet connection because he was stuck in EDT, or because he confounded the DEC Basic application. He queried himself multiple times, tried to change information about his enemies, I assumed, and made unsuccessful attempts to change his own grades.

    The administration didn't buy it. He cried foul, denied any knowledge of computers, claimed he was botted, claimed hackers were out to get him. They didn't pursue the issue, but we 'secured' the network. We dropped all IRC traffic and all VNC traffic. The next day we were subjected to a crippling DDOS, and a bomb threat was called into the school. We couldn't prove it was related and got no support from above.

    A few months later, he was cought red handed trying to break into an attendance-entry web interface, by a librarian. He was suspended and removed from computer classes. Case closed, at least from our perspective. A few more days of DDOSes, but that ended quickly.

    The next school year, bizarre things started happening again. The High School's network was secured, but the middle schools were not locked down as well. Again, the SIS system was being accessed after hours from backdoored systems. Again, social engineering had taken place. We locked down that building, but the accesses were still happening. It was determined that an unsecured WAP had been installed on site and he was sitting outside the building accessing the network. (Sometimes I wonder why they pay me when they do things like that despite my objections).

    Of course, we had even less evidence this time to point to him but it was obviously him. The IRC backdoors were the same, the names were the same, the passwords were the same, but the administration still refused to act. We secured that network and the after hours accesses stopped, but unusual activities continued to arouse suspicions.

    U
  • by JThundley ( 631154 ) on Friday September 16, 2005 @01:06AM (#13573687)
    I saw this on the Fox 11 morning news, and there were 3 things to note:

    1. One woman said "He was hacking into the internet..."

    2. One 50 year old anchor guy said "This is not a cool dude", even more rofles.

    3. Their file footage of Paris Hilton was of her in a float of a car in a parade waving to people. Why the fuck was she in a parade and why were people happy to see her?!

Whatever is not nailed down is mine. Whatever I can pry up is not nailed down. -- Collis P. Huntingdon, railroad tycoon

Working...