Three high school juniors have been arrested after they devised a sophisticated hacking scheme to up their grades and make money selling quiz answers to their classmates. The students are accused of breaking into the janitor’s office of California's Palos Verdes High School and making a copy of the master key, giving them access …
They were very smart
Kids trying to be clever.
If they were that smart....
"When I was a lad, I served a term..."
in Juvenile Hall.
I went to a private high school in the '50s. Everyone had to take the Stanford-Binet IQ test to get admitted. In my sophomore year a colleague stole the list of the IQs for everyone in our class. How happy we 15 year olds were to have that information!
Any fool can turn an 'B' into an 'A'. But to be able to look at the class athlete or stud and think: "heh, heh, only 108."
In the middle of the 20th century, we had very simple desires. Oh, and no one tried to change his IQ score.
LOL. I like how the author uses the word sophisticated when all the kids were script kiddies. Only having to download a keylogger, buy a decent crypter to remain undetected by antiviruses and gain access to the teacher's computers. Use usb spread if os is vista or xp or simply execute the file if windows 7. Then receive reports via either ftp or email. They are so stupid they didn't even chose the melt option or hide process via rootkit or attributes. I managed to hack 30+ accounts when i was 11 including hotmail twitter etc by making my own video.... Do I think they are smart? of course not.
would read the article carefully before commenting...
Isn't this why we have cliches?
Like "separate the men from the boys?" To tell us that some people in a group can do something difficult (commit crimes and not get caught) and some people cannot.
That our very own manly masterminds like AC are separated from the legions of incompetent high school bat boys in the league of Ali Baba and the Forty Theives.
cool story bro.
Must have been one helluva badly run network to A) allow FTP B) let staff/pupils have install rights C) let their mailserver act as an internal open relay, D) allow access to hotmail and twitter on a school network, E) not have central mandatory profiles to stop people injecting startups or other oddities.
Bread and butter things in schools really. Expect the kids to try and break the system, even down to learning japanese to beat the filters and screen readers....
Expel? What the hell?
If I witnessed an elaborate scheme by some kids at a school, I would be downright impressed.
They've shown more initiative, ingenuity and technical ability than the majority of people ever will.
I don't think so unless you feel prison is the proper reward. Rewarding criminals shows that you've missed the point completely.
Did the grass get a thorough beating?
I was suspended from school for shoulder-surfing the teacher's password.
It was 'clowne' from the fictitious Clowne Industries used in the training literature for our BBC B micros.
Our Computer Studies teacher, was, shall we say, blessed with some enormous norks, so I did what any self-respecting geek would in that situation, send a network message to all the screens in the computer room 'Miss Low is a top heavy fraction'
Some punk-ass little kid from the second year grassed me up. I got suspended for the rest of my school career because, apparently, I corrupted the platter-based storage system!
<remembers fondly trying to un-crease my 5 1/4 floppy>
Bring on the Raspberry Pi
"The school has also upgraded its security and has advised teachers to change their passwords."
The school should implement two-factor authentication and this wouldn't happen again.
They should bee up that janitors closet as well.
Weak physical security = weak computer security.
Ah, the good ol' days!
Reminds me of when USB 1.0 came out, shortly followed by the first scare stories of USB hardware exploits and keyloggers. The government agency I was working at had just gone through a consulting exercise around centralised printing, with only the senior managers' PAs getting personal USB printers to replace their old serial-port ones. They'd just about got all the PAs' new printers in when we heard they were going to disable all the USB ports on all desktops! One of the unwanted USB printers promptly found its way to my home office.....
Not smart, too greedy.
School wheezes and japes:
Rule # 1:
Don't tell anyone!
This often helps with the primary objective:
Don't get caught.
Remember that movie - when you can log in with only an username, no password...
They should do a remake of that movie :)
be careful what you wish for.
If only people knew the technical side. They wouldn't be so "impressed". It's sad how the genuinely skilled people remain unemployed and these halfwits are described as very bright when anyone with an iq 90+ would be able to succeed in such a task.
Wouldn't you prefer a nice game of chess?
These kids are 2 steps away from Global Thermonuclear war!
@AC - Sunday 29th 9.46GMT
Funnily enough, i'd also put you into the script kiddie category. Also you say you hacked 30+ twitter accounts when you were 11, does that make you 13 now?
took a while then !
The master key was stolen from the janitors office (physically or just a software number?) and security wasn't changed?
maybe someone other than the kids should be leaving the school........
No imagination, AT ALL!!
They used hardware key loggers to get admin. They then had admin access and all they did was change their grades.........kids these days have no imagination.
As I once told a school secretary.....
.. "When - not if - the students hack this system, I hope you're very lucky and they only alter their grades. They can do a LOT more damage if they start circulating sensitive personal information."
The response was to tell me my services were no longer needed. 6 months later the inevitable happened and having shown their insurers proof of the warning their public liability cover was voided.
$2 million in payouts later, that school has a half decent security system which DOESN'T have staff and student machines on the same physical network.
No point in changing your grades when the teachers know which grades you have been getting all year.
No, forcing people to change their passwords every n days is a bad idea. You either have to use a fairly weak password or write it down, otherwise you'll never remember. Stick to one strong password and don't change it unless it's compromised. Also the more rules you put on what can be in a password - e.g. dictionary words - the easier you make it to hack the password (because rules exclude whole rafts of possibilities).
Halcyon days and the impetuousness of youth
My hearty congratulations to anyone who hasn't tried to gain a competitive edge over their classmates through subterfuge. My personal experience was this: When I was studying 3 languages at GCSE level you could take an extended written examination or choose coursework which involved recalling from memory (under exam conditions) two A4 pages of text you had written yourself a week before. You were allowed dictionaries and could use anything printed inside them. So I would type up my essay and reduce it to a tiny font then flip the image and change the settings on the printer so the ink was quite wet. I could then carefully "print" this onto a blank page in the dictionary. I was careful to make a couple of deliberate mistakes when copying out so as not to be rumbled. This assured me 25% of my grade at A standard in these 3 subjects. What did I do with the time I should have been committing this to memory? I was studying for the other 9 GCSEs I had to pass. I'm talking Maths, Science, English and the like not Drama and Art.
Bottom line is there is so much pressure on kids to do well that this sort of thing is bound to become commonplace. I ended up with 11 A* and 1 A. I'm no idiot by any stretch of the imagination and everything else I got honestly, but my other grades would've suffered had I not exploited a loophole. When you’re pitted against a kid with photographic memory who only has to read the relevant info several times 2 hours before the exam and then regurgitate it, you appreciate how unfair life can be. A simple fluke of in built ability can affect your chances of doing well in exams. He wasn’t the brightest kid but could reproduce a piece of text he’d seen verbatim.
Sometimes you feel the need to even the odds in your favour. I'm not saying I condone what these kids did, but I understand. Yes, if they’d been smarter (and less greedy) they would’ve kept this to themselves and given themselves a chance at an excellent college. I suppose that’s filthy capitalists for you, they couldn’t see the long term investment and bigger payoff down the road.
If they where smart....
1) They would not have done it at all, agreed. And this is the MOST important point!
2) They would have written their own software key-logger vrs a hardware one to make it harder to detect and hopefully harder to trace back to them. (kids and credit cards these days, way too lazy!)
3) They would have retrieved the hardware devices after they had captured the needed passwords to avoid detection. (Granted there is a risk of detection on re-entry but it appears these guys where rather proficient at infiltration of the school...)
4) And this is the big one.... they should have never tried to profit and never told anyone, ever!!!
Like most criminals it's the greed that gets them every time! But will they learn their lesson?
Now that they are expelled they have plenty of time to learn how to use metasploit and SET to do it from the outside (Just what we all need...).
School or not Security needs to be baked in to everything you do these days, and expulsion alone is not harsh enough to prevent the students from continuing down a rather dark and dangerous path.... lets hope their parents straighten them out before the courts have to!
The school system failed to keep smart kids occupied & challenged. Classes are taught to the speed of the slowest student. These kids needed a challenge and they found one. Their teachers should be punished for not keeping the smart students intellectually engaged.
Now about the endpoint security technology which failed to detect a keylogger..... Probably should punish the IT department too.
Is that you Marty?
Do you have the Flux Capacitor...tell me have it!
They apparently used hardware based keyloggers, which are virtually impossible to detect by software as they plug inline with the keyboard cable out of the back of the PC. More of a physical security issue. Besides almost every company I hear about being hacked all act dumbfounded at the breaches because they all had "AV and Firewalls" The biggest threats are from within, and AV can only stop what it knows about if ti's something new or just newly encrypted in low volumes it's not a priority and often times will slip right though most AV...
I don't think this was a case of a lack of being stimulated or engaged here, they used COTS hardware, a copied key from the janitor, it was fairly low tech breach overall. This is simply a case of B&E, academic fraud, and being greedy.