zlacker

[return to "IoT hacking and rickrolling my high school district"]
1. earksi+Fd[view] [source] 2021-10-12 20:54:58
>>revico+(OP)
Serious question. What, if any, instruction do kids these days receive regarding what's allowed on computer systems?

I remember in high school poking around a network drive until I found an executable with the name "SEND" in the name. I had a sense that it would send some kind of message somewhere, but I honestly didn't know where or to how many people. I was quite surprised when all the screens in our computer lab froze and, five seconds later, my message appeared on all of them. (I later learned that my message appeared on every desktop screen in the school!)

I'm not sure exactly how they found me out, but I was called into the IT admin's office a couple of days later. She was furious with me. I told her the truth. I didn't know what exactly would happen when I ran that command, but she didn't buy it. Fortunately, nothing ended up happening after that.

I've wondered to this day what exactly they could have done to me if they decided to press whatever legal authority they might have had to its fullest extent. I was never told "don't go to Z:\" or "don't run any program other than those on this list." Even after I was found out, I wasn't ever explicitly told that my actions constituted unauthorized access.

It was a different, perhaps more innocent (or ignorant) time back then. How much have things changed now?

◧◩
2. jovial+of[view] [source] 2021-10-12 21:03:36
>>earksi+Fd
I graduated high school in 2015. I remember similarly poking around a network drive until I found a file in plaintext which contained everyone's student ID and whether or not they had a nut allergy (protected by HIPAA), for the bus system.

I didn't think much of it, but some other students caught wind. Before I knew it, the superintendent threatened to have the police involved and press legal action for "hacking confidential student data."

It's CYA all the way, usually at the expense of the person in the chain least equipped to cover their ass (the student).

◧◩◪
3. drusep+in[view] [source] 2021-10-12 21:55:33
>>jovial+of
Similar story: the dean of my "high school" [1] asked me to create our school website. Another student apparently poked around on a network drive and found an SQL dump of all the students' network username/passwords. I brought this file to the dean, told them it was available on a shared drive (so they could remove it), and asked if they'd like me to use it -- since I already had it -- to enable all the students to log in to the school website with their existing network usernames/passwords. They said that was a great idea and gave me the OK.

A week later, police escorted me from my dorm and both I and the other student were eventually expelled and threatened with harsh legal action, which never came.

[1] The "high school" was an early-entrance-to-college program where we started college at 16, lived on campus, took the normal freshman/sophomore college courses, and eventually received a high school diploma and an Associate of Science when we graduated at 18. The website was for the school I attended, but the SQL dump included all of the university students as well. The school has since shut down.

[go to top]