This kid is very very lucky. Obviously they violated the CFAA which carries severe criminal penalties. They engaged in actual hacking without any permission or defined scope. And they exploited the system without any responsible disclosure process.
Anyone in the field will tell you that this is an absolute disaster of a post because it sends the signal to other young aspiring cybersecurity professionals that this is OK, and the school will laugh it off, and you'll be seen as an adorable Matthew Broderick type Wargames character. I can't overemphasize how far this is from the truth in 2021.
Absolutely do not access systems you are not allowed to. If you do want to do penetration testing, you need permission from the systems owner and a clearly defined scope. And when you do find issues, you don't exploit them, you responsibly disclose them within a clearly defined framework.
If you want to end up with a criminal record that will profoundly effect the rest of your life, including your career prospects and ability to travel internationally, then by all means, do what this guy did.
I wish it wasn't so. It never used to be. But this is how it is now. Overzealous prosecutors have been given a huge amount of power, and all you need is one embarrassed systems administrator, school board or management team to trigger a disastrous outcome in stories like this.
Part of the issue is people like you who advocate for respecting "the system" and essentially scaring kids into not doing anything. Except that simply re-enforces the draconian laws that are currently in place. If more kids rebelled and this was a regular occurrence it would help to desensitize society to digital pranks instead of always treating these kids like terrorists.
Why do we tolerate pranks? You shouldn't be able to interfere with someone else and say 'just a prank bro'. Leave other people's things alone. Don't create work for other people. Don't bother people just trying to do their jobs. Don't impose your sense of humour on others. These all seem like basics to me?
If you think someone's funny? Great. Just don't bother other people with it. Do it with your own stuff, not other people's.
Pranks can be an outlet for creativity and learning that might not otherwise happen.
The post concludes with:
> This has been one of the most remarkable experiences I ever had in high school and I thank everyone who helped support me. That's all and thanks for reading!
I'm certain this kid learned so much working through the execution of this prank, and without being criminalized by the district, he's better off for it. Likewise, the IT department is better off with a more secure system, and staff and students experienced shared moments of unexpected joy.
Call me naive, but I'd say this kid made his small slice of the world a bit better, if only for a fleeting moment.
Great.
But do it with your own things then. Don't bother anyone else or touch anyone else's things.
And no worker should ever have to do any work (such as reset a computer system) because of your prank. Workers have enough work to do and enough hassles in their lives.
You're really oversimplifying here. Something tells me this highschooler doesn't personally own the breadth of commercial equipment that he hacked for this prank.
> And no worker should ever have to do any work (such as reset a computer system) because of your prank. Workers have enough work to do and enough hassles in their lives.
Okay, let's all be worker robots :)
So they shouldn't have done it.
> Okay, let's all be worker robots :)
It's not about what you want to do. It's about what some low-paid worker who has to clean up after you thinks. Or some other student inconvenienced by your prank thinks.
If you're impacting on someone else's life then you're in the wrong!
What if these people don't want your sense of humour imposed on them?
I think it's ethically wrong.