1. First day on the job, email to boss: "Hey, the computer lab at Springfield High has a ton of known security flaws that are begging to be exploited."
2. Reply, 1 week later: "Sorry, we don't have any money for that. Just keep everything up-and-running."
3. 3 weeks later the computer lab at Springfield High got "hacked". All the computers displayed a popup window that said, "Miss Krabappel is a dyke!" (sorry for the offensive language)
4. Next day, email from boss: "The computer lab at Springfield High was hacked! Figure out how to fix this and make sure it doesn't happen again!"
5. A few days later Miss Krabappel filed to sue the school district. The local newspaper picked up the story.
6. Email from boss, in full panic mode: "I need you to figure out who hacked the computer lab at Springfield High so we can report him to the police!"
7. A week later an independent consulting firm was brought in to help identify the person behind the "hack". I heard they were paid $50K and found nothing. However, the kid got ratted out when he told all his friends. (It wasn't Bart Simpson! ;) )
8. Several weeks later: meeting to discuss working with a consulting firm that's gonna fix all the security issues because the current staff (me and my team) lacks the skills.
9. About 6 months later, I quit.
When I engaged in `net send` shenanigans at the local community college, at least the IT staff was smart enough to know where to scramble a runner whenever those dialog boxes popped up across campus.
"ALL YOUR BASE ARE BELONG TO US" was quite the meme then, but apparently they thought it was some form of cyber-terrorism.
His punishment was community service, and the service was having to be basically an intern for the school IT guy. Smart administration, really.
I'll never understand braindead school administrators whose response is "throw the entire CFAA book at them" for kids who do the most harmless sort of "hacking". I mean, they're literally 16-year-olds. How disconnected from reality does one have to be to think that police/legal action is appropriate for this type of stuff? It's like they're specifically trying to ruin lives and create criminals/blackhats.
Edit: And something I remembered while scrolling this thread... it's particularly disappointing when it's the actual IT staff who get mad and threaten to press charges. Like, sure, if it's a 60-year-old secretary who's worried about you starting WWIII by whistling into a payphone, that's just ignorance, that's one thing. But IT people ought to know enough about security/"hacking" to see how ridiculous they're being... just sad.
They don't ask that. They just want their computers to always magically work and having to dedicate mental resources to events in IT at all is an intrusion to their time - to them, throwing CFAA at them is "setting an example".