[Infowarrior] - Student charged after alerting principal to server hack

Richard Forno rforno at infowarrior.org
Tue Oct 28 15:50:44 UTC 2008 

Student charged after alerting principal to server hack

'Intentional criminal act'?

By Dan Goodin in San Francisco • Get more from this author

Posted in Crime, 28th October 2008 00:38 GMT


http://www.theregister.co.uk/2008/10/28/student_charged/

A 15-year-old high school student in New York State has been charged  
with three felonies after he allegedly accessed personnel records on  
his school's poorly configured computer network and then notified his  
principal of the security weakness.

The unnamed student of Shenendehowa Central School was charged  
Thursday with computer trespass, unlawful possession of a personal  
identification information and identity theft, according to news  
reports. He has been suspended from school and ordered to stand  
charges in family court in Saratoga County.

He and a peer allegedly gained access to a file containing the  
personal information of 250 workers because of a district-wide error  
in setting up a new server. After accessing the information, he sent  
an email alerting the principal to the breach and signed it "A  
student." With the help of the district's IT department, the principal  
identified the boy as the culprit.

"The kid committed an intentional criminal act," state trooper Maureen  
Tuffey told The Times Union. "He deceitfully used someone else's name  
and password so he would not get caught and was looking to profit from  
his criminal act."

All that was needed to access the information was a district password.  
School officials have admitted that thousands of students, faculty and  
employees could have accessed the same file for up to two weeks. The  
file contained the social security numbers, driver's license numbers  
and home addresses of past and present employees, most of whom were  
bus drivers.

Since news of the charges were reported late last week, hackers have  
criticized administrators for turning the student into a scapegoat for  
the school board's shoddy computer security. We're inclined to agree,  
although it'd be nice if we knew more about the specifics of the email  
the fellow sent his principal. Additional coverage is available here  
and here. ®

More information about the Infowarrior mailing list