HS Students Steal SSNs to Prove They Can 701
thatshortkid writes "Local news in Chicago is reporting about two Hinsdale Central High School students who breached their school's computer system and retrieved all of their peers' (plus staff's) Social Security Numbers. They claim they have destroyed the information and haven't given it out, but the SSA and FTC have been alerted for good measure. While they claim their motive was to prove that the breach could take place and no malice was involved, they face possible school disciplinary action and criminal charges."
ridiculous (Score:5, Insightful)
Dumbasses..... (Score:5, Insightful)
tough way to prove point (Score:5, Insightful)
They kind of deserve the punishment (Score:5, Insightful)
Demonstrate the Crime (Score:2, Insightful)
Common Sense (Score:3, Insightful)
I know people will come on here and say "OH but the administrators probably wouldn't listen so they had to do this to prove how serious it was". I'm sure if they followed good procedure and presented a good presentation to the Board/etc they would of gotten a better reception then what they did.
Yup. (Score:5, Insightful)
Re:tough way to prove point (Score:2, Insightful)
Re:ridiculous (Score:2, Insightful)
That's more like insightful.
yes,let the kids decide about your privacy (Score:5, Insightful)
To go all the way through to stealing *everyone's* information, and then afterwards claim you only did it to help is bad judgment at best. In some states it's criminal.
Good, throw them in jail! (Score:2, Insightful)
Those miscreants are a danger to society, and consider the cash value of all of the damage that they have done, not to mention the bruised egos!
They are terrorists, and should be executed!
</sarcasm>
Re:Over react much? (Score:5, Insightful)
Civil Disobediance has its price. (Score:1, Insightful)
What did Jefferson say about the tree of liberty and the blood of martyrs? Perhaps a bit over the top, but I feel the sentiment is appropriate.
Re:They kind of deserve the punishment (Score:5, Insightful)
Being bust or not is not the issue. If they had been bust while trying to get in then they would have had no excuses. The broke in and that is bad.
Re:tough way to prove point (Score:4, Insightful)
hahahahahaha...
They would have probably gotten the kids in trouble for thinking about "hacking" into the computers. Those hacker kids are nothing but trouble you know. School IT staffs are a JOKE in 90% of schools, and don't give a damn or don't know a damn thing.
would you? (Score:4, Insightful)
This just shows that most companies and governments cannot do so.
Not the Real Problem (Score:5, Insightful)
I'm certainly not suggesting something as draconian as RealID. But it should not be necessary to keep one's SSN any more secret than the account and routing numbers printed on personal checks.
Re:They kind of deserve the punishment (Score:5, Insightful)
. . . imagine you're legally required to keep your electronics and jewelry in someone else's house. And not only that, but several hundred of your friends are too. And imagine that you know the security in this house is bad, and you've tried telling the owner of the house that your possessions are in danger, but he doesn't care. And you've tried telling the government that your possessions are in danger, but they don't care either. Your friends care though, and they're really frustrated knowing that all their possessions are in danger, just like yours, and that nobody seems to be able to do anything about it.
Maybe then you'd break in, to demonstrate it's possible, and get the owner of the house to tighten up security for the sake of you and your friends?
Anonymous snail mail to IT admins... (Score:3, Insightful)
Re:Common Sense (Score:5, Insightful)
In that way, even if they were completely ignored, they'd at least have something to back them up when they make the futile claim that they tried all the normal means to make the school aware of the issue.
Sure, they'd still get in trouble with the school, but at least they'd have some credibility in the public's eye as doing this for a good reason rather than simply because they could.
Ask yourself: why is a high school using SSNs? (Score:5, Insightful)
Keeping SSNs around obviously can't be avoided for the school's employees (for tax and other reasons), but employee databases should be separate from student records, and there are far fewer employees than students anyway.
Basically, SSNs seem to have become the knee-jerk instant universal ID number for American firms and institutions of all sorts, which is a pity. It's best if we (as IT professionals) try to encourage the keepers of old databases to transition away from using them, and to strongly recommend that new databases not use them at all, wherever possible.
it's all about trust folks (Score:5, Insightful)
the problem has to do with what the word "trust" means. society at large doesn't trust an intelligent well-intentioned hacker (these students are hackers as in the old school sense if there ever was one, as opposed to the new school "hacker=terrorist" sense). but they DO trust a bumbling idiotic underpaid school administrator.
why?
it's about how the average slashdotter views "trust" and how society at large views "trust". the average slashdotter trusts intelligence, cleverness, technical literacy. but the average joe simply trusts accountability.
the school administrator's job is to keep security, he is trusted by society, paid by society to do this. he is accountable. the school administrator will be reprimanded by this breach, and the breach will be repaired. this is society at work. meanwhile, there is no social contract with the high school student. there is no trust. there is no accountability.
yes, security will be better because of what they did. yes, their intent is perfectly sound. but there is no trust, there is no accountability as far as the average joe sees it.
the lesson therein is for the average slashdotter then:
accountability is more important than cleverness.
to put it another way, the average joe doesn't care how technologically sophisticated the security is on their SSNs. the average joe just cares if THERE IS SOME ACCOUNTABILITY. so the SSNs could be on a text file on webserver, they don't care. the question si: is someone's job on the line for the theft? the average joe understands this concept: someone will suffer if my identity is stolen. there fore, someone out there is motivated to protect me.
meanwhile, these students have no social contract, no accountability. what is their intent? what is their motivation to do good by me? all i have to trust is their word, and i don't know them from adam. therefore, all that they have done for the average joe goes unheeded, unrecognized. the students helped the average joe, but the average joe sees them as criminals.
folks: gnash your teeth all you want, i'm just trying to give you all a heads up about the difference in thinking between the average joe and the average slashdotter. if you don't like what i am saying, don't be mad at me, don't shoot the messenger.
be angry that trust does not mean same thing to you and the average guy on the street.
Re:ridiculous (Score:5, Insightful)
The way I look at it (Score:5, Insightful)
Just a thought.
More about saving face (was:Dumbasses.....) (Score:3, Insightful)
Re:tough way to prove point (Score:5, Insightful)
Besides, as people already commented, it is stupid to commit a crime just to show that a crime of this sort can be committed.
Re:ridiculous (Score:3, Insightful)
How about those folks who rob a convenience store to show their security holes... should we just let them off simply because they figured out how to do it and were caught? Yet they say oh, well we were going to return the money so it is ok and nobody was hurt.
Talk about flawed logic with your whole "We really need sane laws that do not allow some one to be prosecuted if there's no harm done". What a load of shit
Re:ridiculous (Score:3, Insightful)
Re:Notation? (Score:5, Insightful)
Having my data on their servers seems compelling enough...
Re:ridiculous (Score:3, Insightful)
One of my daughter's friends keeps pressuring her to give out her passwords on various sites. I've suggested my daughter tell her friend, "You can have my password when I can have the key to your house."
Re:ridiculous (Score:5, Insightful)
I spend time in the back of a squad car for stating there were security problems at my school (back in 93, I was a Jr.) The Principal did not believe me, and I was asked by the "computer teacher" to demonstrate, which I did. Upon completing the demo, a change of my grade (downward, ironicaly) I was detained in the office pending arrival of the authorities.
I now have a job where I get paid for those same skills, and the thread starter is correct about paying the students. The problem is that HS staff does not like being shown that their charge (the students) have more power than them, which this demonstrates.
-nB
Re:ridiculous (Score:1, Insightful)
these kids were not heros. with all the social security numbers and personal information being stolen, did they think they would be considered heros for "stealing" the information.
yes, theft is a crime, and they think they're immune to such punishment because they didn't do anything with the information. so i guess if i steal $1,000,000, and just keep it under my mattress, it'll be OK.
my school (i graduated 2001) had all kinds of vulnerabilities, but you know what. it's a school. they're understaffed as is, and they don't need to have expensive consultants coming in and auditing their network all the time to stop these kids.
a school should be about education, and these kids learned a valuable lesson, because most school districts have a policy where if you are accused of committing a felony, you cannot join your regular classes. you have to go to an in-school suspension until they have a hearing to see if you're a threat to the school, or not. if not, you're returned to classes, however if you're deemed a threat, you have to attend alternative education, normally that portable at the back parking lot, or another school.
lesson learned, but a hard one.
Re:ridiculous (Score:3, Insightful)
The better thing to do [both then and now] would be to have someone from the media with the informer. If the "powers that be" choose not to "go along with it" while it's on the record, then that still leaves the door open for the story to explain what's possible, what's been offered, and what's been refused...and by whom. You cannot win 1 vs. the world. Adding the media to equation, particularly one who knows what they are doing, can even the stakes a bit.
The question begs: do you have to report these problems or is it a case of bragging rights - even if you are the only one who knows - so you will have cool stories on slashdot, blog entries, or magazine articles in the future?
As always, you have to pick your battles. But when you are forced into a battle, you have to decide which weapons to use and how. That's where the media is inserted into the equation.
Re:They kind of deserve the punishment (Score:5, Insightful)
No; I would have filed a civil lawsuit against the school. There are very good chances that the problem would be fixed in matter of hours - and I would get a useful experience in defending my rights in a completely legal way.
(I recall an old movie with Hulk Hogan where scenario of this sort was presented.)
Re:ridiculous (Score:3, Insightful)
If it's made public, then people can compramise the data maliciously before it's fixed.
If they go in on their own, then they'll be punished for it. And they ahve to be - you can't let people mess around with the system as long as they don't do any damage, because people will messaround with systems and do damage even though they didn't mean to.
The correct thing to do is probably to inform the school, hopefully get them to let you demonstrate the flaw under supervision from theirr network people, and if they still don't do anything abotu it... move on. If you make it public, the data WILL get compramised, if you don't, at least there's a chacne no one will notice, AND you dodge any repercussions to yourself.
Re:ridiculous (Score:5, Insightful)
Crime is not synonymous with bad, wrong, or evil.
Why do schools need your SSN? (Score:3, Insightful)
Does anyone know? It's not like the students are paying any taxes towards social security through the high school
Re:MOD !^$# PARENT UP! (Score:3, Insightful)
I can't honestly say I check it frequently, but looking at the license number provides a good quick check that the card isn't a blatant fake ID.
If part of your license is covered over, I'd be really suspicious of what you were up to.
In a civilised country. (Score:2, Insightful)
In a civilised country where personal data was actually protected and where personal responsibility existed, such an event would have generated very pointed questions of the people who failed to protect vital personal information for hundreds or thousand of students.
The focus on sound bites denouncing petty criminals makes a convenient smokescreen to avoid them though.
Re:Over react much? (Score:3, Insightful)
Re:ridiculous (Score:3, Insightful)
And I know it's fashionable to hate on business, but there are a lot of security flaws that get patched without an exploit being published or used.
Re:The way I look at it (Score:5, Insightful)
Every time this argument comes up, someone tries using that line of logic. The fact is, though, that even though your actions were stupid, the burglar broke the law.
Re:ridiculous (Score:5, Insightful)
Re:ridiculous (Score:5, Insightful)
Otherwise, please give me your full name and ssn. I promise I wont do anything with it.
high schools are resource-constrained (Score:4, Insightful)
From my experiences doing pro-bono work at four different high schools, I'd say that most of them barely have the capability to deal with the most rudimentary data management tasks. I'm not saying this to be dismissive of schools or the people who work there, but they are in many cases so short on human and technology resources that creating and managing unique IDs for each student isn't something that would even cross their minds.
The SSN is, as you mentioned, the knee-jerk instant universal ID number precisely because it requires no extra effort. This is not a good situation, but it has come about because there is no compelling reason (that many institutions can see) to devote extra time and effort to coming up with alternate ID schemes for schools.
Re:ridiculous (Score:3, Insightful)
Bullshit. If they can't properly secure their student's sensitive information (such as SSN's) then they shouldn't be storing it. Or they should store it on paper only, in a vault. I never fully understood why my high school needed my SSN anyway, and now that I see things like this happening I'm tempted to go back and make sure they don't still have it lying around.
It's one thing to be nonchalant with your employees information (though I'm not a fan of that either)...employees generally have a viable option (work somewhere else). Students generally have no choice as to what school they attend...they're going where their parents send them. Maybe they can drop out at 16, but by then their SSN could be stolen. There's a great way to start life...a high-school dropout AND identity theft victim to boot!
Re:ridiculous (Score:4, Insightful)
As for businesses, what about all the exploits they don't fix or check for because their software is "good enough"?
Re:ridiculous (Score:4, Insightful)
How about an analogy that doesn't involve a gun to the face?
Re:Anonymous snail mail to IT admins... (Score:2, Insightful)
Twisted logic: (Score:2, Insightful)
Re:ridiculous (Score:0, Insightful)
Re:ridiculous (Score:3, Insightful)
How about an analogy that doesn't involve a gun to the face?
You sneak into your neighbor's fenced and gated backyard and, through a window only visible from the backyard, watch her undress without her knowledge or consent.
Cover up (Score:5, Insightful)
The truth is the lazy, idle and incompetent always prefer the cover up to the fix. Whether it is the Roman Catholic church and child abuse, torture at Guantanamo Bay, or security holes, the people in charge will conceal rather than cure. Two examples from my own career:
I was once asked to investigate the apparent failure of an automated component test system. Eventually a review of the hardware and software left the only option as being that the production personnel were deliberately falsifying results and passing rejected batches. Result: three senior managers demanding I be sacked. Fortunately at this point we acquired a new CEO who had several clues. One manager was fired, one left of his own accord and the other was downgraded. But customer confidence had been eroded and the plant eventually had to be shut down. The second example was less exciting: a production director who resisted for years the introduction of statistical process control because it would make clear where systems were failing.
I'm sure many of us have similar examples. It is not in fact important what the motivation of the whistle blower is, we need to change the culture to one in which the response is "Fix it", not "shoot the messenger". With hindsight, we may one day conclude that the tradition of open bug fixing is FOSS is its greatest social legacy.
Re:it's all about trust folks (Score:3, Insightful)
That said, someone getting yelled at by the boss seems very likely here...
Re:it's all about trust folks (Score:5, Insightful)
The difference for the students is the one between numbers and people.
For the school board (or however you're organized over there), there is a case of '500 SSN's got leaked, oh well.. the bad publicity will cost us less than hiring competent people'.
For the students it's, 'holy shit, they're practically giving away our SSN's, I don't want my bank-account suddenly emptied'
The victims have an inherit motivation in not becoming fucked over. The overseer's main motivation is not being yelled at.
Re:ridiculous (Score:3, Insightful)
[/quote]
yes it is. Try putting cameras up in a bathroom or changing room or pointing into someone's windows. try tapping someone's phone line.
[quote]My SSN is all over the fucking place. In the hands of my mortgage company, my bank, hell, the university where I attended school used it as our Student IDs, so they were all over professor's roll sheets which I
[/quote]
You realize that:
1) That number was given voluntarily by you every time
2) That had you requested it, by law they must provide you with an ID number to use in lieu of an SSN
Keyword : Hope (Score:3, Insightful)
This is the stem of all security problems.
If you DO blow the whistle, unless you have some SERIOUS clout behind you, chances are most people aren't going to listen to you. (See: Microsoft).
If you DON'T blow the whistle, do nothing and have a vested interest in the company/school then you risk having your money/time lost due to SOMEONE ELSE taking advantage of a flaw you knew about.
If you DO blow the whistle and try to gather attention to it by TAKING ADVANTAGE of the exploit, you SERIOUSLY risk being arrested yourself. (White hackers, black hackers, its all the same in the eyes of the uneducated masses!)
Etc, etc, etc. The list of what you can do and how ineffective it will ultimately be goes on. You can't go public or they slam you for trying to ruin their reputation. You can't go directly to the people cause they ignore you. You can't 'white hacker' them cause they slam you anyway. You can't ask for advice on Slashdot cause Slashdot is a wide, niche audience and is largely ineffective due to city/state/nation/international law differences. Its damned if you do, damned if you don't, damned if you ask for help and damned if you do nothing about it.
Re:ridiculous (Score:3, Insightful)
Approach the business saying you provide a service. If they say thanks but no thanks move along and take salacious glee in the fact that they may get comeuppance one day.
Re:Dumbasses..... (Score:2, Insightful)
I was sitting in class one day (I am a High School Senior) and talking with a bunch of my friends. I don't remember the exact context, but I mentioned something about Social Security Numbers (the context possibly being college). I was mostly shocked to find the conversation switching to my group of friends telling each other the numbers and comparing them for similarity and silliness. If I had wanted to, I would have had 5-7 SSNs for which to use as I saw fit. What's especially scary is how easy it would have been.
Re:ridiculous (Score:5, Insightful)
You'd think that would be the case. Unfortunately, the answer is no.
From this article [epic.org]:
What I find interesting that no one seems to be questioning why a high school needs to have the students SSN in the first place. Personally, I think that the administrator that made the decision to put SSN's into a (now proven) vulnerable database should get at least the same punishment as the students who cracked it. And if they are using products that are known to have weak security, they should get double. Why was this database even connected to the net, anyhow? Honestly, the real crime here is the lackadaisical handling of such sensitive information, when there is no good reason for them to have students SSN's in the first place.
Re:it's all about trust folks (Score:3, Insightful)
to put it another way, the average joe doesn't care how technologically sophisticated the security is on their SSNs. the average joe just cares if THERE IS SOME ACCOUNTABILITY. so the SSNs could be on a text file on webserver, they don't care. the question si: is someone's job on the line for the theft? the average joe understands this concept: someone will suffer if my identity is stolen. there fore, someone out there is motivated to protect me.
I guess I have to disagree with this. The average joe only cares about feeling that his data is safe. Accountability is bullshit. I guarantee you if the insecurity (and consequences of that insecurity) was easily understandable by the average joe, he'd be up in arms that the gaurdians of his information are incompetent fools.
The thing is that the technological nature of the insecurity is what masks it. If the average joe can't really understand why it's insecure, the feeling of insecurity never really registers very deeply.
I'll give an example. Let's say Average Joe's bank didn't lock the doors at night because they didn't think it was necessary. Well.. heads will fly if Average Joe finds out about this. It's blatantly obvious that not locking doors at night as a bank is bleedingly stupid. It's also obvious to Average Joe that his money not being robbed from the bank is important. The news that someone will get in trouble for "not being accountable" isn't really very comforting to Average Joe.
Let's say in the same bank scenario two bank customers realize the dumb practice of the bank and want to "teach them a lesson". They go into the bank, take the money and bury it in an empy lot somewhere. They then leave the bank a note saying where the money is. Have the bank customers commited a crime? Certainly. Have they also done some kind of service for other bank customers by showing how insecure their money is? Probbably. What's the balance between the two? Very difficult to say. It seems the same way in this case. The difference between Average Joe and Average Slashdotter in this case is only that Average Slashdotter understands that this is like leaving a door open.
I think there are people who do care about accountability. Mostly these people are the ones setting up procedures within large organizations. That's fine, accountability is a decent way to attempt to get actual security. But let's not forget that the real goal is the actual security, not having someone to blame at the end of the day.
The media is slow... (Score:2, Insightful)
Re:ridiculous (Score:5, Insightful)
Come on, it's not about power. The school system certainly doesn't like it being known that the information they keep about their students and staff is vulnerable to theft and manipulation - it doesn't matter who can do it. Students would presumably be the ones with most to gain by hacking their records, but identity theft is arguably a bigger threat when it comes to employment records and other data on the faculty.
But it's much more likely that a student will be bored enough, have enough time, and be allowed to physically have access to a machine on (or plug a machine into) the local network - so of course that's where the friction is going to be. And, since so many students imagine themselves to be in an adversarial relationship with the teachers, the staff has to be prepared to react accordingly. It's not about not liking a student having more "power," it's about not liking a student screwing around with sensitive data. High school students are notoriously lacking in almost any sort of judgement, and routinely fail to think through the consequences of their actions. This is often more true of the geek set, pleased as they are with their high IQ and skills, and distracted as they are from the daily tribulations of "normal" people (like teachers trying to maintain a career, health insurance, and a credit rating on next to no income).
And, of course, the odds that the staff of a particular high school have themselves chosen the network infrastructure, software, security model, and so on, upon which their daily system-based activities depend - pretty slim. But they've got to live with it, and when they catch a student deliberately breaking in, of course they're defensive. Hell, a student could also very easily break out a window of a science classroom to show that a determined thief could easily steal a microscope, what with the staff's ridiculous choice of obviously inferior mere glass as a deterrent. That doesn't make the staff power-obsessed when they bust on a student for putting that brick through the window.
Re:ridiculous (Score:3, Insightful)
Re:More about saving face (was:Dumbasses.....) (Score:3, Insightful)
My teachers liked me. I learned what they were teaching and looked like I would go on to be a useful member of society. Maybe I didn't need them like the other students did, but I never held it against them in any way. I showed up and paid attention.
It has little to do with intelligence, and a ton to do with attitude. If you are a dick, it doesn't matter how smart you are. I don't know you, and therefore I won't try to evaluate your personality, but I have to question why you went to this school if it wasn't going to challenge you. Did you 6-day that class just to prove you could, or to show that the class was pointless, or to show that you were smarter, or because you weren't interested in it and figured that was the easiest way out? For classes that interested you, did you show up and study, or did you skip those too, because you could pass without doing anything? Arrogance is unbecoming.
Re:ridiculous (Score:4, Insightful)
Which means that you should take option three: Do nothing and let it blow up on the admins face. After all, if you warn them, and they do nothing, and it blows up on their faces, they have a scapegoat to blame for their incompetence: you.
Why risk anything for your school / workplace / country ? You don't owe them anything, and they certainly won't hesitate for a second if screwing you over ever becomes profitable for them.
If you absolutely have to warn them, do so in such a way that your identity can't be confirmed. If they ignore anonymous warnings, it's their problem, not yours.
Re:More about saving face (was:Dumbasses.....) (Score:3, Insightful)
It is truely funny how age sometimes diminishes this attitude.
Growing up, I always knew I was 'smarter' than others, and even when I was tested I knew +3SD meant that I was smarter that 99% of the rest of the kids (atually only ~.3% are smarter than you at this point, +2 only give you advantage over 95%).
I got into a lot of physical fights with my 'peers' (the quotes are as envisioning the past) and I had a lot of verbal fights with my instructors. I thought both were idiots and I didn't feel the need to hide my contempt.
But guess what? I had no clue about the real world. I could figure out facts and statistics, but I had no clue how this related to anything at hand. I'd blame the others around me for being jealous or threatened. Some of the students felt threatened because I was a big guy, I am now 6"3 before I put on my redwings...and while I didn't like to fight, I didn't back down and I didn't stop til the other guy was on the floor. Teachers? I made sure I learned everything I needed to prove that I was smarter so that I could correct their laymans explanations in class. Sure, we are studying at grade school education, but fucking shit, I expected the instructor to explain it to us as if we were postdoctoral students, even though I was probably the only one that had knowledge of this subject.
Like you, I can make 85% in courses without trying. After a dozen other failed degrees (I'd get bored...eventually settled for gen ed degree as I had the credit hours), I am working on a degree in psychology and its amazing that my peers study like motherfuckers and yet with only picking up the book midsemmester for an hour, I came off just under 2 points from a friend that is working on his masters as well -- everytime I call him to see if he and his girlfriend wants to go for drinks on the weekend, its generally just me and her because he is too busy studying.
The one thing I am learning in my jaunt in psychology is that very few understand the 'gifted'. The population just can't support it. We are on our own.
What would I have done differently? I would have not assumed I knew the answers, even if I did, but would have learned to ask less pointed, better questions. I would have learned to understand others takes on the world. I would have learned that the facts do not always make up the truth and vice versa. I would have learned individual experience is far more important than the end.
Who wants to teach someone who already thinks they know the answers? That should be your end statement. It sounds as though you haven't come to the conclusion that you aren't the shiniest apple in your basket yet? You might have in the past, but there will always be someone better and a bushel where you are only average. I place myself into situations like this all the time. I don't want to be the smartest because I will never learn. I surround myself by folks much smarter and I challenge myself even though I don't get what they are saying half the time -- and once I do, I find another peer group.
No one killed your inner spirt but yourself. Stop blaming others and get on with life. If you aren't challenged, that is your fault. Stop being the picked on geek because a lot of us have been there and we got over it. Some of us never get over it...don't be one of those people because they you will have proven that the others were right and you were wrong.
By the by, the one area I was never great in was grammar or spelling as noted by this post.
Re:More about saving face (was:Dumbasses.....) (Score:3, Insightful)
Obviously didn't major in English.
As a teaching assistant at university for two years and as a part time trainer and "mentor" every since, I can tell you I much prefer to have students who get what I'm saying.
I got over 85% for courses that I did little study for and just scraped passes in courses I spent a lot of time working on. Some of the courses that most people I knew found easy I found difficult, some of the courses most people found difficult I found easy.
Your ability to get a good grade in one course does not make you particularly intelligent. Your apparent inability to realise you sound like a fool boasting about getting one good grade makes me think that you perhaps don't have a well rounded intelligence anyway.
I got a few stunningly good grades and a few stunningly bad grades. I beat a friend of mine in an exam once and she went on to get the highest GPA of anyone graduating from the entire university that year. Do I think I'm more intelligent than her? Of course not.
"The government does not do enought to help "gifted" students. By grade 4, i had learned to shut up and stay put. They killed my inner spirit."
Poor baby. I'm not normally a fascist like this but you need to get over it and realise that you aren't as smart as you think you are.
Comment removed (Score:3, Insightful)
Lessons NOT learned (Score:3, Insightful)
If they were smart about it (and they have to be somewhat smart to do this) they could have spoken to their principal/advisor and gotten sanctions to do this - potentially earning some kind of HS credit or an award from the the school.
Re:More about saving face (was:Dumbasses.....) (Score:3, Insightful)
Still Illegal (Score:3, Insightful)
They could have done a little to cover their butts, like notifing a teacher ( anonymously ) about the intended act so there was foreknowledge they meant nothing about it, or even going to the principle and telling him the system was insecure and that they'd like to prove it.
Re:ridiculous (Score:3, Insightful)
We're not talking about infringing on someone's copyrights here... we're talking about unlawful access to and use of a system, which is treated just like trespass and theft for a reason. Having a legal copy of media, and doing something illegal with it (such as giving it to 1000 people) is infringing. And even though that's every bit as bad a stealing something physically if the assigner of the copyright doesn't want you to do it, it's handled differently than theft. But when the person has their hands on something (like faculty social security numbers and private information) that they had no permission to access, they're in completely different territory.
Those are separate points though: my analogy was intended to illustrate the absurdity of claiming a get-out-of-jail-free-card just because (after getting caught) the crackers said they were exposing a vulnerability. You could make the same argument about picking the lock on a teachers car door, or (by any means) gaining access to something or someplace you're not supposed to be. And that makes the argument BS. It's even more BS when you take something (which, Gee!, they claim to have later deleted) to somehow prove your point. Except, they weren't planning on making a point - because they weren't planning on getting caught.
Breaking through the security on the school's IT system, or breaking through a lock on the office's doors, are the same thing. Getting caught should result in the same thing. When a student notices an unlocked door to an A/V storage room... are they doing the right thing when they tell a school official, or are they doing the right thing when they grab a laptop and a video projector and stay quiet, claiming later, when someone discovers the loss (and their fingerprints) that they were being good citizens and helping the school see a vulnerability? If you go to a lot of trouble to split hairs over the granularity of this analogy, rather than simply seeing the basic ethical truth of it... then you're just exercising that part of your brain that makes you feel better about pirating music. That's my guess, anyway, Mr. Anonymous Coward.
Re:ridiculous (Score:3, Insightful)
If you do not receive permission do nothing.
And leave the problems intact until they screw others and perhaps you as well.
With a CYA attitude like yours, you really should work for the government.
Granted, that's the way to stay out of trouble, but sometimes getting things done requires risking some trouble. I'm speaking in the abstract here, not necessarily referring to these kids.