digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

Hackers change grades at Texas high school

chron.com — Four high school students are being investigated on suspicion of breaking into the Fort Bend Independent School District's computer network and changing the grades of at least 60 students. Investigators estimated the financial loss to the school district at more than $190,000, making the case a possible felony...

Bury
show profanity settings
expand all
  • Stevanoski, on 05/04/2008, -9/+18Should be a guarantee to TSI (vocational college)
  • LewP, on 05/04/2008, -5/+22Or TSTC (Texas State Technical College)
    • strangewill, on 05/04/2008, -0/+13Considering the security of most school technology, I'd say no.

      I worked at a high school for about a year and a half, was practically in constant horror of how badly the network was run, alas I was under not only the entire technical staff, but had administration on my ass because I was the youngest technical guy on staff (they had bad experiences before). I eventually quit.

      Frankly, anyone with 15 minutes Google time and a bug up their ass to start trouble can probably bring down your typical high school network.
    • kd5ftn, on 05/04/2008, -0/+8or Huntsville (state prison)
  • MrZop, on 05/04/2008, -6/+88Hack The Planet!
    • PHiZ187, on 05/04/2008, -18/+4Plack the Hanet.
      • Gonasadude, on 05/04/2008, -14/+4why.... o why did I LoL at that?
    • Murdats, on 05/04/2008, -0/+16Hack the Gibson!
      • doritoclock, on 05/04/2008, -0/+14You cant hack a bank across state lines or you'll get nailed by the FBI! Where are your brains, IN YOUR ASS?
      • pault107, on 05/04/2008, -3/+3*****.
        • rompom7, on 05/04/2008, -1/+22Way to steal my display icon.
          • TheKrillr, on 05/04/2008, -2/+15Way to display my steal icon.
          • zeusthemoose, on 05/04/2008, -0/+10Way to icon my display steal.
          • pault107, on 05/04/2008, -0/+2Yeah, I did 'steal' it a few months back when you made the exact same comment to someone else that had 'stolen' your icon. I did it to ***** you off.
          • zeusthemoose, on 05/05/2008, -0/+1
            win
          • rompom7, on 05/05/2008, -0/+1Great, now everyone will be doing it.
      • zeusthemoose, on 05/04/2008, -1/+2Password: GOD
      • destron, on 05/04/2008, -1/+1Dammit, you beat me to it! Very angry face. >:-(
    • MattSkiX13, on 05/04/2008, -0/+2They're trashing our rights! TRASHING!!!
    • ligyron, on 05/04/2008, -0/+5So they hacked their gymnastics grades from F's to A's, and their mathematics grades from A's to A+'s?
  • hippykiller, on 05/04/2008, -3/+269$190,000 what the hell...?
    • Ryan166, on 05/04/2008, -3/+981. Change high school grades.
      2. ?
      3. Lose a ***** ton of money.
      • thirteenthcor, on 05/04/2008, -0/+7isn't that loss of the second step the entire Texas independent school districts' way of getting money for anything that happens? Hey, we NEED that money for our little football *****, and can't be bothered to invest our hard earned stolen property tax money in actual ACADEMIC areas of Education. Round Rock ISD built a almost 4 MILLION dollar football stadium... when they need renovations on their 40 year old math,science, and art buildings... including basic ***** supplies....

        ***** the ISD's!!

        got my ass out of there as fast as I could. *phew*
      • doshindude, on 05/04/2008, -0/+34. Profit?
        Guess not.
        • stuffradio, on 05/06/2008, -0/+1For the students that had their grades changed... yes :)
    • Devrdander, on 05/04/2008, -0/+42I wouldn't be surprised if they are doing a full paper audit to verify all test scores, requiring hundreds of hours of teachers across the entire districts to verify scores. Maybe even re-enter the data. Unless you can verify exactly when they first gained access you dont know how far back it goes.
      • Tenlow, on 05/04/2008, -10/+5Yes, looking at a few pieces of paper, also known as "teachers doing their jobs" is a financial loss for the school district.
      • fakkedap, on 05/04/2008, -4/+1Nevermind, someone commented this below anyway. Digg down.
      • strangewill, on 05/04/2008, -1/+8Actually if the school's technology isn't COMPLETE *****, they're throwing tape drives in machines and restoring a backup overnight.

        We had hard drive failures before and would lose years of work, restoring them only took a day or two. (Don't ask me why they weren't on a steady RAID, wasn't my system).
        • yunus, on 05/04/2008, -0/+3If they have to go back months then they still have to reenter months worth of grades.
          • strangewill, on 05/04/2008, -0/+1Typically you do backups more often than that, and especially after final grades are put into the system.
        • Devrdander, on 05/04/2008, -0/+1tapes wont do an audit for you of data entered daily for the last semester...
      • yunus, on 05/04/2008, -1/+7My wife is a teacher and if something like this happened in her district she would not be paid overtime or anything extra. It would just be a suck it up and do it sorta thing. Which if they are using teacher costs to inflate the price of this crime seems wrong unless the teachers are actually paid for the extra time they put into this.
        190,000 does not seem crazy if they decided to implement a new system because the previous one was insecure. Although clearly not all the financial burden should be placed on the hackers since the school system did not properly secure their system.
        • xkorbin, on 05/04/2008, -0/+6I don't believe any of the hackers should be associated with the costs of securing the network. Blame the victim? Possibly. But their system was flawed, and it is not the hackers' responsibility to fix it.
          • yunus, on 05/05/2008, -0/+1I can see your point. If a company has a front door with no lock on it, vandals should be held responsible for any damage they cause inside the building but not for replacing the front door with a locking version. In this case that means restoring backup tapes or having teachers verify grades. The $190,000 was probably a number pulled out of thin air by some school official who counts the time. I'm sure the courts or lawyers of the defendants will require a more itemized bill to show where the hell they got the number.
    • madeingermany, on 05/04/2008, -1/+14"but the documents do not explain how officials arrived at that figure."
    • jdepp, on 05/04/2008, -0/+18This is the headmaster trying not to loose his job over choosing password="password" --> trump up the charges.
    • toastgodsupreme, on 05/04/2008, -2/+31Obviously an inflated cost.

      4 schools affected, some grade books lost.

      Now, assuming the IT dept has only half their head up their ass, that means sequential backups were kept. Teachers didn't have to reenter much. Story says the data was recovered, so I assume what I just said is true. I don't see any additional cost there. Just the IT people doing what they're paid to do normally.

      Says the investigation began March 7. For easy math, let's say it started March 1, and ended May 1. 60 days. Remember, I just gave the investigation 6 extra days, AND said the investigation ended only 3 days before the story aired (SOOOOOOO unlikely since police charges have been filed, etc).

      60 days. of investigation. Estimated financial loss is $190,000. That means the district spent $3166 A DAY investigating this.

      Excuse me? And I was generous with the figures (in the district's favor).

      Ok, let's say we had 4 investigators working the entire 60 days. 12 hours a day. These 4 investigators were earning $66 an hour ($132 an hour for 2 investigators).

      Really?

      It couldn't have been that hard to trace all this. Assuming the IT staff had any knowledge at all about network security.

      HAHAHAHAHAHAHA

      The kids were dumb for leaving a trail and not using public internet access points.

      The school is dumb for trying to get that kind of money out of these people and trump up charges.

      The IT people are dumb for letting this happen (my guess is, one of the kids bragged to a friend, the friend told someone else, who told a teacher who told the principal and got the IT dept looking for problems... THAT'S HOW IT ALWAYS HAPPENS, lol).
    • computerusr, on 05/04/2008, -1/+2Your comment very appropriately has 190 diggs.
  • xkorbin, on 05/04/2008, -6/+325And this is a financial loss how? They decline to state how this six figure number is even generated.
    • dubloe7, on 05/04/2008, -0/+78I was wondering that myself, according to the article:
      'The investigation also estimates the financial loss to the school district at $191,400, but the documents do not explain how officials arrived at that figure.'
      • redfox2600, on 05/04/2008, -1/+29That easy, it's the cost of the alcohol they bought when they where drafting up the network security protocols.
      • strangewill, on 05/04/2008, -0/+18Actually at my place of ex-employment at a high school, we had some ex-technical staff get in trouble for accessing a part of the network that they weren't authorized to show other people (Alas, they were top-level administration, so they HAD access to this material). They were sued for some $10,000 for "security costs", which amounted to absolutely nothing. One of the techs took it, the other fought it, I don't know how that turned out.

        It was a figure pulled completely from their ass.
        • eliot2000, on 05/04/2008, -0/+11for $191,000, they're probably planning to call the students back and call the semester a do-over.
    • schuder, on 05/04/2008, -1/+65Cause having teachers reenter grades for students clearly is worth $190,000 of their time... Wow our schools suck something fierce.
      • mcphatty, on 05/04/2008, -0/+10by these figures, teachers are clearly one of the higher paid professionals
        • schuder, on 05/04/2008, -0/+2Not only that, my brother is a teacher and he is probably above the average cut (many teachers fail state exams multiple times and he passed first tests with flying colors), yet he doesn't have a lot of general knowledge which is scary. He was teaching English law in relation to the Magna Carta in a history class and doesn't even know that England/Britain doesn't have a written constitution.
          Plus take their salary and increase it by at least 25% they only work 9 months a year and get huge breaks off for Christmas, Thanksgiving, and usually multiple breaks in the spring.
    • Virgule, on 05/04/2008, -0/+30My thought exactly. HOW can this possibly cost 190,000$ !?!??
    • sinrtb, on 05/04/2008, -0/+55maybe because the code was so sloppy and ridden with bugs and security holes that the whole system had to be rebuilt from scratch and of course thats the fault of the kids and not the school district.
      • e2superman, on 05/04/2008, -0/+13 guess that is probably not as bad as you think. I work at a Defense Company (Engineering) and we bill out our time to our customers at about $200/hour (this rolls up profit, overhead, etc). If you consider that then the 190k is about 6 man months of work (one person working 6 months 40 hours a week). If they put three people full time on this then that is 2 months for 3 people full time. Welcome to corporate america (land of the overpaid).
        • strangewill, on 05/04/2008, -0/+12But the responsibility of a secure system lies on the shoulders of the school. The kids can pay for damages, but not for a whole new form of security.
          Not to mention, no school should have a $200k system, they can get MUCH cheaper.
        • sporg, on 05/04/2008, -0/+4Why did you post this same comment like four times?
    • shadowmoose, on 05/04/2008, -14/+3It costs time and money to hunt these people down, fix the problems, data recovery, and then there is the cost of fixing the holes in the network ect... Things can add up quickly.
      • sostoudt, on 05/04/2008, -2/+4i thought we pay taxs so the police find these people as part of there job. and data recovery would be teachers just reentering grades from there grade book,and the whole in the network just put up a fire wall. these are high school students not kevin mitnick i doubt the servers had barely any security at all. 190,000 just doesnt add up
    • SPThom, on 05/04/2008, -9/+9$190,000 is chump change for a school district that size. I see two money sinks here: teachers and front-office staff will probably be auditing grades, possibly even going back to previous years to look for other incidents; and tech support will be cleaning and hardening workstations, removing keyloggers & what not. Fort Bend employs 9000 people, and my guess is they maintain around 10-15,000 workstations, so that's a lot of overtime.
      • zeusthemoose, on 05/04/2008, -1/+8Oh really??? You know, any IT department that has half a brain makes regular backups of all the data in the event of catastrophic data failure or some other unforeseen event that results in data loss. In order to audit for grade changes all you do is go back several years to before the incident happened, and diff the databases. Then keep going forward in time until you come to present and you will be able to filter out everything besides the changes that were made. I am sure this is how they discovered the changes and this process would take a couple of days tops (depending on the speed of the servers and size of the databases). Then all you would need to do is a paper audit of the 60 or so students who had their grade changed. Again this wouldn't take long at all. In total you would most likely have 3-5 people working on this for a week or so.
        To fix the workstations, you just make a new image and xcopy. This is a very fast process that involves booting off a boot disk, and running the xcopy command. All you have to do is wait. No overtime involved.
        The $190,000 figure is blown way out of proportion, and its that high just because they can and they want to teach the parents of these students a lesson (as the school district will most likely attempt to recover damages from the parents and screw their lives over). They blew that figure up by trying to claim that since their systems were compromised, they will need an entire redesign of their software (instead of just patching the holes) and other unnecessary repairs or consulting fees.
        • WilliamDavis, on 05/04/2008, -1/+2You seem to know a lot about this. Do you work in the school lunchroom or something?
          • strangewill, on 05/04/2008, -0/+1I'll back him up on a lot of this, being as I did work in a high school IT department.
            I ran a small sub-network of some 12 machines and two servers for a high-end technical room, too bad it was never put to full use and I quit.

            Typically we could ghost a network overnight, I would do it in 45 minutes in my room (from prep to machines up and running, and I didn't even network boot, I ran around with a floppy disk, and this was all being done from our mutli-use DNS, DHCP, DC, Fileserver, etc.).
            Any system worth the time to implement should have a system for auditing built in, and database diff comparisons shouldn't even be needed.
            However, I did have a private consultant that charged up the ass to do work, he even came to me and wanted me to show him how to install PHP on a Windows server so he could charge the school to copy what I did, I obviously never got back to him.

            The number is ***** as far as actual costs go.
        • SPThom, on 05/08/2008, -0/+1You've got a great technical argument, but you can't JUST think ones and zeroes.

          It's a school district with tens of thousands of students. There are legitimate, teacher-initiated grade changes ALL THE TIME. Depending on the granularity of data being tracked (are we talking quarterly grades or individual assignments?) there could be either hundreds, or thousands upon thousands of grade changes to sift through.
    • PopcornDave, on 05/04/2008, -1/+10Seems pretty simple really. That's apparently the threshold to charge the defendents with a felony rather than a misdemeanor. God forbid that they get these kids to show them *exactly* how they were able to break in to the system in the first place.
    • haikuFU, on 05/04/2008, -1/+5Well, it's arguable that because of the breach in security, they need to hire someone to come in a fix the holes, and perform forensics to see exactly what happened. I do this sort of incident response for a living, and it costs companies anywhere from $200-400/hr for me. And if it's a big job, I bring co-workers. You can hit $200k pretty fast.
      • Lythium, on 05/04/2008, -1/+5But as someone already pointed out, that is not the kids' responsibility.... the cost is incurred not because of their direct action, but because the system was badly designed to begin with. In other words, this is not something the students caused; it's just something they exploited.
    • Hydroseeds, on 05/04/2008, -0/+1And don't forget lawsuits!
    • heucuva, on 05/04/2008, -0/+0It's the cost of hiring a full-time network security administrator, new hardware to provide security, and a new suite of security applications and database packages, and new training for all their employees.

      In other words, they are taking the weaselly way out and blaming their own ineptitude and laziness on the people who pointed it out to them.
  • 1337jared, on 05/04/2008, -4/+99Anyone know how they figured the $190,000 loss?
    • JesusFaction, on 05/04/2008, -3/+14"The investigation also estimates the financial loss to the school district at $191,400, but the documents do not explain how officials arrived at that figure."
      • u8myfoood, on 05/04/2008, -5/+19Well, $7.50 an hour to hire a receptionist, or secretary to retype in the proper grades, for about 2 hours, that leaves another $191,385.
        But you have to figure in the cost of the new 3 top of the line GMC Yukon Denali XLs plus the cost of gas, to transport the officials to the school to investigate...
        yup sounds about right to me... good old government =]

        /sarcasm
        • Bilabrin, on 05/04/2008, -1/+6I have no idea why you're getting dugg down. Maybe for the /sarcasm at the end because you're not too far off.
        • Lythium, on 05/04/2008, -0/+3I seriously doubt they'd hire extra people to do this - in my experience, any extra ***** just gets dumped on the existing personnel's desk and they squeeze it in between their "regular" duties, during regular work hours. So where's the cost coming from again?
      • e2superman, on 05/04/2008, -0/+3 guess that is probably not as bad as you think. I work at a Defense Company (Engineering) and we bill out our time to our customers at about $200/hour (this rolls up profit, overhead, etc). If you consider that then the 190k is about 6 man months of work (one person working 6 months 40 hours a week). If they put three people full time on this then that is 2 months for 3 people full time. Welcome to corporate america (land of the overpaid).
    • IanPR, on 05/04/2008, -5/+15Because paying people $190,000 to grab the backup tape is MANDITORY.
      • darkmist, on 05/04/2008, -0/+13The fatal flaw in your thought process is that the school would have the foresight to backup their data. Your forgetting they got "hacked" becuase of a keylogger :-/
    • MtheoryX, on 05/04/2008, -0/+4Because that's coincidently the threshold, apparently, for a felony charge; it has nothing to do with the actual financial loss.
    • jppott, on 05/04/2008, -0/+1I would imagine it has something to do with how much it costs the taxpayers for someone to go to school. In essence if their grades are not accurate then our taxpayers dollars are wasted on a years worth of education...
  • Celeron, on 05/04/2008, -7/+116$190,000? A bit of a stretch don't you think?
    • e2superman, on 05/04/2008, -10/+2 guess that is probably not as bad as you think. I work at a Defense Company (Engineering) and we bill out our time to our customers at about $200/hour (this rolls up profit, overhead, etc). If you consider that then the 190k is about 6 man months of work (one person working 6 months 40 hours a week). If they put three people full time on this then that is 2 months for 3 people full time. Welcome to corporate america (land of the overpaid).
      • jp12380, on 05/04/2008, -1/+3Ok them having to redo security is not a financial loss CAUSED by the students. This is garbage.
        • 1timeuser, on 05/04/2008, -0/+3I agree. If a group of kids was able to hack it then obviously they needed to spend that money to beef up security in the first place.
  • Gonasadude, on 05/04/2008, -10/+222How in the world does changing 60 grades add up to $190,000?

    OH NOEZ! THEY MODIFIED A FILE! THATS $3166.67 per student!.. what idiots.
    • daEvan, on 05/04/2008, -21/+4when I went to digg this it was at 6. then it went to 16...
      • Gonasadude, on 05/04/2008, -5/+5What went to 16?
      • mphree, on 05/04/2008, -0/+11I think you might need to take into account the amount of people that dugg it between you loading the Digg page and it refreshing the number after you dugg it.
        • Philbert, on 05/04/2008, -0/+3Yes Like sometimes when I digg a comment up the number stays the same or goes down, because while I was reading the page other people were digging the comment down.
      • xkorbin, on 05/04/2008, -0/+3when I went to digg you down you were at -10, but by the time someone reads this you will probably be at -20
    • link470, on 05/04/2008, -0/+18Wow, I'm a Network Security Analyst for a school district, and not only did the students modify a file and cause the district to "lose money".
      "Officials said all data had been recovered."

      Wow, like magic, no money lost! Oh wait, sorry. 79 bucks for GetDataBack for NTFS. [Unless they just recovered from a backup which they should have done anyway.
  • badave, on 05/04/2008, -4/+72How did they arrive at $190,000 in damages?
    • sljepi, on 05/04/2008, -2/+48They pulled it out of their assess. $190,000 Sounds much better than $0.
    • Bilabrin, on 05/04/2008, -0/+3Becuas they have a scapegoat and they love them some goatmilk (goatmilk is made from gov't cheese, a little backwards but we're talking about government here)
    • lateralus, on 05/05/2008, -0/+1Easy. The hackers also manipulated the damage estimate. Think about it.
  • bluvapor, on 05/04/2008, -21/+11It's not hacking when the software used can be used easily by the students. Why not take the opportunity when given one?

    1) teacher steps out leaving computer logged in
    2) ???
    3) PROFIT!
  • an0nflux, on 05/04/2008, -1/+58I used to be a tech for my highschool. The principal's password for the Novell Client was "peter", aka her husband's name. With that, you can change grades, bell schedules, meetings, student information, attendance records, etc.
    • LemmingJesus, on 05/04/2008, -0/+40I was an intern for our technical school and that about sums up all the teacher passwords.
      • slickstar, on 05/04/2008, -10/+1O K T H E N
        • TheKrillr, on 05/04/2008, -0/+7thanks for your password. i see you have about $3k in your checking account. i took some. hope you dont mind.
    • slickstar, on 05/04/2008, -22/+2dude, we dont care.
      • thirteenthcor, on 05/04/2008, -0/+5the place to not care is in the classroom... not here! here everyones' word has the ability to be heard, and ill be damned if i wont be vocal about someone deciding its their right to suppress or attempt to suppress knowledge in ANY form.

        you sir, are a *****.
    • ross., on 05/04/2008, -0/+31When I was in High School (a good 6 years ago), all teachers shared a single login. Username: Teachers, Password: Students.
      It took them months to figure out we could admin all the computers.
    • phraud, on 05/04/2008, -0/+13Back in 1999, I 'hacked' my board of educations FTP server by stealing the /etc/passwd file and cracking as many passwords as possible. Almost every teacher, and every administrator position had the default password of 'school.' When I presented the password list to the main administrator from the school board, they couldn't believe that they were able to be hacked so easily. I spoke to a school board tech a few weeks ago. The default password that all teachers are assign is still, to this day, 'school.'
    • link470, on 05/04/2008, -0/+7I hear ya. I work as a Network Security Analyst currently in a school district as I stated above in a post but also worked downtown at a security office for a bit. I may be only 20 but what shocked me when I got the job there was reviewing this companies security policy. Each user was an Administrator, and their password was the first name. John Howard. Password: John. [Naming convention the same for all users in building, including Domain Administrator, needless to say, I changed that].
    • Philbert, on 05/04/2008, -7/+2But can you make sure you're in the same classes with Angelina Jolie?
    • psykiv, on 05/04/2008, -0/+3I used to work as a webmaster for a department of a major university. Let's just say that their permissions were so messed up that with just one login, I could change EVERYONES files. So with the login for my department, all I had to do was go up one directory, then go to a professor I hated directory, and I could change their stuff (yes, i had read write execute access, i tried it)

      I never did anything too stupid though, I don't know if they log this kind of stuff or not.
      Thankfully the computer science department had everything independent from the rest of the school. They actually knew how to set permissions.
      • phybere, on 05/04/2008, -0/+1I think this is common. In the computer science department at the university I attend, they used to create student folders with universally readable permissions. If anyone ever had problems getting some code to work, they could just check everyone else's in the class...

        They've fixed the problem since then, but I still can't believe how incompetent they were.
        • psykiv, on 05/05/2008, -0/+1Read is one thing. Read/write/execute is something completely different.
    • Awsomo6, on 05/04/2008, -1/+1My brother's friend hacked into the computers at his high school. The password to the admin for the entire school district was.... district
      I think the surprising number of diggers with similar stories just shows how sad school computer security is... lol
    • nevermind13, on 05/04/2008, -2/+0This isn't surprising. Many schools are underfunded. If they can't buy books and items for the classroom you can hardly expect them to have RSA tokens.
      • Lythium, on 05/04/2008, -0/+3It doesn't cost anything to encourage people to change their password to something less asinine.
    • synyster, on 05/04/2008, -2/+1one of my friend works in a school which have to change password every 3 months, and the admin passwords is admin1 at the beginning and after month they change it to admin2 and so on for the rest of time. that proves people don't like to remember long and manningless password even there is a very good security policy
    • jpkunselman, on 05/05/2008, -1/+1At my high school we have a very secure network of Apple servers and computers. Unfortunately, for the school, the network administrator is an idiot. His password is 'admin' which, with a little more work would give me access to all files and directories in the school.
  • refreshers, on 05/04/2008, -3/+21***** THE FBISD
  • Rizmaster, on 05/04/2008, -9/+129Because it takes $190,000 to restore backups? Obviously a vain attempt by the district to A: cheat an insurance company and B: get their pound of flesh out of a couple of extremely talented kids who obviously were well beyond the teaching abilities of the morons who surrounded them.

    Thankfully I'm certain skill like this will be rewarded in the long run. MIT or the private sector.
    • bobthebuilder25, on 05/04/2008, -1/+11Really depends on how hard it was.
    • LemmingJesus, on 05/04/2008, -0/+8They wouldn't have to use backups, unless they suddenly stopped using paper grade books.
      • Rizmaster, on 05/04/2008, -2/+2They still have paper grade books?
        • LemmingJesus, on 05/04/2008, -0/+6They did when I was in school a few years ago.
        • xkorbin, on 05/04/2008, -0/+4I haven't met a teacher to this day that doesn't. In any school I've ever visited or attended.
    • santaliqueur, on 05/04/2008, -2/+37Kids who are smart enough to get into MIT usually don't need to change their grades.
      • ZeroIce, on 05/04/2008, -2/+25Not really.... most of the time the really smart kids are the ones that don't do anything because it is too easy. The kids that get good grades are the well disciplined, not the well taught.
        • ncairns, on 05/04/2008, -2/+7Eh, not in my experience. Not to say getting good grades in high school necessarily makes you smart, or bad grades stupid, but everyone I knew at Caltech and MIT had nearly perfect records for their entire academic careers.
        • idastheman, on 05/04/2008, -1/+8Maybe because you pretty much need a perfect record to get into MIT?
          • ncairns, on 05/04/2008, -3/+7That's not even really the key. Hell, I graduated high school at 15 with a near-perfect academic record and already eighteen undergraduate credits from Standford under my belt, and they didn't accept me until I applied for grad school. Everyone applying to MIT (who has a chance of getting in) has a sterling educational pedigree, so it usually winds up being weird little quirks that set you apart. I have a friend who swears the only thing that got her in was showing her interviewer how much ass she kicked at Tiddlywinks - for which MIT maintains an active team.

            Anyway, I cant talk about this for too long because I start to romanticize the whole thing and lose all cogency. It was almost a spiritual experience to stand around in Stratton for the first time and realize that everyone walking by me was much, much smarter than I was.
          • Rizmaster, on 05/04/2008, -0/+7So in summation, you don't know how to spell Stanford? The school you go to?
          • ncairns, on 05/04/2008, -1/+4Oops.

            That one hurts.

            (But I didn't go to Stanford - I just took courses there in high school.)
        • goldenratiophi, on 05/04/2008, -2/+1no, smart kids do the work because they know it's easy and that they have to to get into college.
      • Verdanic, on 05/04/2008, -0/+13I had less than brilliant grades through high school because it bored me to *****. I was ready for specific programs and courses when I was 14. It wasn't even always too easy, it was just totally irrelevant to anything I wanted to do.
      • dptechie, on 05/04/2008, -0/+10Smart kids also wouldn't get caught.
      • ncairns, on 05/04/2008, -0/+7Moreover, being able to hack a ***** high school network hardly implies you're good enough for MIT. The fact that these idiots got caught says they're mediocre.
        • sinrtb, on 05/04/2008, -0/+2It depends they probably wouldn't have gotten caught had they changed the grades of less people. But when no one fails a class even the kid that smoked a bowl in his car every day during 3rd period, it kinda raises flags. And really if you do something noticeable no amount of skill is going to get around it.
          • ncairns, on 05/04/2008, -0/+2I'd be interested to see what led them to suspect these kids, and what kind of evidence they actually have against them, but with rare exception (and this certainly would not be one of them) any hacker worth his sniffers would at the very least have plausible deniability against any accusations thrown his way.
      • michaelz92, on 05/04/2008, -0/+1yeah, they probably just followed some tutorial on a site.
    • Nitrodist88, on 05/04/2008, -0/+5$190,000 at $40 an hour is 4750 hours... I doubt it'd take more than 60 hours (1 for each student).
    • haus34, on 05/04/2008, -0/+7it really isnt that difficult to take advantage of an idiot teacher and install a keylogger on the administrators computer.
      also they obviously werent great if they got caught
      • e2superman, on 05/04/2008, -12/+1I guess that is probably not as bad as you think. I work at a Defense Company (Engineering) and we bill out our time to our customers at about $200/hour (this rolls up profit, overhead, etc). If you consider that then the 190k is about 6 man months of work (one person working 6 months 40 hours a week). If they put three people full time on this then that is 2 months for 3 people full time. Welcome to corporate america (land of the overpaid).
        • Skod, on 05/04/2008, -0/+6Dude, you don't need to post the same comment like 7 times. I dugg you up the first time, this time I'm digging you down and reporting you.
        • e2superman, on 05/04/2008, -7/+1reporting me? What is this highschool?
        • thirteenthcor, on 05/04/2008, -0/+8No, see? in high school reporting DOESN'T work. and what your doing now is called spamming.
    • oOoNyquiloOo, on 05/04/2008, -2/+9.. Keyloggers aren't hacks
    • hmunkey, on 05/04/2008, -3/+2What? These kids will have criminal records. Good luck getting into a semi-decent school with that, and MIT is top-tier. I know they have talent, but they just ruined their lives.
    • IceJelly, on 05/04/2008, -0/+4"a couple of extremely talented kids who obviously were well beyond the teaching abilities of the morons who surrounded them. "
      Lol, then why did they get caught?
    • invinciblechunk, on 05/04/2008, -0/+1Private sector... no. The old "white hat security consultant" bender of the 1990s is coming to an end. The private sector needs loyalty and ethical behavior in addition to just skill. Remember, most hacks are inside jobs.
  • kknater, on 05/04/2008, -11/+6Now maybe some company will hire them as White Hat Hackers
    • StrykeBlade, on 05/04/2008, -2/+2kknater wasn't making a negative statement, thumb up his comment!
    • tuh2, on 05/04/2008, -0/+4They used programs like keyloggers thats not hacking its a script kiddy who got lucky.
      • drastik21, on 05/05/2008, -0/+1And plus they got caught, what a bunch of n00bs
  • ashmon, on 05/04/2008, -5/+71Bueller?... Bueller??? Bueller???
    • Rekbert, on 05/04/2008, -0/+14I asked for a car, I got a computer. How's that for being born under a bad sign?
      • palehorse864, on 05/04/2008, -0/+2Graaaccceee.... GRAAAAAAAAAAAAAAAAACCEE!
    • santaliqueur, on 05/04/2008, -0/+7Forget Ferris Beuller. Matthew Lightman was a better grade-changing character for Matthew Broderick.
      • suzywang3000, on 05/04/2008, -0/+3i can't believe nobody else posted this.
    • thelif, on 05/04/2008, -9/+0THUMBS DOWN BECAUSE EXPELLED SUCKS
    • stlb1090, on 05/04/2008, -0/+1Save Ferris!!!!!!!!!
    • Charun, on 05/04/2008, -0/+2Nine times.
    • matrixclown, on 05/04/2008, -0/+6Um, he's sick. My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious.
    • thebellmaster1x, on 05/04/2008, -0/+2Actually, Matthew Broderick changed school information (namely, his grades) in Wargames, too.
      Quite the little delinquent.
      Though it didn't really stop both movies from being excellent.
  • PHiZ187, on 05/04/2008, -2/+60Standard operating procedure here is to inflate the value of the "damages" in order to bring it under federal (FBI) wire-fraud jurisdiction. They inevitably include the costs to patch the original holes. The problem is, that isn't "damage" caused by the intruders. If you leave a window open, and I crawl through it to rob you, you can't claim an amount of damages to go back and put bars on the window...
  • jmknsd, on 05/04/2008, -0/+57wow, I am impressed, I went there for a year and left due to the behavorial problems, stabbings etc. I read the year after I left someone drove an SUV half way through the school. This is really a step up for them. Also, didn't see article mention, its a magnet type of high school
    • rheaume, on 05/04/2008, -0/+17Have you improved on the behavioral problems though? Not stabbing ppl anymore?
      • thirteenthcor, on 05/04/2008, -1/+3Yeah, jesus. they let maniacs like you out of their pens long enough to use computers?
      • michaelz92, on 05/04/2008, -0/+2i think he meant that there was behavioral problems in the school, such as stabbings. so he left because it was so bad.
    • bludragn0, on 05/04/2008, -0/+1magnet schools are way overrated, especially when you get automatic admission because you're in that particular school zone
  • mal1964, on 05/04/2008, -1/+3http://central.spps.org/home/history/index.html
  • Konrad9, on 05/04/2008, -0/+21Damn, wish I got $3K for a report card.
  • killq, on 05/04/2008, -5/+12Come on, it is high school. If they spent half the effort that it took to change the grades and actually read the course materials they would have at least received straight B's. Nothing like intellectual stupidity.
    • richofsilence, on 05/04/2008, -1/+10Did it say how much time and effort went into this? Maybe this was done on a Saturday morning. If anything, I guarantee that doing this took WAY less time and effort than paying attention in class would. Stupid thing to do, yes, but your comment was possibly grossly inaccurate.
    • masterspeaks, on 05/04/2008, -0/+6Yea, I did something similar for the hell of it when I was in high school, using mix of key logging hardware and software. Took about 30 seconds to set up and I simply returned the next day to collect all my teachers passwords. I promise you I could have gotten the A's, but it would have taken like 600x the effort i spent to get the passwords.
    • redfox2600, on 05/04/2008, -0/+7A year ago my friends and me had a challenge. We would bring our laptops to the parking lot of a near by high school and hammer their network for 4 hours straight. To see who would get in first. Needless to say we got in in under 10 minutes and spent the rest of the time downloading porn.
      • GeorgeStone2, on 05/04/2008, -0/+2What a waste of access.
        • redfox2600, on 05/05/2008, -0/+1We didn't know anyone there nor were we going to the school ourselves. What else are you going to do?
  • phybere, on 05/04/2008, -2/+115It's a sad day when 15 and 16 year old students understand security better than the schools IT staff.
    • ross., on 05/04/2008, -0/+17Guess everyday's a sad one then.
      • Derrekito, on 05/04/2008, -0/+3Which explains why I'm depressed all the time ;)
    • mystdragon333, on 05/04/2008, -0/+4I think it's too easy. I'm a high school student and the kids here do ***** with the network all the time.
      • mesasone, on 05/04/2008, -1/+1Back in middle school (7th/8th grade I think), everybody used to pass around a copy of the Grand Theft Auto demo on the school network. The network admins would go and delete it off the computers, but it would just end right back on the school network for everybody to copy again. I don't know if they ever figured out how to stop it, at least not before I left for high school(which had marginally better security). It's funny to think my introduction to GTA was playing it during typing class in 7th grade.
    • hackiavelli, on 05/04/2008, -1/+1Sad day, weekday, same thing.
    • SPThom, on 05/04/2008, -3/+2No, it's a weekday.
    • rakous, on 05/04/2008, -0/+3Obviously they weren't that exceptional, you know since they got caught.
      • Derrekito, on 05/04/2008, -3/+1Still impressive. *****, I wouldn't even know how to find the ***** server - much less break into it. Maybe a teacher left their spread sheet open, then they pressed UPLOAD? :) Sounds like my high school math classeS all over again.
    • allyant, on 05/04/2008, -2/+1Yeh, My school just throw me out of school because I know to much about computers, I last got thrown out of school because I had my PSP on me, and the school thought I could use it to hack there network, the truth is I was playing tetris.
    • kevinsboy, on 05/04/2008, -0/+1The day is even sadder when you realize that this is not just an isolated case, its happening all across the country
    • TimeLincoln, on 05/04/2008, -0/+1My friend hacked our schools homepage and they suspended him for a year, our tech staff is clueless.
  • Jaydubbs117, on 05/04/2008, -0/+2this was common practice at my high school helping kids stay on sports teams due to there academic deficiencies.....the best was is if they were failing something or had a 0 on a certain project to change the projects total possible points to 0 in order to help there overall average.....Ive heard it happening everywhere, these guys were just unlucky enough to get caught.
  • HotGore, on 05/04/2008, -8/+44Those students deserve a A+.
    • solidus636, on 05/04/2008, -3/+9deserve an A+.*
    • markperia, on 05/04/2008, -0/+22reminds me of my AP CompSci teacher. He told us that if we manage to change our grades by hacking the schools database then we deserve an A. Cause it would mean that we actually took the time to learn more about programming other than knowing Java.

      He was also the guy who taught us how to bypass the school's web filter.
  • byronne, on 05/04/2008, -0/+23Didn't 'War Games' teach these kids anything?! Oh wait, that was made before they were born.
    • lotsa1s, on 05/04/2008, -2/+9Because its impossible to watch movies that were made before you were born.
    • diggdiggerid, on 05/04/2008, -0/+5I don't know about you but all the movies I watch are from the future.
  • Lith25, on 05/04/2008, -2/+11*****. So they changed a few grades, that doesn't make their "damages" worth 190k dollars.
  • richofsilence, on 05/04/2008, -1/+3$191K for (what has to be) an intrusion detection system/staff should NOT be passed onto the kids in this law suit.
  • geneticlone, on 05/04/2008, -1/+6Schools is to blame. They should keep a back up database every semester/quarter :D.
  • robthom, on 05/04/2008, -1/+22P E N C I L
    • Gonasadude, on 05/04/2008, -6/+2P A P E R?
    • snaga83, on 05/04/2008, -0/+14its the password from "Wargames". and now i feel old.
    • link470, on 05/04/2008, -4/+1This just in, student hacked marks with an "E R A S E R".
  • DannySpace, on 05/04/2008, -1/+2The mention of $190,000 sounds more of a Hack than the Culprit's little underhanded task. Besides, someone on the inside had to screw up somewhere for them to access the passwords needed to do such a thing.
  • arjung, on 05/04/2008, -0/+4how'd they get caught? were they behind the network for the attack or was the school stupid enough (not hard to believe) to have the server available from off site?
    • ru7hl3ss, on 05/04/2008, -1/+5They were probably bragging about it--a friend and I were caught because he left a computer on over spring break in this computer storage room we were in generating rainbow tables... go figure...
  • lpxxfaintxx2, on 05/04/2008, -4/+0Respect goes out to them for 'hacking' their school, but damn, they are idiots! If I had the opportunity to change grades, I'd lay low and change MY grades (as little as possible of course) only. That way, I'd have a less chance of getting caught.
    • ncairns, on 05/04/2008, -0/+15YES! Because when they realized that only one set of grades had been changed, they would NEVER be able to finger the culprit!
  • jxfallout, on 05/04/2008, -11/+3So that's how Bush graduated from high school!
    • indiancompanion, on 05/04/2008, -0/+2well, how did he end up with a C average if he hacked.....wait, it might be more believable, he's not so dumb after all i guess
  • forgiste, on 05/04/2008, -0/+34Dude, I had a webproxy setup, and it turns out fellow students were using it to circumvent the filters at school. They blocked my site, but they didn't block the IP.. Anyway, they eventually found out I ran it, and instead of blocking it for real, they revoked my transfer saying I caused almost $15,000 worth of damage... even though I never even disabled their filters much less did I damage a damned thing. They wouldn't listen to reason so I basically couldn't argue. I then had to graduate from a ***** little high school.
    • Gonasadude, on 05/04/2008, -0/+4Same thing almost happened to me.... almost..
      • transform100, on 05/04/2008, -5/+41) Sue the school.
        2) ???
        3) PROFIT!
      • ru7hl3ss, on 05/04/2008, -1/+2Almost happened to me too... almost... I swear that was the worst (and scariest?) few months of my life...
    • ZeroIce, on 05/04/2008, -0/+14I use my own self-made proxy at school. According to the school, I could be costing them money? That's BS.
      • twrife, on 05/05/2008, -0/+1Possibly through bandwidth but that's a stretch.
    • stormspire, on 05/04/2008, -1/+5Wasn't something *extremely* similar to this on Digg a while back?
    • wwnexc, on 05/04/2008, -0/+2I feel your pain. Been a very similar situation :/
  • cdtoad, on 05/04/2008, -0/+37I changed my grade from an F to a D-
    • DaviDTC, on 05/04/2008, -0/+19Not smart enough to go higher? Or genius cause it probably wont be noticed?
  • suprememilo, on 05/04/2008, -0/+63This is the same district that tried to expell the guy for making a Counter Strike map of his school.
    • ZeroIce, on 05/04/2008, -0/+16Damn, that's a good idea! I guess the school doesn't have a computer graphics class?
    • patrickyan, on 05/05/2008, -0/+1In fact, in order to receive computer credit, you need to learn the difference between bold, italic, and underline buttons in Word. You don't have to learn how to operate the computer at all because they spend all the money on our subpar football team and give us some ***** Compaqs that don't even turn on properly.
  • IxXxIRhinoIxXxI, on 05/04/2008, -1/+14Ctrl + Z FTW!
  • SargedeathXmode, on 05/04/2008, -0/+7I love it how schools are forcing teachers to switch over to computer grading; now it just blows up in their faces when teachers don't have back-ups or paper copies. Also miss the high school "justice," where any wrongdoing gets an absurdly high over-kill punishment, I mean, 190k for changing 60 grades?!?! That's about as bad as you bumped into my car, but that spot has sentimental value, so to make an example that no one should hit that spot, I'll fine you 2000x times the cost... >.>
    • DarkLaughingMan, on 05/04/2008, -0/+1To be honest, teachers shouldn't have to have copies if the school system setup the system properly. All they have to do is have it autobackup say every week. Though if I remember correctly, when I was in high school teachers would keep grades in excel spreadsheets, then input the ones for the school system servers.
  • CombatSteve, on 05/04/2008, -0/+12Close to what happened at my school, A group of kids took a school laptop home and put a key logger on it, then brought it back to school, waited a month then pulled up the Administration Password and Bam!, got them into the grade program. They only got caught because one kid in the group ratted out on account that he felt guilty. All the douche bag jocks got detention, and the guy that was helping some stupid people out got expelled.
  • joemofo214, on 05/04/2008, -0/+6reminds me of the time my friend got sent to this school for correctional ***** for hacking into our schools gradebook system
    • jumico, on 05/04/2008, -3/+0FTA
      "These changes went from a lower score to a higher score," the documents state.
  • trixterIreland, on 05/04/2008, -0/+6While these students appear to be in the state system right now, the federal one is just as bad.

    This is another issue where there is a constitutional violation by the federal government. 18 USC 1030 is the federal hacking statute. It covers interstate or foreign commerce *or communication* - only commerce is allowed by the constitution. Further they define communication as 'if you have internet its federal' and does not require commerce in a real sense.

    Vote for constitutional adherence (see Article I Section 8 and the 10th amendment for a limitation of the federal governments powers!!) hold legislators responsible with your vote.

    Now for how the damage part is assessed... Basically under the sparse case law, anything the victim thinks is "reasonably required" to restore the system to its condition prior, perform an audit to see what was done, downtime, consultants hired, and so forth is allowed, even if its silly to do. So they can hire a $1000/hr consultant for 190 hours and get to that point - and the consultant is allowed to be incompetent. That would count for restitution, sentencing (the more the "loss" the higher the jail time) and all of that.

    The number is probably an inflated estimate though to grab headlines, that is the most common thing done, at sentencing its often a much lower figure.
    Please though seriously vote for constitutional adherence, it doesnt matter which party you are for they all violate it just in different ways. The federal government was not supposed to be the end all be all most powerful government in the US, the states are. Read the constitution and see what powers they really do have and more importantly which ones they dont yet they pass laws like they do.
  • jtok202, on 05/04/2008, -2/+3The only reason that this is a problem is that obviously they were stupid enough to change too many peoples grades and to stupid to delete logs and cover their tracks, I did this for me and a small group of friends in High School never got caught never had anyone asking questions, Just don't edit F's to A's and do it subtly and your fine. I hate these stupid stories because after all they are written about the stupid the smart never get caught.
    • darkmist, on 05/04/2008, -0/+1Then chill out and let the stupid ones get caught man. Makes your life easier.
  • mrpleco, on 05/04/2008, -1/+13How to change school system's grades...

    1) Place keylogger/trojan horse on cheap usb stick
    2) Name keylogger/trojan horse "self-extracting-homework-files.exe"
    3) Leave stick under the classroom side of teachers desk, so it looks like it dropped there
    4) Wait for the password from the keylogger
    5) Change your worst enemy's grades

    :-D
    • trixterIreland, on 05/04/2008, -1/+3or just have an autorun setup on your removable media and plug it in quick when the teacher isnt looking (most dont disable that on windows).

      Or hey use firewire, you can directly access ram with that one, per the spec, and just do whatever you want (read/write access) and elevate privs and install whatever.
      • xkorbin, on 05/04/2008, -0/+2When I was in an engineering class we would have a teacher lock our screens everyday. I made a VBscript for U3 execute batch file to end the service. You could still use autorun or the CD drives when the screens were locked.. this just unlocked them.
  • polygons, on 05/04/2008, -0/+3Hack the Gibson.
  • Louis11, on 05/04/2008, -0/+9FTA: "School district technology officials also told investigators that malicious applications had been discovered on about 80 computers at Hightower High School.

    A malicious application can be the introduction of a computer virus or the installation of key logger programs. A key logger records all the strokes on a computer keyboard and then sends a record of those strokes to another computer site."

    Hackers? Make an example of the skiddies, if you ask me.
    • spydie, on 05/04/2008, -4/+1At no point do they say if these kids added them on there or not. These could just be normal viruses that get on the school computers anyways. Our college computers had to be wiped every few days due to viruses and the such getting around their virus protection. So to jump to the conclusion that these kids did it is a stretch. Sounds like the school is just making up more crap to try and pin it on the kids and hide the fact that they had a crappy system.
    • BeOrange, on 05/04/2008, -0/+4Having dealt with a school counties tech department before, the consider pretty much anything malicious. I had an alternative notepad text editor in my private drive and was punished for it.
  • mt330404, on 05/04/2008, -0/+11idk if this is related to this story, but i tried to visit the FBISD website to get their contact info so i could bitch them out, and it is currently OFFLINE.

    i love digg. :)
    • stormspire, on 05/04/2008, -4/+0I guess they would call us "hackers" since we pretty much DDoS'd their servers. They call anyone "hackers" nowadays...including people who install keyloggers.

      P.S. GET OFF MY DAMN LAWN!
  • cryptoki, on 05/04/2008, -0/+22If anyone here understands technology, 190,000 is a waste of money and effort to this problem. If the school is wise, they would use a database like Oracle, SQL Server, or MySQL Server to warehouse all of the students grades. As a database administrator you can write a simple script (trigger) to send an email alert to someone if a grade is updated or insterted etc. (based on any criteria. such as time, date, when, where, from what ip/hostname). Any Database admin should perform incremental or differential backups daily, and full backups once a week with critical data like this. Most databases also have a log of when changes are made and those records cannot easily be erased. A dba should be able to run a query such as... if any grades were altered after "this date" > show all result etc. A simple database backup would most like solve this problem. Also.. as a security measure... there should be an offline database in a secure facilty that stores a copy when all grades are updated by teachers. I would just roll back (backups) the database to the original grades due date, then send out an email notifying teachers, if they altered any grades since such and such a date, they will have to re-enter the data through the normal channels.

    My solution would be to hire a Database expert (if one was not available in house) to take care of this. Im assuming these types of experts can only charge a max of 250/hr +/- a few bucks (many states have laws about max amounts per hour IT consultants can charge).

    Assuming all teachers would keep a file somewhere of grade alterations, my guess is the total cost would be somewhere around 16 hours max for the database guy (2 days to run a few clever queries, and to perform the backups), and 15 to 30 minutes for each teacher to double check any recent updates.

    next.
  • cryptoki, on 05/04/2008, -0/+7cool.. i just saved you 185 thousand dollars. Think security, and always plan ahead
  • spacecoyote1332, on 05/04/2008, -0/+1hey its the only way i graduated ;P
  • yersoocrust, on 05/04/2008, -0/+19This school is right down the street from me. Every year Fort Bend seems to be getting a lot of media attention for something. Last year, at my school, a student made a Counter-Strike map of the school and got expelled. What's pretty insane is that the map is perfect. Take a peak: http://youtube.com/watch?v=EQ4VXIDBftc
    • Dundasbro, on 05/04/2008, -0/+6Expelled? What the *****? Did he even make it in school, and aren't there freedom of speech issues inherent in that? The American school system needs to grow a sense of humour.
    • NYankee2003, on 05/04/2008, -0/+1he should have said he made it to play has the counter-terrorist team.

      Also, I love how the mom Columbine and Tech as "similar". The mom is from Texas... and Andrea Yates was a mom from Texas? Coincidence? Just to be safe let's lock her up.
    • NYankee2003, on 05/04/2008, -0/+2Digg that youtube clip too! http://digg.com/world_news/Kid_EXPELLED_for_making ...
    • jpkunselman, on 05/05/2008, -0/+1Expelled!?! Wow that sounds a little extreme. My roommate works for a high school during the summer for system upkeep and someone made a call of duty map of the school and they play it in the school labs on school computers.
  • marksands07, on 05/04/2008, -1/+4the $190k was how much the firewall cost that they bought to secure their network after they realized juveniles were breaking in.
  • Fetching more discussions...
    Show 51 - 100 of 111 discussions
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.