+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 34
How do you do....it? Thread, Hackers, Crackers and other wise little Slackers... in Technical; We have a kid here who was banned totally from using any ICT equipment in school by my predecessor. Today, ...
  1. #1

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,618
    Thank Post
    845
    Thanked 881 Times in 731 Posts
    Blog Entries
    9
    Rep Power
    326

    Hackers, Crackers and other wise little Slackers...

    We have a kid here who was banned totally from using any ICT equipment in school by my predecessor. Today, one teacher allowed him to use a computer in class for work. He got a hard drive out of his bag, plugged it in and rebooted the PC.

    The hard disk contains a bootable linux distro - Back|Track 3. Looks like a hackers favourite, all the tools there - spoofing, password attacks, forensic tools, etc, etc, etc.

    Now I need to look in to why USB boot is enabled and what's being used as a BIOS password. That issue aside, I'm wondering what the general wisdom here is with such kids.

    He's encouraging his mates to do similar thing. This week we've found RDP icons in peoples home drives, a selection of .bat files to do things like display pointless messages endlessly or make the user think their work has been deleted.

    I can't help thinking that banning them from the network is not a solution to the problem? Is there anything you guys have done/do do with these kids - clubs/activities/punishment/research/lunchtime work - to combat this problem and channel their curiosity?

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Had one before that we (I, tech staff and the head) banned from being within three feet of IT kit on pain of death and mutilation, and a few weeks later I found him logged into a backdoor. Phoned his fiery italian dad and explained that we were about to ask for police advice regarding a criminal prosecution, dad turned up and took him away to do eight hours enforced revision a day for the rest of the year
    Last edited by powdarrmonkey; 2nd December 2008 at 01:52 PM. Reason: i've had no coffee this afternoon

  3. #3

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    112
    Backtrack 3 is one of the best penetration testing tools out there. Free download as well.

    Unfortunately anything you might do to try and channel this interest would also probably be giving them skills they'd misuse. Might be worth creating a very heavily locked down GPO for their particular accounts and dropping known troublemakers into it. Work on least-privilege. Take away abilities to do everything except what they actually need. Allow specific programs to be run, and set all others to be denied by default and so on.

    The other thing that might be worth doing would be getting in touch with your local police and seeing if they have anyone who could come in and give the kids a lecture about electronic crime. Or even see if there's a penetration tester who might be willing to come in.

    Disallowing .bat files and RDP might be a start as well.

  4. #4

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,618
    Thank Post
    845
    Thanked 881 Times in 731 Posts
    Blog Entries
    9
    Rep Power
    326
    Mmm, that's the root I'm trying to avoid. I know why these kids do it, heck if networks/pc where half as advanced as this when I was at school I'd have been trying the same. Instead I had to make do writing BBC Basic programs

    This particular kid may just end up going down the whole - let's threaten to get the police involved, criminal conviction, et al - route. But I can't shake the feeling that there is a more practical solution.

    Just stumped at what exactly to suggest!

  5. #5

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by jamesb View Post
    The other thing that might be worth doing would be getting in touch with your local police and seeing if they have anyone who could come in and give the kids a lecture about electronic crime. Or even see if there's a penetration tester who might be willing to come in.
    Depending where you are, I'd leap at the opportunity

  6. #6
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    111
    Give him a job!

  7. #7

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,618
    Thank Post
    845
    Thanked 881 Times in 731 Posts
    Blog Entries
    9
    Rep Power
    326
    Quote Originally Posted by somabc View Post
    Give him a job!
    Actually, that's the type of thing I'm thinking off. But what! I don't mind them learning these skills. Could earn them a lot of money - good luck to them. They need to know when it's appropriate though - and my network is not their play ground (regardless of the holes I haven't filled in yet!) :stampsfeet:

  8. #8

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    112
    As another thought then why not give them a playground? See if someone'll approve VMWare or VirtualPC or something similar, put a linux install in it and set them some challenges.

    Either that or see if you have some older PCs around due for the scrapheap, put Linux on them, or Windows if you have the licenses, and give them a mini-network to play with. But I would say you want them to know the possible consequences should they try to use their 'skills' outside the playground, that's why it'd be worth getting the police and so on in as well.

  9. Thanks to jamesb from:

    tmcd35 (2nd December 2008)

  10. #9

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,760
    Thank Post
    1,623
    Thanked 1,877 Times in 1,395 Posts
    Blog Entries
    2
    Rep Power
    422
    We had a child do a similar thing, and back in my day I was well versed at cracking networks, so I got him to show me where the holes were in my network and I fixed it. As such my network is much more secure.

    If it were not for these blighters my network would be no where near as secure. As for the boot options, go into your BIOS, disable USB Boot and CD Boot, and then password the BIOS so the options cant be changed, and on the profiles, set a super mandatory profile to enforce that no USB devices get used apart from approved ones. That way only you and the staff can use USB devices.

  11. #10
    stu
    stu is offline
    stu's Avatar
    Join Date
    Sep 2007
    Location
    Plymouth Uni
    Posts
    436
    Thank Post
    31
    Thanked 7 Times in 7 Posts
    Rep Power
    16
    If there so/ hes so computer literate, see if your school is willing to offer him simple course's like A+ and networking +, and giving him a job is probs bad idea because he may be competent but there is a maturity aspect, and it sound as if he would violate most rules regarding privacy given half the chance.
    I like the VM idea, might also suggest getting him to see careers advisor see if they can make a more beneficial action plan, get him more interested in the maintanace of security.

  12. #11

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    112
    Just had another thought, extending the VM thing and a little more ambitious. If you can set up a network in VM, even just a single DC and one client computer (on a decent workstation you'll be able to run both of these at a low-spec), then get them all to try and harden their own mini-domains.

    After that, they swap domains and try to break in. Challenge is to be the first one to manage to get escalated priviliges.

    Just if you're going to do that make sure you watch exactly what they're doing, and harden your own network against it.

  13. #12

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,618
    Thank Post
    845
    Thanked 881 Times in 731 Posts
    Blog Entries
    9
    Rep Power
    326
    Now that I like, a lot.

    You got me thinking along the lines of grabbing a few old PC's and an old switch. Throwing them on a table with a few OS install disks (XP Pro, Win2k3, Linux), and saying there you go, build a working, secure network.

    Maybe setting it up in VM's could be interesting - each VM as access to the sandbox network - but not the school network. Would need to look at the security on VMWare Server. Wouldn't want them to create/delete VM's but not have access to the networking settings. I know this is possible under ESX, but not sure on plan VMWare Server.

    Maybe as an after school activity. Anyone caught hacking the network is thrown off the course, banned, threatened with police.

  14. #13


    Join Date
    Sep 2008
    Posts
    1,752
    Thank Post
    320
    Thanked 258 Times in 211 Posts
    Rep Power
    119
    Bring him in at lunch time and ask him to "hack the network" Did that one day with one of the pupils in a school not long after I started. He told me he could access loads of things that he shoudln't have been able to. I told the head of ICT that I was having this kid in at lunch time and watched what he did. Sure enough he could get access to things they shouldn't have been able to. I (wrongly) assumed that the privaleges had been set by the person before me, but no one actually looked after the network before I started. After I saw what he did, I made changes to stop him having access to things they shouldn't. After that every time he found a way around the security he came straight to tell me. I think this was because he didn't believe me when I asked hom bypass the security in place and enjoyed the fact that I let him have a play (whilst being supervised by me)

    Of course this depends on the type of pupil you have, and there is no way to know if they will just abuse your trust.

    Edit: of course this is if you want to encourage them. Personally I would ban if they have been warned. Its fine to encourage people, but only if they deserve it.
    Last edited by penfold; 2nd December 2008 at 03:18 PM.

  15. #14

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,760
    Thank Post
    1,623
    Thanked 1,877 Times in 1,395 Posts
    Blog Entries
    2
    Rep Power
    422
    As you said it does depend on each pupil. If the guy is a complete idiot and you know will breach your trust, then you shouldnt trust them but if the pupil is one that you believe you can trust then do the following.

    Find an empty room that is not used, preferably a store room with power sockets, set up a switch, a "server", 3 machines, with with XP, 1 with ME, and 1 with MAC OS (X or leopard), and get the child to try to gain access to all 3. Depending on the skills of the child they can show you vunerabilities in your system which believe me, will help no end. If you know the vunerabilities, then you know where to improve your network.

  16. #15
    danrhodes's Avatar
    Join Date
    Sep 2008
    Location
    Wath Upon Dearne
    Posts
    1,513
    Thank Post
    157
    Thanked 181 Times in 150 Posts
    Rep Power
    67
    Quote Originally Posted by powdarrmonkey View Post
    Had one before that we (I, tech staff and the head) banned from being within three feet of IT kit on pain of death and mutilation, and a few weeks later I found him logged into a backdoor. Phoned his fiery italian dad and explained that we were about to ask for police advice regarding a criminal prosecution, dad turned up and took him away to do eight hours enforced revision a day for the rest of the year

    Thats fantastic, thats what I call a lesson. I used to be just the same as most of these students were complaining about, I even complain about them now. I wish that I was encouraged more at school with me ICT as I used to love trying to break into schools systems, I even made a list over year 11 of all the problems and emailed it to the Network Manager at the end of the year.

    Lets just say he wasn;t very happy, but was delighted when I left.

    Dan

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. chinese hackers
    By maark in forum Wireless Networks
    Replies: 1
    Last Post: 5th January 2009, 05:05 PM
  2. Sherston World Wise
    By the_one_that_cant in forum Educational Software
    Replies: 0
    Last Post: 2nd December 2008, 11:20 AM
  3. Help me using WISE Please
    By Athlona in forum General Chat
    Replies: 4
    Last Post: 6th March 2008, 02:06 PM
  4. Which version of wise package studio?
    By nicholab in forum Educational Software
    Replies: 2
    Last Post: 28th November 2007, 09:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •