+ Post New Thread
Results 1 to 14 of 14
IT News Thread, Schoolboy Hacker facing 38 years for upping his grades in Other News; Schoolboy hacker Omar Khan who upped his grades faces 38 years in jail - Times Online Perhaps this one should ...
  1. #1

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,041
    Thank Post
    1,891
    Thanked 2,365 Times in 1,742 Posts
    Rep Power
    831

    Schoolboy Hacker facing 38 years for upping his grades


  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,322
    Thank Post
    525
    Thanked 2,595 Times in 2,013 Posts
    Blog Entries
    24
    Rep Power
    888
    The thing is, it seems he didn't actually have any real skills here either - he stole a key, watched teachers enter passwords and, it seems, installed something like logmein on a machine or 2. None of it is really skill.

    Now if he'd actually hacked in, using exploits etc... then he'd have probably set himself up for life as a security advisor. Instead, he's simply going to be a criminal. Shame.

  3. #3

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,041
    Thank Post
    1,891
    Thanked 2,365 Times in 1,742 Posts
    Rep Power
    831
    Quote Originally Posted by localzuk View Post
    The thing is, it seems he didn't actually have any real skills here either - he stole a key, watched teachers enter passwords and, it seems, installed something like logmein on a machine or 2. None of it is really skill.

    Now if he'd actually hacked in, using exploits etc... then he'd have probably set himself up for life as a security advisor. Instead, he's simply going to be a criminal. Shame.
    The question is why did the teachers have admin privileges in the first place?

    If it was their NM's password they obtained... the NM was clearly not the best person to be in post anyway. I would imagine that the majority of us are paranoid about our admin passwords!

  4. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,322
    Thank Post
    525
    Thanked 2,595 Times in 2,013 Posts
    Blog Entries
    24
    Rep Power
    888
    It doesn't mention admin privileges really. The only issue it mentions is the installation of software, which I suppose, would require local admin privileges. But then, our staff here have them on their laptops so they can install software.

  5. #5
    PEO
    PEO is offline
    PEO's Avatar
    Join Date
    Oct 2007
    Posts
    2,096
    Thank Post
    457
    Thanked 152 Times in 96 Posts
    Rep Power
    72
    This is the sort of thing the IT security industry bang on about all the time. There luck no one has picked up the server and walked out with it.

    clearly who ever is in charge of the IT in the school is in-confident.

  6. #6

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,806
    Thank Post
    880
    Thanked 684 Times in 453 Posts
    Rep Power
    505
    Also brings up concerns about their firewall - surely any decent firewall setup would only have necessary ports open on it?

    As well as Anti-Virus, etc

  7. #7

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,322
    Thank Post
    525
    Thanked 2,595 Times in 2,013 Posts
    Blog Entries
    24
    Rep Power
    888
    My question is why the school didn't have alarms. Every room with computers in in our school has an alarm sensor. My server room has a light sensor, and soon (once I finally manage to get the door back on the cabinet), the cabinet and room will have it's contact sensors enabled, so opening the door of the cabinet will alert me also.

    How can you have expensive equipment in rooms, especially equipment with access to confidential data, without alarms? It is just asking for trouble.

  8. #8

    Join Date
    Mar 2007
    Posts
    307
    Thank Post
    3
    Thanked 9 Times in 8 Posts
    Rep Power
    17
    lol, I cant get access to the article as its blocked by county

    But if our school is anything to go by, all the security that needs to be put in place can be overruled by the SMT. It doesn't matter if the NM can do a good job or not if the head only wants someone to do what the teachers tell them to do. As a result security is limited.

    Only yesterday I found someones password stuck to the computer, and when I asked them to remove it I was asked why.

  9. #9

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,806
    Thank Post
    880
    Thanked 684 Times in 453 Posts
    Rep Power
    505
    @pallen:

    Quote Originally Posted by Time Online
    It could be a long time before Omar Khan goes to college: as long as 38 years, according to Orange County prosecutors, who have arrested and charged the 18-year-old student with breaking into his prestigious high school and hacking into computers to change his test grades from Fs to As.

    If convicted on all 69 counts, including altering and stealing public records, computer fraud, burglary, identity theft, receiving stolen property and conspiracy, Mr Khan could spend almost four decades in prison.

    He is currently being held on $50,000 (£25,500) bail and is scheduled to appear in court today.

    Mr Khan’s defence lawyer, Carol Lavacol, described her client as “a really nice kid” and said: “There’s a lot more going on than meets the eye.”

    Prosecutors claim that between January and May, Mr Khan, who lives in Coto de Caza, one of Orange County’s oldest and most expensive gated communities, repeatedly broke into Tesoro High School, which was made famous by the reality TV series Real Housewives of Orange County.

    In an alleged plot that resembles the script to the 1986 high school comedy Ferris Bueller’s Day Off, prosecutors claim that he then used teachers’ passwords to hack into computers and change his test scores. In at least one test, an English exam, Mr Khan had been given an F grade because he was caught cheating.

    Prosecutors claim that the teenager, who is alleged to have broken into the school late at night with a stolen master key, also changed the grades of 12 other students, and that he installed spyware on school hard drives that allowed him to access the computers from remote locations.

    Tesoro High has 2,800 pupils and often appears in Newsweek magazine’s annual list of best high schools.

    Mr Khan’s plan, the prosecution argues, was to get a place at one of the colleges within the University of California system. After his application was rejected, he requested copies of his student records, known as “transcripts” in the US educational system, so he could appeal. But when teachers looked at his files and noticed all the A grades that had magically appeared next to all the courses he had taken they realised something was wrong.

    “School administrators alerted law enforcement after noticing a discrepancy in Mr Khan’s grades,” the Orange County District Attorney’s office said. “Subsequent investigation revealed that Mr Khan was in possession of original tests, test questions and answers, and copies of his altered grades. Khan is accused of stealing master copies of tests, some of which were e-mailed to dozens of students.”

    The case has once again raised the question of whether technology, in particular mobile phones that can access the internet, has resulted in an epidemic of cheating in the high-school system. The Orange County Register, a local newspaper, asked its readers yesterday to respond to a poll asking if “technology is giving [students] an advantage”, or whether it is just “the same stuff using new tools”.

    Another student, Tanvir Singh, also 18, is accused of conspiring with Mr Khan and faces up to three years in prison. The pair allegedly exchanged text messages last month while organising a break-in.

    Jim Amormino, of the local sheriff’s department, said that he was astonished by the sophistication of the scheme, especially given the age of the defendants. “I think they [now] wish they would have put their talents into studying,” he said.

  10. #10

    Join Date
    May 2007
    Location
    Suffolk
    Posts
    145
    Thank Post
    2
    Thanked 19 Times in 17 Posts
    Rep Power
    19
    Localzuk made a good point. "Social Engineering" is the only 'hacking' he did.

    No mention of using readily available tools to sniff the wireless network from the school grounds.

  11. #11

    Join Date
    Mar 2007
    Posts
    307
    Thank Post
    3
    Thanked 9 Times in 8 Posts
    Rep Power
    17
    Thanks Gatt..
    Gave you rep as I couldn't find thanks

  12. #12

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,806
    Thank Post
    880
    Thanked 684 Times in 453 Posts
    Rep Power
    505
    Cheers - Thanks button only appears in forums where thanks is "deserved" or something

  13. #13

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,770
    Thank Post
    958
    Thanked 1,376 Times in 840 Posts
    Blog Entries
    1
    Rep Power
    455
    Gatt: Thanks is more for other things. Rep gives more to a user then thanks anyway generally.

    Localzuk: Local admin rights, naughty naughty. We dont do it here ever really. It simply is too risky. We also here dont have any real alarms at all and its not been a problem so far. It depends on the area I guess.

    As for the kid he broke the law and should go down regardless but 38 years is rather excessive. If you had complete accountability (ideal world stuff) you would not need security as the person would be found out and thus punished diminishing any point in committing the crime. They should have prevented it from working though with firewalls and no local admin though.

  14. #14

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,806
    Thank Post
    880
    Thanked 684 Times in 453 Posts
    Rep Power
    505
    Ah, cheers ZH - can never remember what the deal is with Thanks and Rep



SHARE:
+ Post New Thread

Similar Threads

  1. Moodle - Outward Facing
    By ticker in forum Virtual Learning Platforms
    Replies: 7
    Last Post: 1st May 2009, 04:13 PM
  2. Is there a hacker competition on today?
    By Pyroman in forum General Chat
    Replies: 9
    Last Post: 29th August 2008, 06:21 PM
  3. converting UMS to grades in Assessment Manager?
    By iceman in forum MIS Systems
    Replies: 2
    Last Post: 29th August 2007, 01:58 PM
  4. CMIS - Cannot edit target grades?
    By _Bat_ in forum MIS Systems
    Replies: 4
    Last Post: 2nd November 2006, 11:25 AM
  5. 'hacker' thread on uk.education.schools.it
    By CyberNerd in forum General Chat
    Replies: 25
    Last Post: 3rd October 2006, 05:44 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •