No! I'm Spamacus!
17th June 2003
I've been reading a lot about a number of students, including people in my graduating class, from my former high school that were arrested and are being charged with multiple felonies. Apparently two of the seniors last year "found out" the login name and password of one of the computer technicians. Well, it quickly snowballed after they told a friend about it and told him "Don't do anything stupid with it".
I think you can imagine where this is going. For the last six or seven months at least ten students had full access to the system the school district uses. Everything from grades, personal information, tests, teacher emails and recipes, etc. So many records had been altered, and so many people had access to tests that in some cases everyone might have to take them over again.
Of course it didn't stop with that. They had to go online and purchase keyloggers. Last month they finally got caught after a staff member noticed the keylogger and contacted the police. That night three of the students were caught breaking into the building with a CD to collect the keyloggers from the computers.
After being interviewed, many of them detailed elobrate methods of cheating on AP and SAT tests. As a result they might have to be administered again and at a different school. Luckily it looks like I might not be affected. Three months into college, it would be kind of silly to have to go through all of that anyway.
My high school is fairly competative with many students who go on to attend "Ivy league" schools. The first senior is currently enrolled at John Hopkins studying biomedical engineering. Most of the students involved had absolutely no need to do what they did, their grades were great to begin with. I knew them pretty well, and they always seemed to be involved with everything. It's a real shame some people are pressured so heavily that they give into something that serious.
wow. Well hopefully you won't have to take your exams back because that would really suck. Why did they install a key logger anyway? They had access to all the informations already. :confused: Don't know really what to say. Can't believe people are going that far to get better marks.. After all, I want to be recognize for who I am and not who I pretend to be (by cheating on exams)
Cheating on the AP Exam? I'm interested. ;) Those things are killer, and I have 5 looming over my head at the end of the year. (Not genuinely interested in cheating, of course.)
Anyway, that's pretty crazy. At least they're being punished for it. Everyone cheats every now and then, and most get away with it--the kind of thing that inspires students to do this and expect to get away with it, too.
Ivy League schools are overrated, anyway. Grade-inflation and all that. Go to a real university where you have to earn your grades. *coughBostonUcough*
Good to hear you aren't going to be affected, though. It'd be a shame that people outside of the cheating group will have to pay for their behavior.
Voice of joy and sunshine
26th May 2003
Stupid password system if it doesn't notice that sort of thing.
No! I'm Spamacus!
17th June 2003
-Slick-cRiSsI;4033665Why did they install a key logger anyway? They had access to all the informations already. :confused: [/QUOTE] While they had full access to the system, they still needed login information from the administration, since only the school administrators can permanently change grades without leaving any sort of trace. [QUOTE=Ryette;4033666] Ivy League schools are overrated, anyway. Grade-inflation and all that. Go to a real university where you have to earn your grades. *coughBostonUcough*
Unfortunately in that area, it's a huge status symbol.
I also agree they are overrated. When I was doing visits, the arrogance that surrounded many of the places completely turned me away from them.
17th June 2002
This is more of a lesson to IT administrators to regularly change all passwords rather than anything else.
Wanna go Double Dutch?
9th December 2003
Heh, good thing they were caught. Doesn't sound like they had very tight security though (password change every X period of time, logging and keeping track of logins to the teachers network etc.).
I can understand the urge of wanting to login and browse the tests, marks etc. It's wrong and fraud ofcourse and I myself wouldn't do it (well atleast I think I wouldn't though I wouldn't know if I would be close to failign the year and had this opertunity to check out a test in advance to ensure passing a class). Altering marks etc. would not be a smart thing to do even if you could do it without leaving a trace. Teacher would get suspicious if grades suddenly changed and no longer match the grades they have written down on paper ("hmm on all these exams he has around a 6 how can he get 7? Fishy...").
Those who actually got their hands on the password were rather stupid for sharing the information though, such a thing is bound to be passes on and on and abused so that lecturers will get suspicious and take notice eventually.
Anyway, I hope your exam results aren't effected by it (can't see how though, atleast overhere those are made by a goverment agency and you would need to hack into goverment computers to get a copy of that).
Yes, but once a password has been compromised once all you need to do is create another admin account to get around password changes.
Or, if your trying to stay reasonably covert about it you could elevate an existing account to admin status. Say the school runs Sophos, just elevate the sophos user account to admin and uncheck the "password never expires" option in the AD. If someone does look at it they are likely to assume its a admin account because it needs to be. If they try the password and it doesn't work they will notice the password expiry and assume it has expired and simply reset it.
If you have full admin access then you would be able to alter the logs if you were sufficiently skilled. Its not that hard to get an admin password, all you need is a key logger on a PC you know the admin will use. You can do this by breaking something on the PC and asking the admin to login to fix it.
Unless the admin VNC's to the PC instead of doing it physically then your likely to get the password. Its not hard to get caught like this, a bank with a good IT team was caught like this a year or so back when the cleaners attached keyloggers to the PC's. Theres not much you can do about it, other than superglue all of the keyboards in the building to the PC's which is what that bank has now done.
But anyway, even if you do make a completely perfect hack then its not guaranteed to do you any good. A couple of weeks ago someone was caught because as standard practice the data on the database was verified against an archive copy stored on read only media.
Wanna go Double Dutch?
9th December 2003
Or simply keep the risk involved at a bare minimum by onyl reading and not editting any files. That is what I would do if I were to break into a teacher database with test, tests results etc. If you know the test you are going to get in advance it shouldn't be too hard to get a good mark (I would aim at getting 80-90% right or so to obtain around a mark 8-9, perfect score would be unlikely unless it was a really easy test).
yeah. Thats what I would do if I was in a system that I wasn't meant to be in.
Of course, I wouldn't actually crack a system myself. Convictions for IT related offenses are not good for your career if you work in IT. Quite bad, in fact.
I can't see why people bother to start with, and why do they think they will get away with it.? ok, you may get away with it until your spotted but once someone suspects something has been changed they are going to find out what, even if it means manually checking against the paper records. If your caught then bad things are going to happen...