A US STUDENT found a huge hole in his school's network and gained access to the names of 250 past and present school bus drivers.
The Shenendehowa student rang the principal to warn that any hacker, such as himself, could steal private employee information, if he were so minded.
However the principal was convinced that the hacker was the anti-christ and contacted the fuzz who decided to chuck the book at the lad.
The 15-year-old is now facing felony charges and has been suspended. He is probably wondering why he bothered to tell anyone, he should have just flogged the ID material and kept his mouth shut.
Coppers have charged him with computer trespass, unlawful possession of personal identification information and identity theft. If he was not 15 he would be going to jail.
While Shenendehowa officials are running around saying it was all the kid's fault, they seem to have missed the point.
The little toe-rag didn’t have to tell them about the flaw and he also didn't have to break anything to get the information.
It looks like he breached the district's system while in computer simulation class. He used his student password to view the bus drivers' Social Security numbers, and driver's license numbers.
Superintendent Oliver Robinson admitted the lad was able to get into the database because the district was upgrading its computer system with the help of outside vendors and others.
As part of the upgrade process anyone with a district password, which is thousands of people including students, faculty and other employees, could have obtained access to the faulty file.
Robinson claimed that the wide open security was fine as it would have taken some exploration to find the file.
Yeah, but the sorts of people who are committing ID theft are pretty clever and will search around a wide open network to find data. What is bizarre is that the school kept this open network for a week or two after the kid was busted.
We would love to see that excuse being used to justify breaking into a nuclear power plant. "Yes our network was wide open, but it was the hacker's fault because you had to root around to find the files to spark a China crisis" .
Robinson refused to place blame for the blunder but it seems that, rather than crucifying any adult security experts, the school is taking it out on the kid who pointed out how pants their security system was. µ
Sign up for INQbot – a weekly roundup of the best from the INQ