HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 31 guests online
 
Advertisement

You are here: Home arrow Resourcesarrow News from the Outside Worldarrow 15-Year-Old Steals Data on 55,000 People in School District Hack
EH-Net
May 21, 2013, 10:33:43 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: 15-Year-Old Steals Data on 55,000 People in School District Hack  (Read 6988 times)
0 Members and 1 Guest are viewing this topic.
oneeyedcarmen
Full Member
***
Offline Offline

Posts: 233


Klaatu, Borada,Necktie?


View Profile
« on: May 23, 2008, 01:11:44 PM »
Kids these days!   Roll Eyes

http://www.darkreading.com/document.asp?doc_id=154709

Quote
The student, who attends the county’s Downingtown West High School, reportedly used a flash drive to siphon off the names, addresses, and Social Security numbers of around 15,000 students and school employees and members of the community. According to the Downingtown Area School District, the student used a classroom computer during study hall time to illegally access the information, and later shared it with another student.

Logged
Reluctant CISSP, Certified ASS
LSOChris
Guest
« Reply #1 on: May 23, 2008, 07:37:45 PM »
yes, the problem is the kid and NOT the fact that he had access to that data from the study hall computer.

the complete lack of details to the "hack" make me think he just copied it out of a network share.

jackasses.
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #2 on: May 23, 2008, 07:55:37 PM »
Quote from: ChrisG link=topic=2497.msg11078#msg11078
the complete lack of details to the "hack" make me think he just copied it out of a network share.

Yup, same thoughts.... there was a good line towards the end of that article that grabbed my attention too... gotta grab it..

edit:
Quote
the school district says it’s taking measures to better lock down its Central Office server, including further limiting user access and eliminating generic log-in permissions

They said they had a breach in December, and now this is the second thing that has happened within a few months of each other. And they're just *now* getting around to "limiting user access and eliminating generic log-in permissions" .... who taught these guys? No principle of least-privilege? Come on....
« Last Edit: May 23, 2008, 08:02:05 PM by BillV » Logged
LSOChris
Guest
« Reply #3 on: May 23, 2008, 08:05:47 PM »
blogged it, couldn't resist

http://carnal0wnage.blogspot.com/2008/05/school-district-in-pa-hacked-by-15-year.html
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #4 on: May 23, 2008, 08:11:00 PM »
Quote from: ChrisG on May 23, 2008, 08:05:47 PM
blogged it, couldn't resist

Haha.. nice write-up.. favorite line: "A better question is why a database of names, addresses and social security numbers is sitting unencrypted on a network share."
Logged
Dengar13
Sr. Member
****
Offline Offline

Posts: 380



View Profile
« Reply #5 on: May 24, 2008, 08:10:32 PM »
Very good blog.  I must say (not to sound rude) that you get what you pay for.  I know that in PA (where I live) that IT pros in the education arena don't get paid too well.  It is a union-like environment, and the pay isn't competetive at all.  This results in less seasoned candidates that apply, and more entry-level people who are hungry, but not necessarily having the ideal skills to handle this job.  My buddy was like a one-man show at the school (PA) where he worked at for 7 years, and only got paid 45k...not too much at all IMO.  He doesn't have a whole lot of IT security knowledge (common sense though as it pertains to this breach), but God bless him, he did his best to stay afloat.  With that said, he left for greener pastures and can concentrate on the Windows/system admin side for more money, and less hassle.

Also, schools do not have much of a budget for IT, and the people who head the school boards, and ultimately the decison makers have little to no clue on what they need to have an up-to-par IT infrastructure.
« Last Edit: May 24, 2008, 09:03:30 PM by Dengar13 » Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
LSOChris
Guest
« Reply #6 on: May 24, 2008, 09:37:23 PM »
Quote from: Dengar13 on May 24, 2008, 08:10:32 PM
Also, schools do not have much of a budget for IT, and the people who head the school boards, and ultimately the decison makers have little to no clue on what they need to have an up-to-par IT infrastructure.

maybe a fat ass lawsuit can fix that up, at least for that school district.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.072 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.