[peterwwillis]

I'm almost surprised that school administrators are still pulling the same shit they did 19 years ago. I have basically the same story. I dropped out and got a GED after I was framed by a malicious network admin and expelled, the record of which followed me to each subsequent school. I still managed to work my way into having a career, luckily. But the effects on my family and my development as a kid were significant.

Not only is it unfair, it's hypocritical. First the school keeps the lamest possible security practices (or none at all), and then they punish the kids that stumble onto unprotected systems. It's like keeping unlocked storage closets where kids could get into harsh chemicals, and then recommending the state pursue criminal charges when the kids find them and spill them everywhere. The bigger question is, Why did the school leave the closet unlocked, and why is the school not held accountable??

To answer the article's question, they should partner with other school districts to offer advanced cybersecurity programs to gifted students. At the very least, get the kids to participate in something like picoCTF so they have an outlet for their talents. After-school programs in addition to more advanced online classes will really help.

But also, schools should stop being run by moronic fear-mongering administrators with no conscience.

[thomasfedb]

A friend and I managed to gain superuser access to my school's systems (including remote screen access to every teacher's laptop) when I was in secondary school.

After a little playing around we handed the duty technician a post-it note with the superuser password on it and told them we would explain how we found it if they wanted.

I was summoned to the office of the head of IT, congratulated, asked to explain how we did it, and told that we had to keep the password a secret until they had a chance to fix the issues. A week later they told us it was fixed. After I graduated my school hired me as a freelancer.

This is in Australia, but I'm unsure how well my experience generalises here.

[sandworm101]

Because your school ran its own IT. In today's north america schools this is contracted out, or at least covered by a multi-school or district team who never talk to actual children. Any kid finding a flaw is a threat to that contract or system. Administrators dont want to look foolish, or admit liability for a flawed system, so they go after the kid (Modern privacy laws make them fearful of admitting anything.) Remember too that there is a culture in NA of adults seeing teenagers as a threat. They are suspect the moment they get to school. Any deviation from a norm only confirms that perception.

[thomasfedb]

Our IT department each rotated through being the Helpdesk person who talked to kids all day. They ran our robotics club. If you were interested in mail servers, or LDAP, etc they'd invite you in to see the server room.

I suppose they felt they had a duty to teach us, just like the rest of the staff.

[katzgrau]

It seems school district security practices are pretty atrocious universally. In my junior year of high school me and a buddy realized that all passwords for our district were 6 digit numbers. We didn't have to be mad geniuses to realize how easy that would be to crack. And sure enough there was a webmail login form on the district's front page that apparently didn't involve a nonce or security token. So we whipped up a visual basic app (because that's all we knew) and cracked a teachers password in two days.

Once we were in, we eventually found access to the district website server and found the admin password for the entire district (it was a big district) sitting in plaintext on the school website server.

We were smart enough never to do anything malicious or even questionable, apart from getting there in the first place. And we kept it a secret for years. But the amount of sensitive info we had access to was unreal. That same password was used for every major system (school lunches, grading, etc).

And whats crazier is that about ten years later I had bumped into somebody at a bar who was on the IT staff for that district. He was stunned to hear the story, and even worse, that the same password was still being used.

[efdee]

You think your Visual Basic GUI could be used to track a killer's IP address? Because if so, that shatters my entire reality.

[xfitm3]

I have a similar story but I wasn’t expelled. I was locked in a room and yelled at for a couple hours. Ultimately, I was banned from the library. I loved reading.

The computer teacher setup a special curriculum for me that covered discrete electronics and I attended this in lieu of another class.

He was a former x-ray technician and taught me all about resistors, diodes, capacitors, inductors, you name it. He created binders with these components taped to work sheets with technical information.

The school was ran by a moronic fear mongering admin, but there were at least a few good people who saw I was different. I probably wouldn’t be here today if it wasn’t for that teacher.

[spydum]

We might be doppelgängers. However, you do have to acknowledge that schools and budgets for education infrastructure will NEVER be adequate. I do agree with your suggestions though: tap into those students and offer them an outlet, while stressing the ethical and legal concerns with this line of work.

[calhoun137]

Also happened to me when I was in high school, but luckily my mom was able to convinve the school to drop everything.

The school is not only incapable of provoding a quality education for these super smart kids, but they also were exposing everyones data in a negligent and reckless way. Where is the punushment for the network admin?

Seems like the real lesson here is dont be a black hat hacker, or at least if you are gonna do that, dont get caught no matter what. The truth is if they werent minors theyd be totally fucked for this. I imagine lots of us here had similar experiences. Its natural enough to want to explore and play with this kind of thing. But life isnt fair, and that is an important lesson we all have to learn at some point.

If I knew either of these guys I would hire and mentor them right now.

[leesalminen]

Wow, expelled?!?

After a similar inicident in middle school, my only punishment was that I had to start a computer club at the school and run it with the IT guy that got pwned.

Although I detested the punishment at the time, it turned out to be a lot of fun. I got to build PCs on the school’s dime.

[Someone1234]

It is worth considering that we've gone through several moral panics about "hacking," particularly in the late 1980s and early 1990s.

That's why computer crime laws are so disproportionate (e.g. spray paint a physical sign get a $100 fine, vandalize a digital sign get five-ten years in prison). They were written when a bunch of ignorant lawmakers were freaking out about hackers turn off electricity or wiping out the stock market.

[crankylinuxuser]

Yep.

I've been shouted down at our work book club while reading Mitnicks memoir. I said that a good amount of early hacking was "e-trespass" and "e-vandalism". The non-e versions of those crimes are low grade misdemeanors.

Yet, it was a bunch of shitty laws that somehow elevate them to manslaughter and 2nd degree murder equalivalent.

[Avamander]

This might be also because most governments and police absolutely lack the knowledge to catch any cybercriminals or to even understand the crimes. The punishment isn't surprising to me if I take their fear into account.

[Broken_Hippo]

"To answer the article's question, they should partner with other school districts to offer advanced cybersecurity programs to gifted students"

Funding laws could disallow this. For example, in Indiana, two schools cannot jointly hire a teacher. They can both hire the teacher part-time if they'd like, but the teacher wouldn't get full-time benefits. (My father worked as a business manager in different school systems in Indiana).

The entire reason for this is funding laws. I think this is a consequence of funding schools through property taxes, but I'm not sure. I'd really like some of this to be changed so there is more flexibility and less difference between area schools, but that isn't how these are designed.