[krsdcbl]

Is it just me or does the story inexplicably blow up the boys tech proficiencies and then almost casually mentions that all they did was log in to school computers with credentials from a post-it on the machine itself in a public space?

How are they at fault if said credentials grants them access to unprotected sensitive records and an obviously badly exposed administration system?

[edtechstrats]

They boys are clearly tech-savvy to a degree (they build their own PCs, mined crypto, understood Windows user permissions, etc.), but I seriously doubt that they would or could have broken into the district's systems without two things: 1/ an admin password left on a sticky note and 2/ clear text storage of other user passwords in an excel file published in a shared folder on the first machine they accessed (a public machine in the middle school library!). Other issues: old user accounts left still active; no review of access logs or logs of server usage (which would have spotted Monero mining). Note: the boys reported that passwords on sticky notes was routine throughout the district (and how they got access to the security cameras, too).

[LogicX]

It goes to show the districts poor understanding of technology that their incompetence led to calling what they did ‘hacking’

[wizzard]

Another breathless article about l33t hacking where the method is just stumbling across passwords.

It’s like a bank leaving its doors and vault open, and whoever walks in and grabs the money being lauded for his bank robbing prowess.

Also, they are very much at fault for knowingly using someone else’s credentials. It doesn’t matter how easily they obtained them.