For blogs with less than 300 Followers

For blogs with less than 300 Followers
Thanks to Hestia's Larder for this delightful award.
(For Blogs with less than 300 Followers)

Saturday 13 November 2010

We were Hacked

It wasn't a virus.

I said on my last post that we had a computer virus in our school computers, but yesterday we found that was not the case.

I was pleasantly surprised to see our school system back up (well 80% of it anyway) yesterday morning when I got in at 7:30.  My estimate was in not really having a functional system until next week, because of the complexity of our system and because of the damage a virus can do.

By 2 pm, everything seemed to be working normally, so I went and had a chat with CH.  There had been a rumour floating around the school that a boy in Year 10 was responsible for the virus attack.  I know the boy concerned, and although he had been in a bit of trouble over misuse of the school computers, he wasn't malicious, and quite honestly I didn't think he had the knowledge.

CH now told me that although he had originally thought it was a virus, he had discovered while repairing the system, that we had been hacked.  Someone had logged onto our server remotely and changed many of the settings, causing the chaos of yesterday.  Whoever had done it had used an administrative logon and password.

I went and had a little chat with the year 10 suspect and his probable compatriot in crime, and while I discovered that he probably was involved in some way, he really hadn't done anything bad.  He wasn't the main culprit, although there was supporting evidence that he might have discovered the administrative logon and  password from a previous incident.  We sent him home (I use the word we here, as I had to get a DP to help in the interrogation questioning and sending home, as I don't have the authority to do so) to think what he had done, and to prepare a written statement for me on Monday.  I also told the boy that we had reported the incident to the Police (true) who would be investigating the incident (true) and who would be asking him questions next week (untrue) so he'd better get his story straight.

I went back to see CH to discuss the whole incident, and as he now knew it wasn't a virus, and as almost everything was back to normal, he had been investigating any changes to our system.  He then told me that he had found evidence linking one of our Year 11 pupils into the hacking attack.  This pupil is bright, very interested in computers, is in one of my computing classes and a bit devious.  He was a much stronger suspect than the original year 10 boy, and the evidence we now have is much more complete and objective than the rumours we had at the start.  I'm sure we've got him, and I've already banned him from the school network, and every member of staff has been sent an email with our suspect's name and picture, telling them not to let him near any school computer at any time.

The student involved is sitting an NZQA exam on Monday, so we'll pick him up when he finishes that.  He might even be reading this post, so here's a piece of advice to him. 

If you're going to logon to the school servers to change the security settings, don't use a school computer to do it, and don't use your real logon.  Every change is logged and we know who you are, where you logged on from, and when you did it.  Don't plan on gaining any more computer qualifications at our or any school, because you won't be touching a computer for the foreseeable future.

There's a good kiwi expression for what you now are.

Can you guess?

Here's a picture to help you.

6 comments:

  1. A lot of work remote desktopping a school computer just to take down the system, there are much easier ways to do it

    ReplyDelete
  2. Sounds like one of the staff had compromised the system by letting his/her logon be seen.
    I think they are the real culprit; the kid should get an A+ for computer skills.
    In a few years time NZ may be the new leader of the computer industry thanks to some kid that was expelled.

    ReplyDelete
  3. No. I don't agree. Illegal and immoral behaviour should not be condoned. Don't start thinking that there is a uniqueness in computer (or any skills). Give the responsible kids a chance and boot out the scoundrels.

    ReplyDelete
  4. Second, not possible I'm afraid. None of the staff ever had that password, it was purely the work of a student. The kid involved didn't do anything especially clever, but at least wasn't overly destructive. It caused a loss of proper teaching for most of the day.

    Anon. Yes I know there are easier ways, but our students who know what they can do and have that ability are also smart enough (and probably nice enough as well)not to hack into the servers.

    TC. Couldn't agree more.

    ReplyDelete
  5. Well, I'll be! I saw the boy's picture at school yesterday (Saturday). He was in my form class in year 9 and, if he doesn't get kicked out and if we don't go to those silly vertical forms, I think he's coming back into the form class next year.

    ReplyDelete
  6. I know Richard [of RBB], I've taught him for three years, and he seems quite a reasonable guy, smart, reasonably hard working, but also a little bit devious.
    It's not 100% yet, but CH & I feel it is him.

    ReplyDelete

Related Posts Plugin for WordPress, Blogger...
Site Meter