Comment by nutwit
4 years ago
The school district itself was relatively chill, however the individual deans freaked out. Because the penetration report was sent to the tech team and not the deans, the deans were intent on finding out exactly who did the hack to find something to report to their bosses (and according to them concern about the grade book system being exposed?? Not sure how you’re supposed to rick roll a grade book but if anyone has an idea i’d love to know). As the earliest poster of footage of this event, I actually got tracked down (despite the fact that the only information they had to go off of was my youtube channel which had no references to my actual name whatsoever) and interrogated about what I knew of the event by the dean. The penetration report had been sent a while prior to this (which I knew about, as being a sibling of the original blog poster can have many benefits) which made the entire thing so much funnier. I was thankful that masks were a requirement for in person students at the time, as my mouth was literally twitching the entire time during the interrogation.
> grade book system being exposed
In our high school they didn't expose the gradebook in that you could get in and change it, but we were able to see everyone else's grades. Teachers would post grades for their class and "obscure" it by posting it with the student ID (you were only supposed to know your own) next to the grade. But when the posted, the entire list was still in alphabetical order so it wasn't hard to figure out everyone's grade and student ID.
And the cherry on top of this was that all the students' passwords were their student ID.
>and according to them concern about the grade book system being exposed??
Junior year in high school, I got suspended for "hacking."
The tl;dr is that I was using a proxy to fetch assignments for class (because the county decided "yeah, this state run Moodle instance is obviously not appropriate for education" and one of my classes used Moodle) and got caught with the proxy configuration screen open. I wish I was joking.
Anyway, when I was sitting in the guidance counselor's office as the teacher was talking up how "dangerous" I was, I noticed a sticky note with a username and password written on it. Turns out it was an admin account for the gradebook, though I think it was just intended for scheduling.
I never did anything bad with those credentials, but that really tanked what little respect I still had for the administrators there.
On a lighter note, when stack exchange & co got blocked the next year, I was good friends with the librarians since I helped out a fair amount fixing up their laptop carts (and doing other things the sysadmins were too busy to take care of), and they were able to get them unblocked. It taught me a lot about office politics: people are willing to return favors, so you should always make those connections.
>but that really tanked what little respect I still had for the administrators there.
I mean, why did you have any in the first place?
I've met very, very few employees of high schools who were worthy of any sort of intellectual or professional respect.
yeah, those inner connections were really important. guess it was a good thing my brother was friends with the tech person at our school.
Yep. It's also a general signal that you'r a good actor willing to do the work. An observer with no interaction can see what you did for the librarians and put in a good word for you somewhere without you ever even knowing.
> espite the fact that the only information they had to go off of was my youtube channel which had no references to my actual name whatsoever
Assuming you took the video at the top of the article, it was presumably trivial to figure out who was in the class you were in and then rule out everyone who appears on camera as the camera man. Or just ask the teacher...