While working for another company we found a similar problem and turned
it over to the District Attorney. They had a forensics expert look at
the servers that were compromised.
If the student is attempting or successfully hacking into other company
systems utilizing school resources I recommend that you shut the student
down immediately. By having knowledge and allowing it to continue
increases your liability.
Jason Hyams
Director of Technology
St. Agnes Academy
-----Original Message-----
From: A forum for independent school educators
[mailto:ISED-L@LISTSERV.SYR.EDU] On Behalf Of Johnson, Jason P Mr
WRAMC_Wash DC
Sent: Wednesday, September 19, 2007 7:28 AM
To: ISED-L@LISTSERV.SYR.EDU
Subject: Re: When you find a hacker... (UNCLASSIFIED)
Classification: UNCLASSIFIED=20
Caveats: NONE
As always, I am not a lawyer but I have been through my share of
investigations.
AUPs hold up well, but they end at the school door and must be
considered separately from legal action. You can define or implement
what ever consequences (loss of access, suspension, expulsion) and
remedies (work in the computer lab, other community service) you have
laid the foundation for within the AUP and by precedent. You should be
careful to give consistent consequences for the same violations. You may
also find (highly dependent on the individual student) that student
hackers really benefit from being taken under the wing of the tech
department and encouraged to use those skills to benefit, rather than
harm the community (in my personal experience that has been 1 in 5).
The more sever the consequence, the more push back you are going to get
from the parents and the more legally cautious you should be. Be
prepared to address the litany of outs like: Some one else has his
password. He was letting a friend use her computer at that time. It's
your fault for not having better security. She wasn't trying to guess
the admin password, she was just confused. I thought I had heard all
the excuses, but there are new ones every year so I wish you well on
that score.
As to external consultants and keeping the data clean, that would mostly
be applicable if you were pursuing a criminal investigation or if you
fear legal action by the hacker's parents or a student/teacher that was
harmed by the hackers action. If that is the case, I would stop
collecting data immediately, shut down all the impacted systems,
document everything you have done in writing, and seek the help of a
certified computer forensics consultant (very pricy) and a lawyer
(probably less pricy). The forensics expert will help assure that the
integrity of the data will hold up to court standards. It may be that
you already have investigated enough to have disrupted that integrity,
and a good forensics expert will be honest about whether they can
provide any value at this point or not. =20
A regular consultant will provide some help, but unless they have
verifiable forensics experience, their participation probably has no
added value unless your sys admin needs technical help. As long as you
are paying the consultant to do the work they can not be considered
clean or unbiased. That said, most parents will back down when what you
are telling them can be verified by a knowledgeable third-party. The
big exception being if their child is facing charges or expulsion, in
which case they have nothing to loose by making a scene. Just make sure
that consultant is comfortable writing a report to be viewed by the
parents and avoid having them directly interact with the parents.=20
_Jason
___________________________________
Jason Johnson - Program Director
Web Services Branch - Walter Reed Army Medical Center Ingenium (ISO
9001:2000 certified)
Office: 202-782-1047
Cell: 202-262-0516
jason.johnson@ingenium.net
jason.p.johnson2@us.army.mil=20
-----Original Message-----
From: A forum for independent school educators
[mailto:ISED-L@LISTSERV.SYR.EDU] On Behalf Of Don McNamee
Sent: Wednesday, September 19, 2007 4:25 AM
To: ISED-L@LISTSERV.SYR.EDU
Subject: When you find a hacker...
Hi,
We all have Acceptable Use Policies/Statements....
When you have found a student hacker on campus how did the AUS hold up?
How did your Senior Admin handle the situation?
We're still collecting data and taking into account the reality that
we'll go to an external consultant to keep the data 'clean and
unbias'...but I'm keen on idea/advice amongst you all - feel free to
email me off list.
Regards,
Don
[ For info on ISED-L see http://www.gds.org/ISED-L ] Submissions to
ISED-L are released under a Creative Commons license.
Classification: UNCLASSIFIED=20
Caveats: NONE
[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a Creative Commons license.
[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a Creative Commons license.
