alt Hacker NewsIn high school a friend figured out you could map any network drive to your desktop and access it (Windows XP), and since everyone in the entire school district had a username of {last name}{first initial}, you could gain read/write access to anyone’s network drive (essentially “home folder”). He used it to get test answers from teachers, I used it to create (empty) folders named “porn”, “porn 2”, et al.
Anyway when he was caught (a fellow classmate ratted him out) he got 10 days out of school suspension. The VP threatened to call the police… for what offense I’m not really sure. There seems to be a fundamental misunderstanding of cybercrime and cybercrime laws. I mean was it really unauthorized access (they called it “hacking” of course) if his user account literally had permission to map network drives?
They removed the ability for student accounts to map network drives, but the district IT guy was not fired. I really don’t get that. Maybe the union saved him… but dog, everyone knows you can map network drives by right clicking on the desktop. I never thought to try it, but that doesn’t mean the district’s IT SME gets a pass.
Replies
> I mean was it really unauthorized access (they called it “hacking” of course) if his user account literally had permission to map network drives?
It may not pass as hacking, but it certainly was unauthorized. Network policy in software should reflect reality, but the source of authority comes from humans. Your friend literally was not authorized to access teachers' files, regardless of poor software configuration permitting the capability.
Is it still trespassing if the door was unlocked? Yes. Not sure why so many people have trouble applying the same principles of unauthorized access to computers.
Someone at my high school (late 90s/early 2000s) was apparently distributing something on CDRs.
I got called into the police station, where a cop asked me, verbatim: "Son, did you copywrite them there CDs?"
I did something similar in 7th grade, with the extra naughtiness of charging my peers 50 cents or so to drop the basic Windows games like pinball and Ski Free into their home drive. I created a couple of joke files in my favorite teachers' directories and then notified the IT admin before someone more nefarious saw what I was doing.
That admin became my mentor and is now a lifelong friend.
It sucks when school administrators are needlessly punitive.
In my school, some jackass kid made a photocopy of a $20 bill, on a little mid-1990s HP Officejet in the library. Even in those days, they were programmed to make bad copies of US currency (I think they were enlarged and the color messed up). It was more of an innocent “woah look at this thing”, there was no intent or effort to glue it together and try to use it.
The assistant principal, who was a petty drunk who was uniquely unsuited for her job, flipped out and called the secret service. The kid was arrested & had a lot of issues over nothing.
It always stuck in my mind and accelerated the development of my contempt for petty tyrants who experience joy from the pain of others.
Is it really breaking and entering if they left their key under the flowerpot and you found it?
> I mean was it really unauthorized access (they called it “hacking” of course) if his user account literally had permission to map network drives?
My expectation is that laws probably specify that gaining access that you know you’re not supposed to be able to get is probably illegal, but I get your point.
Reminds me, however, of the pen-testers that got hired to infiltrate a court system and got harassed by a prosecutor despite having explicit approval to conduct an audit.
https://darknetdiaries.com/episode/59/
Our judicial system is ludicrous.