Antisniff

[nihil]

Well I wanted to see if I could prevent this from occurring again because a big fear overcame the staff about compromised info.

You can't without locking down the system to such an extent that it would be pretty useless for an educational establishment. The administrative network should be separate from the general school network and totally inaccessible to the students.

There was also an outbreak of other children using sniffers and just running it in promiscuous

Well how else will you run a sniffer?

the tech said there were some network failures and he looked into it and claimed it was my fault.

How? but you do mention "other children using sniffers".............. I wonder where they got that idea from?......... perhaps you ran off at the mouth?

You must realise that the crucifiction of ringleaders and instigators is a Western tradition that dates back over 2,000 years?

The felony is based on the destruction of government property

I honestly don't see how you could have done that........... if you had destroyed data/corrupted files by screwing up, surely they would have said so? that doesn't have anything to do with MAC addys AFAIK?

never told me why I have 3 felonies

Don't you have a lawyer....... what is "discovery"? Unless American law has totally degenerated, when you are arraigned they have to tell you where, when and how?

I don't want to complain because I'm getting informal probation

Que? don't you have a thing called "due process" over there?

But seriously aren't MAC addresses permanently stored on NICs?

Yes, one is assigned when the device is manufactured, but that doesn't mean it will be the one that is used on your network. Also, some of them have the facility to let you change the pre-assigned one on the EEPROM chip.

I want to see if i can go back to school.

Yes, but a different one............... you have been identified as a troublemaking ringleader. They have to make an example of you?

i just didn't have an ellaborate network to play with at home.

Never an excuse for messing with one that belongs to someone else and is shared with your classmates.

If I were you I would start looking for another school.

[brokencrow]

Well I wanted to see if I could prevent this from occurring again because a big fear overcame the staff about compromised info.

That's not a bad sentiment. But your skillset probably isn't much of
a match for the IT dept's. You might try a different approach. Does
your school have a newspaper? Perhaps a letter of contrition might
be in order, one warning off other students from hacking activities.
That would go a long way towards discouraging other students from
following in your footsteps. Might win you some brownie points, too.

YOU have no idea what IT went thru, for perhaps six months. Just
because you had no problem in that time doesn't mean the school's
admins didn't. They probably spent quite a bit of time running down
the problem, which costs money. Hence the felony. And apparently
other kids caught on to what you were doing. So the spoofing was
rather widespread, undoubtedly causing network outages and raising
concerns about a data breach. And again, costing the school a pretty
penny, especially if they had to bring in an outside contractor.

Were you charged under USC 18 (federal court)? I believe the threshold
for computer crime is only $5000 in damages, and that's not limited to
physical damage. Hourlies and other fees probably figured into it. Yow,
Mom & Dad must be PO'ed.

Live and learn...

[isildur]

Nihil- "Que? don't you have a thing called "due process" over there?"

In some more progressive areas for non violent crimes they will offer a diversion program. Mates isn't very clear on what is going on here so it is hard to say. Programs like this are very common with juveniles, they give you a choice to go to court and take your chances or follow certain rules (usually some educational and community service activities) then after a certain time period the violations disappear from your record. It sounds like he may have gotten lucky. Sometimes as everyone on this list knows, the prosecutors like to really stick it to the evil hackers to make the general public feel safe. They are almost as dangerous to society as the pot smokers that we like to send to prison for longer than child molesters... sorry I got off track there...

[nihil]

Hiring a contractor to secure a system that you should have secured yourself is not "damage" repair.

To attempt to claim it as such is malicious prosecution, conspiracy to pervert the course of justice, and plain old fraud

If you don't know what kids are like you just haven't got a career in Highschool IT admin IMO

[brokencrow]

Due process hasn't been the same here in the States since that fateful day in 2001.

As for the contractor comment, there's no telling, except everything here gets contracted anymore. We even contract soldiers from an outfit called Blackwater to fight in Iraq.

[nihil]

Hi brokencrow,

My comment on the contractors is based on my observations of several cases of this type over the last couple of years.

You see really fanciful figures and know they wouldn't withstand even the most cursory audit. The majority of the "damage" is getting people to sort out systems that should have been sorted already. Nothing to do with the supposed perp's activities.

[isildur]

Its not just the last couple of years. Look at the damages that were claimed against Mitnick. Certainly it has grown more common in the last few years with the claims made under the DMCA by the RIAA and MPAA.

[brokencrow]

Most IT dept's I've seen are very shorthanded. I worked in one where there were two of us onsite, with some offsite support, for 400 desktops/laptops and some 30-odd servers. That was a tough job because you knew you weren't doing it 'right', you were just doing the best you could. And that's not just IT, it's a lot of industries. When I worked in healthcare, nurses routinely had a patient load of 20+ per shift. Do the math: less than 3 minutes per hour per patient.

I don't doubt that the systems should have been 'sorted out' already. It's a numbers game. No one budgets enough and there's too many promises. Adam Curtis critiqued it well in his 2007 series, The Trap. Obviously the kid screwed up here. Quantifying the damages is tough. As an admin, working shortstaffed (and I guarantee they're shortstaffed), it's got to be very aggravating going thru the whole process of sorting out any resultant network issues. It was going on for 6 months to one degree or another, which is going to be disruptive. Lots of intangibles, so pretty much all it takes under USC (federal law) for a felony computer crime to have occurred is $5000 worth of damage. How do you show that?

With a piece of paper, same way the Dutch bought Manhattan.

[nihil]

Yes, and as well as short staffed I would guess their hardware/infrastructure budget is pretty limited, so they wouldn't be able to handle much in the way of performance hits.

You made this observation:

I think there's a tendency when one gets into 'security' tools to not realize how powerful they are and what they're doing to others.

That is very true, and it occurred to me that most of these systems administrators' tools are generally only intended to be run as a single instance on any given network.

When you get a number of kids running the same tool over the same network it would doubtless produce a pretty big performance hit? A bit like running 5 AVs or firewalls at the same time?

It would be intermittent, and I bet it drove the admin crazy.

so pretty much all it takes under USC (federal law) for a felony computer crime to have occurred is $5000 worth of damage. How do you show that?

From what the guy says he was busted by the police, not the Feds?....... they would have just busted his bawlz and got on with their next case.

That brings up the issue of "damage" and "cost". If you trash a server or workstation such that it has to be restored/rebuilt then that is "damage" and anything else is a "cost".

Over here, you would be allowed anything it took to restore your system to the condition it was in before the incident, plus any expenses to maintain your service levels whilst the problem was being resolved.

I see the problem in the US as being that you have rushed into legislation in areas that the legislators did not understand; and the problem with legislation is it kind of "sets things in stone"? Don't worry, we have the same problem with our legislators

Looking at it from an equity/tort angle (civil law) I would take this view:

1. The kid broke the school rules: that is an internal disciplinary matter
2. The school incurred additional costs related to the incident
3. The parents are responsible for those costs

In the UK this incident would not involve the police, they would not be interested as it is neither a misdemeanour nor a felony over here.

For that you would require unauthorised access or criminal damage, and you can't have criminal damage without proving criminal intent.

Of course, if you ran a sniffer on the administrative network then that would be unauthorised data access, which is a whole different ballgame.

[Opus00]

When running ettercap, which uses arp poisoning (most the time it will also use the IP/mac of it's gateway to do the arp poinsoning) which then causes all traffic to go to you and not the default gateway(router) hence causing a network outage for that subnet/network