I think everyone that wants to help him take a second look. I am an admin for a school. Our policy states no unauthorized equipment is to be plugged into our network. Although I don't volunteer the reasons I will explain to students why if they should actually ask. The reasons are obviou. It also states what will happen if you do. All the students read it and signed it.

Although we have never sued any students many have been expelled for attempted cracking of the network... ie running a sniffer from a laptop.

There are ways though to prevent it. All of my switches are hard coded with the ALLOWED mac's. So even if a student was to plug in his laptop and static his own IP address he won;t see anything except maybe what ons on the port the lab is using.

I would almost bet my career that we are only hearing half the story. I would also bet a P2P program like Kazaa was involved.