Oh The Good ‘Ole Days
So I came across this article on Digg the other day and the similarities between this student and me were unbelievable. I assumed my case was one in a million, but apparently not. For those that don’t know what I’m talking about, let me do a little summary.
During the first semester of my sophomore year of high school, I was in a Networking class (you know, this is a modem, this is a router, that kind of BS). During the course of this class, I found myself messing around with the school networks and what not as the teacher rambles on about nonsense. One day, this led me to a find that to this day I never wish I found. By just navigating through the windows explorer window of directories, I found myself in the root folder of the entire DPS (Durham Public Schools) file server. Included in this server were copies of network applications (a version of Office, student attendance tracking, grade books, etc) but this really didn’t mean much because all of these apps required a unique user/pass to access separate from the WindowsXP logins every student/teacher had. Deeper into this directory I came across a Student Information Management (SIMS) application. No big deal because I don’t have a user/pass right? Wrong. This particular application allows for it to be backed up at any intervals. For DPS, this was weekly. This is a normal ability with any program, but whats not normal, is the administrators of this network’s idea to save these backups on an unprotected server for anyone to take. Needless to say I opened them up and quickly started telling the people around me their addresses and home phone numbers. It was great when I raised my hand and asked my teacher if 1234 Rainbow Lane was her address. The look on her face was priceless.
After class I sat down with this teacher and addressed my concerns with not only mine, but 40k+ students and 15K+ teacher/staff information was available so easily and asked if I could talk to the head IT guy to discuss how to fix this. At this point, I thought I was the good guy. I was wrong.
Later that day during my lunch, a police officer approached me and asked me if I was Cory Holt. I responded yes and I was forced to follow him to a small room inside the school. As I entered I found my principle, the head IT guy for all of DPS, and a detective from the Durham County Sheriffs office. As the questions began I finally realized that they didn’t find me as the saint that I thought I was. Short and simple: I had the police bust in my house and take all of my computers and things making a huge mess for me to deal with all the next year. It took 11 months to get all of my property back, and to this day, the Durham County Sheriffs office still has my 512mb flash drive, but I’m not too worried about that.
Now in my case, no charges were filled and I was just given a slap on the wrist. In this kids case, he’s in a lot more serious trouble which leads me to an interesting question: Why prosecute the people that are trying to help you when its obvious you cant help yourself? I remember in the “interrogation room” that I was in for upwards to 8-9 hours, mentioning “Do you think I’m a terrorist?”. They didn’t like that very much.
So other than all the technology teacher’s knowing my name and every student fearing that they’ll have horrible credit reports, I thought it was quite an interesting experience and an example of how ignorant people can be when it comes to them not doing their job right. In my opinion, charges should have been filled against them for not properly securing the personal data that they REQUIRE to attend school. It’s their responsibility and when they don’t follow it, nothing happens. But the second I step out of line, everyone is quick to jump on the gun. Just my $0.02.
~Cory
