Carmel Unified School District Hack Leads to Teen Arrest
Technorati Tag: Security Breach
Date Reported:
9/13/07
Organization:
Carmel Unified School District (CUSD)
Contractor/Consultant:
None
Victims:
School district employees and parents of students.
Number Affected:
Unknown*
*According to the school district web site, "CUSD employs approximately 165 certificated and 170 classified staff members." and "current enrollment of approximately 2,166" Potentially, 4500+ affected (2166*2 + 165 + 170).
Types of Data:
Name, address, birth date, Social Security number, phone number, and passwords.
Breach Description:
A Carmel High School student has been arrested for allegedly "hacking" into school computers and accessing personal information. "Sensitive" information was found on the student's computer. The breach was discovered by school officials on March 22nd, 2007 originating from a school library computer.
Reference URL:
http://www.nbc11.com/news/14111814/detail.html
Report Credit:
NBC11.com and the Bay City News
Response:
From the above mentioned online reference:
"A Carmel High School student has been arrested Thursday, following a lengthy investigation for allegedly hacking into school computers and accessing personal information of the entire staff."
[Comfyllama] Later in the story it mentions that parent information was also found on the student's computer.
"Sheriff's deputies arrested the student Wednesday on three felony computer crimes."
[Comfyllama] Three felonies for a Carmel High School student? The Monterey County Sheriff's Office takes computer crime very seriously, as they should. Kids, crime does not pay!
"At the time, in March, when we were alerted we brought in a company from San Jose," Behan said. "They were able to help us tighten things down." - Paul Behan is Carmel Unified School District Director of Technology
[Comfyllama] It should not go unnoticed that the school district recognized their limitations and sought outside help when needed. This is usually a tough thing for us technology people to do. We don't want to admit we don't know something.
"The district is now using anti-hacking tools and being more proactive about monitoring the district system, Behan said."
"Behan could not say why the information was taken or whether it was used for any purpose but that the district is concerned that employee information may have been compromised."
"Deputies found sensitive staff information, including Social Security numbers, birthdays, addresses, phone numbers as well as parent information and school passwords, on the student's computer."
"The student's school status is not being disclosed."
[Comfyllama] Would I be "going out on a limb" to say that this student has probably been (or soon will be) expelled?
Commentary:
Did curiosity get the best of this kid or did he have other nefarious purposes in mind? I think it is usually curiosity and bragging rights that motivate teens to do these types of things, but I might be naive to think so.
Past Breaches:
None
Date Reported:
9/13/07Organization:
Carmel Unified School District (CUSD)
Contractor/Consultant:
None
Victims:
School district employees and parents of students.
Number Affected:
Unknown*
*According to the school district web site, "CUSD employs approximately 165 certificated and 170 classified staff members." and "current enrollment of approximately 2,166" Potentially, 4500+ affected (2166*2 + 165 + 170).
Types of Data:
Name, address, birth date, Social Security number, phone number, and passwords.
Breach Description:
A Carmel High School student has been arrested for allegedly "hacking" into school computers and accessing personal information. "Sensitive" information was found on the student's computer. The breach was discovered by school officials on March 22nd, 2007 originating from a school library computer.
Reference URL:
http://www.nbc11.com/news/14111814/detail.html
Report Credit:
NBC11.com and the Bay City News
Response:
From the above mentioned online reference:
"A Carmel High School student has been arrested Thursday, following a lengthy investigation for allegedly hacking into school computers and accessing personal information of the entire staff."
[Comfyllama] Later in the story it mentions that parent information was also found on the student's computer.
"Sheriff's deputies arrested the student Wednesday on three felony computer crimes."
[Comfyllama] Three felonies for a Carmel High School student? The Monterey County Sheriff's Office takes computer crime very seriously, as they should. Kids, crime does not pay!
"At the time, in March, when we were alerted we brought in a company from San Jose," Behan said. "They were able to help us tighten things down." - Paul Behan is Carmel Unified School District Director of Technology
[Comfyllama] It should not go unnoticed that the school district recognized their limitations and sought outside help when needed. This is usually a tough thing for us technology people to do. We don't want to admit we don't know something.
"The district is now using anti-hacking tools and being more proactive about monitoring the district system, Behan said."
"Behan could not say why the information was taken or whether it was used for any purpose but that the district is concerned that employee information may have been compromised."
"Deputies found sensitive staff information, including Social Security numbers, birthdays, addresses, phone numbers as well as parent information and school passwords, on the student's computer."
"The student's school status is not being disclosed."
[Comfyllama] Would I be "going out on a limb" to say that this student has probably been (or soon will be) expelled?
Commentary:
Did curiosity get the best of this kid or did he have other nefarious purposes in mind? I think it is usually curiosity and bragging rights that motivate teens to do these types of things, but I might be naive to think so.
Past Breaches:
None
Posts Atom 1.0
They had a student at the 1999 that was their computer tech(yes, omfg) that succumbed peer pressure and gave the admin password to other who attempted to delete the grades of the entire school.
Reply to this
That's a good one. With the recent Certegy/FIS breach in which a dba stole and sold 8.9 million personal records, there is a lot of discussion around auditing administrators and special privilege accounts. I am on a project now to do this very thing.
Reply to this
Lol this guy must have been good Kudo Bro!!!
Reply to this
Lol i live in carmel and go to school there but that is almost as funny as watching some idiot new surfer try to surf mavericks
Reply to this