Holiday, Florida, is apparently tough on crime as an eighth-grade boy at Paul R. Smith Middle School was charged with a felony for changing the digital wallpaper on the school computer of a teacher he did not like. The student claimed it was just a prank, but the sheriff claimed the boy hacked into the school’s “secure” computer network.
Secure? Seriously? Pasco County school district’s password policy practically seems like it’s the real crime as passwords are teachers' last names. The school district is now allegedly “in the process of changing the network password.” The kid discovered the password while shoulder surfing, or watching the teacher type it in, reported the Tampa Bay Times.
It’s not exactly an epically impressive hack. Unauthorized access by the student is true, but it’s not like he changed his grades; he changed the desktop background image! Yet the so-called prank has gotten the middle school student charged with a felony. He was suspended for 10 days for the prank, but Pasco County Sheriff Chris Nocco didn’t think that was enough and pushed for criminal charges to be filed. 10 days suspension is much more reasonable than 10 - 20 years in prison, which is what an adult could face for computer crime violations like unauthorized access under the Computer Fraud and Abuse Act (CFAA).
Changing the teacher’s computer wallpaper to show two men kissing wasn’t even his original intentions, the student claimed; instead, he intended to use the password to log into the teacher’s administrative account to screen-share and chat with his friends…something he says other students also do, use an admin account for screen-sharing purposes.
Why do teachers even have administrative privileges? Is that actually necessary or did it come from the same brilliant technical minds that thought using a teacher’s last name as a password was a good idea?
Regarding the felony charges against a 14-year-old eighth-grader, Sheriff Nocco maintains that “encrypted 2014 FCAT questions” were stored on the teacher’s computer, although Nocco admits the student “did not view or tamper with those files.” Nocco added, “Even though some might say this is just a teenage prank, who knows what this teenager might have done.”
Granted the kid has been in trouble before, having previously been suspended for three days for inappropriately assessing the school computer systems, but the “who knows what he might do" claim is as ridiculous as the idea that playing video games will turn you into a mass murderer. Play violent video games and who knows what you might do!
The student admits to accessing the computer that stored the FCAT files, but claims he found another after discovering the first didn't have a camera. He said, "So I logged out of that computer and logged into a different one and I logged into a teacher's computer who I didn't like and tried putting inappropriate pictures onto his computer to annoy him."
WTSP 10 News obtained a copy of the complaint affidavit (pdf); besides claiming the student “logged into multiple networked computers using an administrative-level account for which he did not have permission,” one of those computers “was a server containing 2014 FCAT information.” The complaint states, “A recording of the defendant’s computer was captured by a staff member of Paul R. Smith Middle School documenting the defendant accessing two computers using the aforementioned administrative account.”
Did it really take five hours to investigate a case where the password was the teacher’s last name, the student admitted what he did and there was a recording of his “epic” hack? Five hours is listed under request for investigative costs to be recovered.
Any other students who used a teacher’s last name to log in and screen-share had better watch out as the sheriff warned, “If information comes back to us and we get evidence (that other kids have done it), they're going to face the same consequences.”