Brickbat: Shall We Play a Game?

Charles Oliver | 11.13.2018 4:00 AM

It started in seventh grade, when Jeremy Currier and Seth Stephens found a sticky note with log-in information on a computer in the school library. Using that information, they were able to access files created by staff. A couple of years later, in high school, they found another sticky note with log-in information on the laptop of a school security guard. They used that to take control of the school's security cameras. Eventually, they hacked all of their Michigan school district's computer systems. Even though, according to Education Week, there's no evidence they "cheated or changed grades, disrupted classes or sold answers to tests, zeroed out lunch balances or broke into anyone's locker, installed malware or deleted files, harassed people online or stole anyone's identity" the two were expelled when their exploits were finally discovered, and they are now the subjects of a criminal investigation.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Reporters Become Participants in Tribal Political Warfare

Hide Comments (46)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Rat on a train 6 years ago

The boys were even using district servers to mine for cryptocurrency.
Come on Reason, open up your servers so I can do a little mining.
Bessie54 6 years ago

Stay at home mom Kelly Richards from New York after resigning from her full time job managed to average from $6000-$8000 a month from freelancing at home... This is how she done it
.......
???USA~JOB-START
1. DiegoF 6 years ago
  
  How did Bessie54 hack into the system?
  1. Wizard4169 6 years ago
    
    Probably another password on a Post-it.
Fist of Etiquette 6 years ago

Now, the case is raising a number of big questions. Chief among them: How can schools better develop the potential of children with advanced computing skills and a penchant for probing boundaries?before things go bad?

That's a square peg. We don't have any holes for that.
Fist of Etiquette 6 years ago

Seventh grade was also the year the boys noticed a sticky note attached to one of the public computers in the middle school library. It had a username and password on it, they said, in case students or staff wanted to look up books but had forgotten their own credentials.

What. The. Hell.

Either the district's contracted IT services are inadequate or the staff and leadership have willfully ignored good practices. Someone should be fired, not expelled.
1. Griffin3 6 years ago
  
  Shouldn't this be like attorney-client privilege, where, if you expose your secret login information to a third party in a stupid way, your privilege goes away?
Fist of Etiquette 6 years ago

But letters sent to the Stephens and Currier families as part of the disciplinary proceedings against their sons spell out the district's perspective.

While the boys "did not directly threaten the safety of staff or students," Rochester officials wrote, their breach of the district's network was "pre-mediated [sic], deliberate, and ongoing."

[sic] burn! This "blue ribbon" school district is failing on so many levels. The kids are better off out of its control.
Agammamon 6 years ago

Even though, according to Education Week, there's no evidence they "cheated or changed grades, disrupted classes or sold answers to tests, zeroed out lunch balances or broke into anyone's locker, installed malware or deleted files, harassed people online or stole anyone's identity" the two were expelled when their exploits were finally discovered,

The boys also installed crypto-mining software on the district's servers.

Ah, I see. They didn't do anything wrong - except for the thing they did wrong.

I mean, if you found my password and installed cryptomining software on my gear without my permission, wouldn't you consider that to be a crime?
1. Rat on a train 6 years ago
  
  Hey. If you leave your door unlocked there is nothing wrong with people raiding your kitchen and watching some pay-per-view.
  1. Remember to keep it all polit 6 years ago
    
    This is more like they hung the master keys on the wall in case any teacher or student left theirs at home that morning.
    
    The crypto currency mining software, yeah that's wrong and they must have known it. But the rest was school policy.
    1. Agammamon 6 years ago
      
      Even if I leave my house keys hanging on the break room wall, that isn't an invitation for you to rifle through my medicine cabinet.
2. Fist of Etiquette 6 years ago
  
  What if it wasn't your gear but the gear taxpayers purchased for you to use to educate the children you're accusing and for which taxpayers employ you to in part to manage with some level of fiduciary responsibility?
  
  The school district is failing these and likely all students on multiple levels but the only ones I see being punished are the children who exposed that fact. This is a brickbat.
  1. DiegoF 6 years ago
    
    What is a brickbat supposed to be? I never know what. I just figured it was whatever the poor Dexied-up new meat found at 4AM to make him say, "Yeah, that's fucked up, yeah, yeah!" while the oldsters sleep off their Beltway cocktail-party hangovers.
    1. Fist of Etiquette 6 years ago
      
      The fact that no one knows what a brickbat is is itself a brickbat!
      1. JJANAVYVET 6 years ago
        
        brick?bat
        /?brik?bat/Submit
        noun
        a piece of brick, typically when used as a weapon.
        a remark or comment which is highly critical and typically insulting.
        "the plaudits were beginning to outnumber the brickbats"
DiegoF 6 years ago

This is a weird case.

On the one hand, you seem to have some familiar elements to make your blood boil. You have a supposedly elite, "blue-ribbon" suburban school district that is completely failing two nerdy boys with high aptitudes and earning potentials with its supposed "college prep" focused curriculum. Is that what their high-income blue collar parents moved to the district for? I know what it's like to dread going to your shitty school every morning, because school means you have to stop learning and go to "school." And that wasn't even the Internet age; it was just piles of books from the library. I can only imagine the agony and frustration their parents feel.

You also have kids who look like the very stereotypical picture of young bored people who could be won over to the profession of white hat hacking. They got their little rocks off on the thrill of the breach, but had enough of a moral compass that they did not do a single further unethical thing while they were in. (Though frankly I doubt these idiots would know if they had.)

On the other hand...this "hacking" was more like social engineering where the victim does all the engineering. Some DNC-caliber idiot left the password around on a Post-It; and the system was engineered so that its exposure--the entire district's--to such an attack was infinite. These boys might have indeed be computer whizzes, but they literally might well have been retarded kids.
1. DiegoF 6 years ago
  
  Addendum: "Single further unethical thing" is a horrible way to put it when you're talking about someone who has broken into your property. Pretty much anything you do except leave immediately is unethical. I misspoke badly. I should have said they did nothing that indicated any further criminal proclivities beyond that of the "thrill burglar." They didn't do anything that might help them cheat or anything, for instance, and I think they did not spend their time snooping around either. Basically my point is, this is an almost stereotypical textbook case of why juvenile justice is different from adult--of kids who show an odd, characteristically juvenile mixture of serious moral flaws and moral strengths, who could easily be put on a path that is very helpful to society if they are shown the right guidance and their crimes--serious though they are, and should be treated in adults--are treated with some subtlety, and they are allowed to not have their youthful mistakes impede their future in legitimate society.
  1. Kivlor 6 years ago
    
    this is an almost stereotypical textbook case of why juvenile justice is different from adult--of kids who show an odd, characteristically juvenile mixture of serious moral flaws and moral strengths, who could easily be put on a path that is very helpful to society if they are shown the right guidance
    
    This. There needs to be a lesson learned about how this is like someone leaving the keys to their house out, and that does not invite you to use them. But kids =/= adults, and unless the crime is so heinous as to show total depravity and so grave as to be unable to be overlooked, it's hard to think they should face the same justice that adults do. Whatever punishment they face should be constructed as a corrective action.
sarcasmic 6 years ago

Username and password are they key to a computer. Someone leaving their username and password out is like someone leaving their keys out. You can't say "It was OK for me to enter his house without permission! He left his keys in the door!" Well, you can, but it won't get you anywhere. Same idea here. Staff leaving their computer keys in the door is dumb, but it doesn't justify using them.
1. DiegoF 6 years ago
  
  Is anyone attempting to "justify" these actions though? I think it's more an interest piece about a "blue ribbon" district that is failing its students, and perhaps a discipline system that is not showing the proper subtlety.
  
  One problem with this piece of journalism is that it does not live up to its ambitions by knowing what it wants to be--as for instance I just laid out. They should have interviewed private sector security employers and managers, both on and off the record, to determine more comprehensively whether an expulsion for this sort of offense would preclude employment in the field. And they should have gotten an official answer (it is likely cut and dry) about whether an expulsion is disqualifying for security clearance. These records are supposed to be sealed for precisely this sort of purpose, so that serious juvenile mistakes do not marginalize young adults from legitimate society, which would often suit no one.
2. Jerryskids 6 years ago
  
  What about if you leaves your door unlocked and a tired/drunk/stupid cop who lives one floor down mistakes your apartment for hers and comes in and shoots you for being in "her" apartment?
  1. Kivlor 6 years ago
    
    Prove your manliness by taking the bullet, and then beating her like you would your wife if she got violent with you?
    
    Bonus points if you do it Teddy Roosevelt style, and just plug the hole in your chest with a thumb and say "I'll go to the hospital when I'm done!"
3. perlchpr 6 years ago
  
  Staff leaving their computer keys in the door is dumb, but it doesn't justify using them.
  
  Seventh grade was also the year the boys noticed a sticky note attached to one of the public computers in the middle school library. It had a username and password on it, they said, in case students or staff wanted to look up books but had forgotten their own credentials.
  
  Except apparently these keys were left in the door with the explicit purpose of being used by passerby.
  1. sarcasmic 6 years ago
    
    A couple of years later, in high school, they found another sticky note with log-in information on the laptop of a school security guard.
4. Fist of Etiquette 6 years ago
  
  I disagree with this analogy. The children didn't find someone's username and password. These were credentials apparently posted so that teachers and students without their own could use the computer network. And considering how staggeringly insufficient the district's IT security was, I'm guessing no one articulated to the students the limits of what should be done in the sandbox they provided.
  1. sarcasmic 6 years ago
    
    A couple of years later, in high school, they found another sticky note with log-in information on the laptop of a school security guard.
sarcasmic 6 years ago

Am I the only one getting 500 errors?
1. DiegoF 6 years ago
  
  Probably. Highly unlikely for a brickbat. Even a Chapman piece normally only makes something in the low two hundreds.
  1. sarcasmic 6 years ago
    
    I suppose that is my fault for using jargon.
    
    I meant I'm getting this
    
    This page isn't working reason.com is currently unable to handle this request.
    HTTP ERROR 500
    
    when trying to view many pages on this site.
    1. DiegoF 6 years ago
      
      No, you were perfectly clear. I was making a juvenile little joke. On a serious note, I haven't been having any problems except accessing the FOIA article. First time in days everything is working right, matter of fact.
Jerryskids 6 years ago

You really need to read the whole article, so much fucked-up shit in such a small package. But here's the problem in a nutshell.

Their long-term employment prospects should have been bright. In the coming decade, for example, the federal government will be looking for thousands of skilled cybersecurity workers. The growing demand has only been underscored by a steady drumbeat of news stories about hacks, cyberattacks, and digital espionage.

But the boys are unlikely to be eligible for many of those public-sector positions, said Davina Pruitt-Mentle, who helps head cybersecurity-education efforts at the U.S. Department of Commerce in Washington.

"Will they be able to pass a background check and get a security clearance?" she said, noting that the process includes a review of candidates' moral character, not just criminal background. "I'm not a lawyer, but my money would probably be on 'No.'"

Depending on how the possible criminal investigation unfolds, private-sector employers may be more accommodating.

Amazing how the private sector provides incentives to find the most productive use of somebody's skills and the public sector fails at creative thinking, isn't it?
1. sarcasmic 6 years ago
  
  Know what's really fucked up? You don't even need to be charged or convicted of something to be denied a security clearance. I was denied because of allegations in my high school days.
  1. perlchpr 6 years ago
    
    Which is weird, because I still scored one despite having done basically the same thing as these kids back in 8th grade. (Well, no cryptocurrency mining, because that was like, 1990.)
2. Longtobefree 6 years ago
  
  Well, if a man can become a woman because he feels like a woman to himself, these two should be able to become fine upstanding citizens later because they feel rehabilitated. Some judge somewhere can probably be conned into purging their record because the kids 'feel' honest now.
  Before the snark starts, check this one out;
  http://thefederalist.com/2018/11/13/ using-transgender-arguments-dutch-man-demands- birth-certificate-say-hes-20-years-younger/
  1. Longtobefree 6 years ago
    
    There was a saying "reality is a crutch".
    I now begin to understand.
    1. sarcasmic 6 years ago
      
      google "anchor tag"
      1. DiegoF 6 years ago
        
        He could just google "Sevo."
  2. Rat on a train 6 years ago
    
    I feel old. I want a birth certificate that makes me eligible for senior discounts.
Rich 6 years ago

Obviously what we need is common-sense sticky-note control.
1. DiegoF 6 years ago
  
  Does anyone actually need sticky notes? They are a luxury.
2. loveconstitution1789 6 years ago
  
  Especially high-capacity sticky notes.
IceTrey 6 years ago

I don't think it's hacking if you found the password lying around.
fafalone 6 years ago

Ah I miss the days where nobody got upset about computer shenanigans. I did the same thing as these kids, though had access to much less on the networks of the late 90s. Got a hold of the librarians password... three lowercase letters... and not only found myself with admin access locally, but could connect with read/write to the entire district. Back then all the teachers thought it was hilarious.
Guess it's like this article now. Can't even imagine my crusade against the porn filters... They blocked domain names, I installed an IP lookup because going to the IP evaded it. They fixed that, I found entering the IP as a long evaded (go to http://918239451 and you'll see the same as if you entered Reason's IP, back then IPs generally led to the actual site). They fixed that, I started installing proxy software. They blocked execution of unauthorized programs, I found that MS Office was an authorized program, and had VBA, and the ShellExecuteEx API could launch any program). This made me quite popular and the school IT guys loved the battle as much as me.
Colossal Douchebag 6 years ago

"Plenty Of Blame To Go Around" for $200 please, Alex.
bacchys 6 years ago

They made the school district look stupid. That's the most serious offense.
Longtobefree 6 years ago

Did I miss the part where the librarian and security guard got fired for security violations?

Please log in to post comments

Brickbat: Shall We Play a Game?

Latest

Joe Rogan Is Right: It Is 'Kind of Crazy' To Deport Innocent People Mistakenly Identified As Gang Members

Javier Milei's Free Market Reforms Are Starting To Pay Off

Americans Are Deeply Skeptical of Trump's 'Liberation Day' Tariffs

Can Trump Broker a TikTok Sale Before the April 5 Deadline?

Nina Jankowicz's Defense of Government Censors Is Based on Misinformation

Recommended

Login Form