69 comments

[ 4.9 ms ] story [ 147 ms ] thread
i did something very similar to this in 1998 at high school, good times
I wonder how many similar stories there are out there and how they were handled.

Good times they were not, though. As a kid who didn't have bad intentions, dealing with the repercussions was a lot.

There was no precedent (at my school, at that time) for how to prevent and deal with a situation like that, though.

"I wonder how many similar stories there are out there and how they were handled."

In-school suspension and police interrogation for me on different occasions. In each, I had actually done nothing but was smart and could have done something. The first was actually a setup by the most notorious hacker in the school who I was showing up a bit with my demos. He had some script downloading and popping up porn on my computer that a teacher saw while I was at lunch. Looking at the times, it added new files to IE cache every 15-30 minutes all the way into the 2-3AM's. My defense was I couldn't possibly be in class surfing porn after the school closed. The non-technical authorities had made up their mind someone would be punished, though. ;)

In each, I had actually done nothing but was smart and could have done something.

I had the experience in high school in the 90's of being wrongly accused of computer mischief solely on the grounds that I might be capable of such. I was astounded that merely possessing knowledge would be sufficient for such an accusation. Thankfully, no suspensions or police involvement came out of it.

In the police case, I got questioned a while. They figured out it was bullshit. Told me to watch what I say. (Never got hood at hiding opinions or skill lol...) Cop then just bought me a drink and hung out with me until next class. Got a bit lucky there. :)
This happened to me in highschool in the 90s too. There were several Mac laptops available for students to check out of the library, on one occasion someone changed all the desktop icons on one of them to little piles of shit. I was an immediate suspect because I brought my own laptop to school and people had seen me using a terminal. For some reason they didn't think to look at the list of people who had actually checked out the "hacked" laptop, which obviously didn't include me. My fate was sealed when they asked to see my school-issued floppy disk and found a picture of a mushroom cloud on it (part of a hypercard presentation on environmental destruction). I ended up getting a 3 day suspension and being barred from using the school laptops that I had never used anyway.
(comment deleted)
I had to personally apologise to the IT department because I sent a message from 'God' saying "I saw what you did last night" to the entire network (long time ago but it was Novell something) by mistake (was aiming to send it to just the one computer lab).

They thought it was hilarious and that was the end of the matter.

Similar story here - mine was in the days of Windows 9x; everyone knew about "net send", but few bothered to look into the other options.

I decided to poke at it and see what "/forest" did, ended up messaging the entire network with a harmless "Hello world".

It's shocking to see the ordeal that mmccaff went through; for me it was just a couple of very confused teachers and an IT department that wanted to keep an eye on the troublemaker.

Sometime in the mid 90s (must have been 1997 since there were web browsers) I was taking a college prep class at a community college, and I read about a thing that became popularly known as "the ping of death". Long story short, the school had all of its internet traffic running through a single, rather ancient NAT that locked up if you pinged it with a 64k icmp packet...
shutdown /i ... :)
Select students in my high school had Novell emails, which led to interesting interactions during the tiny AP CS class. We figured out that you could edit the from field and with enough spaces the email address would overflow and be hidden from view. So after some girl broke the no mass email rule, I sent her an email as "Administrator" saying that she'd be expelled for sending a mass email. Luckily I only has to apologize.
I got suspended for teaching kids to use Winpopup in Highschool...
I showed my classmates winpopup for a boring computer class, but then later we had a test, and they were using it to cheat.

So I broadcast a message (with spoofed username) pretending to be there IT director, telling them to cut it out. It always helps to have an extra secret :p

These stories are all too familiar, probably to many here of a certain age.

I actually got expelled from my school (in Scotland) for installing the 'MacinTalk' network chat software on our Business Studies AppleTalk network with about ten Mac Classics. The time I only got suspended was for using Prestel via the Computer department's (only) modem, after shoulder-surfing the password for the school account when a teacher demonstrated 'the future of computers' to us. The look of uncomprehending fear on the teacher's face as they ran into the computer lab after being told I was using the modem was priceless. I eventually had to go to an entirely different school to study for my Higher Computing, because none of the teachers at my school were competent enough to teach it.

When I was been 'taught' VB (shudder) the lecturer had 'Teach Yourself VB in 24 hours' on his desk, I used to go in before hand to make sure he was up to speed on what he'd be teaching.

Lovely guy and a good teacher just dumped into teaching something he wasn't remotely qualified to teach.

It was an interesting situation though since it taught me the value of been an autodidact early.

Ah, good times. Win95 used to crash so much, that my brother and I became quite adept at resurrecting Explorer by causing a surviving process to trigger it. Eventually, we discovered the infamous "Login? No, just help yourself to the desktop" hack. No one cared, it was normal for stuff to be broken.

https://imgur.com/rG0p0b2

Nice. I never saw that one. I used the password rename trick from DOS. You'd think it would cause problems by looking weird. Trick for that was doing it on non-target's machines and leaving software on there to do glitchy stuff in general. People just shrugged and moved on.
(comment deleted)
on windows 95/98 in most networks you could just click cancel since the anonymous logon wasn't even disabled.
And even if it was, there were ways to get anonymous execution through the task manager, or the infamous help-dialog login bypass.
I sorted some of my work product with bubble sort (I wrote maintenance procedures and docs for a defense contractor), in 1982 or 3; I figured out bubble sort "all by myself". I don't remember the mini-computer or the language. The system admin visited me and told me not to do that anymore. I went to school after that (where I learned that it was called bubble sort).
Hah. Any idea why the system admin didn't want you to bubble sort anymore?

Was it noticed to be taxing on some system's resources or too long-running of a process or something?

Yes, that was why. It was long ago, I'm sure it was a particularly inept implementation. He didn't say "don't bubble sort," he said "don't run that anymore."
Way back in 1988, I was in the sixth form of a school in the UK (that's for students aged 16-18). We had a bunch of BBC Micros networked together using Acorn EcoNet.

Very detailed manuals for everything were just on a shelf in the classroom.

I forgot how we did it, but we wrote something that gave us access to the place where the passwords were stored on the master server. I also forget why we did this, but somehow we accidentally deleted the master password file.

We were still logged into the system, but panic set in. We logged out...

...and of course we could not log back in. Nobody could log in.

We owned up right away. The difference between mine and the OP's story is I just had a very stern talking to from the headmaster and strongly worded letter home! He did admit he was quite impressed but suggest we channel our talents into less destructive projects.

Network was down for a day while it was completely reinstalled!

Even further back, as third formers in 1968 or 1969 there were no computers in schools but we were keen chemists and discovered ammonium iodide.

As we were the best students we had access to the chemistry lab store room, so we made a big batch and painted it everywhere (under chairs, blackboards, waiting areas outside classrooms, etc.). It was hilarious. Again all we got was a stern talking to and a mop and bucket, and told to clean it up.

I suppose that today anything to do with explosives would be taken too seriously to be fun.

I recall the same type of network and exactly the same situation here in Australia, with a student locking everyone out. From memory, despite appearances the password system was essentially an honour system, involving one computer being the "master terminal" (try keeping kids away from that keyboard) and even then there being ways around it. I think the offending student got a stern talking to and a day off school. We taught ourselves quite a bit on that network, and the teacher in charge of it was quite happy to admit that his knowledge could take us only so far, before self-learning had to take over.
One tech savvy friend was called in for questioning and told that he was going to be blamed for everything and that they had enough information to prove it was him even if it wasn’t. He was going to be expelled unless he had any information that he could share to prove otherwise.

Classic interrogation technique. I also learned a lot about how police states work when I was in high school.

Speaking as a parent, it's hard to find a school that actually values learning and development, and isn't some sort of cross between Police detention and daycare.

We were lucky enough to find such a school reasonably nearby but the cost - despite their genuine efforts to keep them low - are scary.

Stuff like this is still happening. I graduated high school in 2012. During our final semester, my friend decided to try logging in to the school router. He thought it would be passworded, but it was completely open. He shared this info with me and a couple other friends.

We had fun for a bit restarting the router when we wanted to mess with a boring teacher, but eventually one of them set a password, the school IT guy found himself locked out, and I found myself getting threatened with expulsion. The principal interrogated me and asked if I knew what port scanning was, and even accused me of lying when I said I didn't (I really didn't!). I told him as much as I knew - which wasn't much - because I didn't want to get expelled a few months before graduating.

Long story short, the friend that set the password got expelled, the one that found the vulnerability got suspended for a week, and everyone else got off scot-free. I heard a year or two later they started offering programming classes there.

There was a school in 2012 that didn't teach computer science? Wow, Poor students.
I also graduated in 2012 and my school was the only one in the county (that I knew of) that offered any sort of programming class. It was taught in Visual Basic! Previously it had been taught in C++, but the teacher thought that C++ wasn't used any more!

When I got to college, I was quite surprised to learn how common AP CS was. I was especially blown away by a classmate who took 4 years of CS in high school (at Stuyvesant IIRC).

This is actually happening right now with me at my college. There are routers, MySQL databases with default username password combinations. The college have installed CCTV cameras a while ago and you guessed right, they are accessible with default username password. I used nmap to find them.

I am going to report what I found to Principal.

A friend of mine installed sub7 back then in the school network and tried to host a starcraft server. Didn't work out, for some reason- but yeah, that's youth. To criminalize such creative vandalism, wouldn't help anybody.
I nearly got expelled for learning how to use Flash 8 in middle school to make games.
Wow. What kind of games?
KETM spaceship games, nothing super exciting. I got kicked off the computers before I got a whole game put together.
Good, anyone encouraging the use of flash should be locked up. I bet you were behind Punch The Monkey
In 1998 I installed the NetBus server on computers in the computerlab at my school. I would then run the NetBus client on a computer in a secluded corner, and watch the reaction from people while I messed with their computer. The best reactions I got from randomly opening and closing the CD-tray. Good times.
We did the exact same thing! This one time, me and my group of similarly nerdy friends sat in a different room and opened all of the CD-trays in the computer lab during a computer class. The teacher came running to the room we sat in, and we were so sure we had been caught. But no, she started explaining that all the computers were acting up horribly, and that we were the only ones who could help her. She didn't know how right she was :)

So we helped her naturally, undoing our own work and uninstalling NetBus. I'm not sure she ever figured out it was us, though.

They DID figure out who was spamming "net send" messages to certain people. A kind of war had started, where people would compete in sending the most net sends to each other, forcing the other side to click "OK" on a message box. It got sort of nuclear once we discovered batch scripts and for loops.

I got banned off the computers for months for finding net send because the other students abused it.

I just brought a Linux live USB stick with me and did my work that way.

I had a friend sometime around then who did a similar thing at his small office. They would play Age of Empires after work and he would use it to cheat and see where on the map everyone was. He was smart enough to remove it before anyone knew
My 'episode' was in '93. I'd just learned about TSR's and execution vectors and really wanted to try to write a floppy disk boot sector virus. Coded it up in turbo pascal. Thought I was being ultra careful: promptly spread it everywhere.

My school was much more laid back, thankfully.

What safeguards did you build in to it?
I wrote, in big red letters on the disk, "Don't insert into computers with hard disks or with other floppies."

I can't imagine how this could have failed...

Well, I used "the internet" to avoid suspension in high school.

It was 1995, and I had made a fake parking permit for Fairview Hugh school in Boulder Colorado using Corel draw and Kinko's. The junior class president--my arch enemy--found out and narked.

I got pulled into the principal's office and was threatened with suspension. When they asked me how I made it, I told them I downloaded it from the internet. I explained further, that I had my own business making websites for local businesses. "Oh, ok then." They told me that my "we sentencing" would take place the next week.

I didn't sleep that weekend for fear of someone molesting my "permanent record." That next Monday, a student assistant pulled me out of class and took me to the principal's office for my sentencing: teacj the principal how to use the internet!

The best part of all this, is that I later learned the snitch had purchased his ap history term paper from the back of Vanity Fair magazine. I called him to tell him that I knew and he hung up. I called again and it went to his answering machine, where I explained that this was blackmail: he had exactly 1 hour to deliver me his authentic parking permit for the entire next semester, otherwise I would snitch. He answered the call mid-message and delivered the goods 40min later.

When I first got busted, my dad told me about revenge being best served cold (it's a saying in French), that I should bide my time. He was right!

> revenge being best served cold (it's a saying in French)

It's also a saying in English, one that translates well.

In 1981, when I was 12 years old, I visited my brothers university to watch him graduate. I didn't have much to do so they showed me the computer they had installed in one of the study rooms at his fraternity. It had a phone modem - they connected me to the campus network so I could play around. At the time everything was run out of one of the campus libraries. So, finding it all rather boring, I turned on a nearby stereo and put the phone to the speaker for a minute or so. Afterwards, I could no longer use the computer so I turned it off and went to wander campus. While I was away the library (security?) visited the fraternity wanting to know who crashed their network. Nobody even suspected it was me. They were told that they might face a temporary suspension. I only found out about this part 20 years later. So, which university was it? Stanford. ;)
Meh, I got a suspension for using Net Send on Windows XP back in 2003/4.

I got the date with the girl and I annoyed some people and pissed off the network admin, win/win.

My friends and I were accused of interfering with the school computers on a few occasions. I think we were just bored -- we lacked direction and inspiration.

The computers had Visual Basic installed, and my uncle had given me a "Teach yourself VB in 24 hours" book. I followed all the exercises, but I didn't know what to do next. The book was obviously intended for business programming, so it didn't have any interesting suggestions. I wanted to make a game, or animations, but didn't know where to start.

I did implement a card game, but couldn't get any animations to work smoothly, and eventually gave up. The teachers knew nothing about programming, so they couldn't help, and couldn't even recommend other books or a web site. I think they regarded whatever I made with suspicion.

Competant teachers should have been able to provide programming exercises (or a larger project) that I was capable of implementing, but challenged me to learn something new with each task.

Instead, we made bar charts in Excel, and had about as much respect for IT as a subject as we did for gym class.

I had two instances of near expulsion, and these were quite recent (2013).

The first was when I created a small messaging application that allowed students to message each other on school computers when in study rooms that had an enforced silence rule - it was really basic and just used text files that were stored on the shared files on the school network.

The second was worse simply because I was pulled out of class for looking up how another student was making pop-up messages appear on all the networked PCs using the school's printing system. So, this student was in the middle of somehow gaining admin rights, and I was threatened with expulsion because I was looking up how he was doing it.

Real fun times

I was looking for the keyword "Novell" to make me smile. I used to comb the web for exploits all the time.

My stories of mischief are probably like many of yours who were in high school in the late 90s - phone systems, Sub 7 and BackOrifice installs.

Was the early 2000s, but in my high school library I did a

   NET SEND comp1231 i know where you live
to mess with my friend who was sitting right next to me. Then the hacker in me decided to see if asterisk worked (of course, without changing the message)

   NET SEND * i know where you live
(Hint: it works). Everyone in the school who had a computer on got the message. I caught hell for that one, had to write a letter of apology to a bunch of school staff who didn't "feel safe" after receiving the message. Never got access to my account after that either, so I always had to get my friends to log me in.

I didn't break the network...but hey, I helped expose a vulnerability, right? That's something.

(comment deleted)
In 2015 (perhaps more recent than other comments...) I was in trouble for starting powershell via a shortcut and using it to kill the monitoring process. Apparently it was "causing intentional damage", when in fact I just wanted to finish reading something online after the teacher disabled the internet.

Luckily they didn't take it any further than a stern telling off, unlike the article.

On top of that, I had actually revealed a vulnerability allowing anyone to access anyone elses' files earlier in the year.

(comment deleted)
When I left school, I got the deputy-head, during an official meeting to state that they didn't teach computer science because they were afraid of what the pupils might do.

A school frightened to teach pupils ...

If I was a teacher in that sort of scenario, I think I'd go ahead and teach the pupils, and take it as a challenge to keep on top of their hacks. I'm guessing it could be a lot of fun and all parties involved would probably learn quite a bit.
Based on the timeframe, I bet the software that found/cleaned the virus was F-Prot.
Some 10 years ago, when I was in 8th or 9th grade, I was threatend to be expelled as well, and charges were allegedly brought against me (I never really checked). I "hacked" the school website (as the CS teacher explained to my parents) and deleted all it's contents. In reality, I only logged in via FTP and renamed all HTML files (the hosting did not event support PHP, and this was around 2008). I had access to the FTP because a year ago I was briefly responsible for running the school website and nobody bothered to change the passwords when they took over running the website.

I got a call from the principal the next day. He congratulated me and asked me to apologize to the CS teacher. After I did that, she agreed to drop the charges. In the end, I was only reprimanded and I had to apologize to the whole school as well. My only other "punishment" was helping the CS teacher fix some computers after school.

As this was playing out, I was hoping they wouldn't find out what I did a year earlier - I'd set up a phishing website for the country's most popular email service and I'd set it as a homepage on all the school computers. Needless to say, noone bothered to check the address bar, so in a week, I had passwords of half the school, including some teachers and the principal himself.

Once upon a time I was suspended from high school for having pen-testing tools on a flash drive in my locker.

I was interested in network security and asking to my teacher about the best way to learn this information and whether 'these' tools would give me an understanding, I told her I brought them in to ask questions about and next thing I knew they broke into my locker, read the drive and I was pulled out of class and in the principals office for "possessing" these tools.

I still remember him saying "it's like you brought a gun to school, just because you didn't use it doesn't make it ok. The only reason we haven't expelled you is because we can't prove you used them on the school network."

I understand now they reacted this way out of fear but it was a pretty terrible way of handling a curious kid and ruined both my trust in teachers and interest in learning any kind of network security.