Student hacks school, erases class files
By Jeordan Legon
(CNN) -- Highlighting the vulnerability of most computer networks, a 17-year-old student taking a networking course was arrested for hacking into his school's computers and erasing folders belonging to the junior class, New York State Police said Tuesday.
Although grades, disciplinary records and other secure information were not accessed, police said Clint W. Triou, a junior at Marion High School near Rochester, deleted the password-protected folders where his classmates stored class projects.
Triou was charged with one felony count of computer trespass and a misdemeanor count of computer tampering. He is scheduled to face charges in Marion Town Court June 18.
"We found a number of hacking software that had been loaded onto the computer," said George Worthington, director of computer services at the 700-student Marion school district. "He had used that to gain access to the administrative computer."
Worthington said Triou is a quiet student who on occasion had asked him for computer help.
"He's asked questions in the past and helped teachers to develop Web pages," Worthington said. "He seemed to be pretty helpful."
A computer firm that helps the school resolve technical issues was called Friday when a teacher reported some students couldn't find their network folders, Worthington said.
The firm traced the hacking to a computer in a classroom where a networking course is taught, Worthington said.
State police seized the Compaq PC allegedly used for hacking. The machine contained keylogging software that can be downloaded from the Internet and allows hackers to record keystrokes and capture passwords, Worthington said.
The hacker was not able to access the school's grades and disciplinary data because that information is protected by two sets of passwords, police said.
As a precaution, however, the school district will now mandate that all network users change their passwords every 90 days, and the administrative password will be changed every month.
To guard against hacking software, school network users also will choose passwords that contain a combination of letters, numbers and at least one special character such as a punctuation mark.
Networks at risk
Bruce Schneier, from the computer security firm Counterpane, said the school is still not protected against keylogging attacks that record keystrokes.
He said the alleged breach of the school's security illustrates the ease with which networks can be hacked.
"Almost all networks are extremely vulnerable," said Schneier, whose upcoming book, "Beyond Fear," examines the security trade-offs computer users make.
"Network security sucks, and there's not much the school administration can do. Somebody who knows how will break in."
Schneier said he disagrees with the felony charge facing Triou, who was charged as an adult.
"The kid did the equivalent of spray-painting the school," he said. "It shouldn't be a felony to be young and stupid. That seems grossly unfair."