Many of us have wondered what penalty there might be for hacking into a college computer to change your grade. Well, according to the Daily Sundial at CSUN (although I read it in the Daily News), two students have just found out. CSUN students Lena Chen, 20, and Jennifer Ngan, 19, have pleaded “no contest” to infiltrating the campus account of a political science professor late last May, changing their grades and those of about 300 classmates. In addition, the account’s initial password was changed and all incoming messages were forwarded to their own e-mail address. They then purportedly found personal information and used it to order pizza, sign up for magazine subscriptions and order a shipment of CDs under the name of the professor.
For their crime of one count each of unauthorized access of a computer system and acquiring personal information with the intent to defraud, each has been sentenced to 60 days in jail, or 30 days of state roadside work, as well as 36 months on probation. Further, they are required to stay away from the university and the professor.
What do other students think of that? An editorial by Maliha Jafri in the Daily Sundial states:
Don’t like your professor? Want revenge for your hours of suffering through lectures and rough grading? Then simply hack his e-mail account, change the grade of 300 students, use his personal data to order pizza, send more than 20 magazine subscriptions and blank CDs to his house.
In the case that you are tracked and caught in the act, the dean will award you with the luxury of time off as you are removed from the university. Then if you are alleged convicted of the crime you will be granted a vacation to jail for a minimum one year per charge.
CSUN Internet security is a joke. Anyone can answer “security questions” about you with little or no research including: what is your birthday, what is your pet’s name and what is the color of your car. The CSUN security system has a series of common questions that are not too hard to get by. Hackers take advantage of your poor security measures and you could end up with massive credit card bills and identity theft.
Actually, this reaction doesn’t surprise me; CSUN has had some security problems for many years. My wife loves to tell the story of the days of the RSTS systems, where the passwords were kept in an unlocked file cabinet. Some enterprising individuals used to grab those passwords, bake them into fortune cookies, and then send the cookies to the system administrators, who couldn’t figure out how they got the passwords. How did Lena and Jennifer get their access? It was as simple as answering secret password such as “George W. Bush is the president of what country?” or “How many U.S. states are there?”
There are good mechanisms for computer security, and I’m sure that the systems in the CS department are more robust (I know they do teach a computer security course there). Now they just need to educate the staff and faculty outside the engineering department.
Hmmm, I was just asked if I wanted to speak to the ACM chapter on campus (providing me time to talk with the Computer Security faculty there). Perhaps I should talk about this.
