More Details Emerging About School Laptop Spying, And It Doesn't Look Good
from the a-bit-proud-of-your-spying... dept
Following up on this morning's post, new details are emerging about the school spying scandal in which a student was punished for apparently chowing down on Mike&Ike candy (which the school thought were drugs). In our comments, someone named Paul points us to a blog post from a security consultant, who digs much deeper into the story -- focusing on one of the techies who worked at the school and apparently had a noticeable internet presence, having said a few things that could come back to haunt him. Note, that the school itself has said that only two techies on staff had the power to initiate the use of the remote spying tool.Apparently, in various forums, blog posts and videos, one of the school's techies talked about the technology they were using and how to set it up so that the user would not realize they were being spied on. He also discussed how to prevent a laptop using this software from being "jailbroken," so users couldn't discover that their computers were being used in this manner. Other forum posts from students at the school show that they were told they could not use other computers, could not disable the cameras and could not jailbreak their laptops on the risk of expulsion.
Furthermore, in looking at the software that was being used, the security consultant found serious security problems with it, in some ways similar to the famed Sony BMG rootkit:
With some of my colleagues, I began a reverse engineering effort against LANRev in order to determine the nature of the threat and possible countermeasures. Some of the things we found at first left us aghast as security pros: the spyware "client" (they call it an agent) binds to the server permanently without using authentication or key distribution. Find an unbound agent on your network with Bonjour, click on it, you own it. The server software, with an externally facing Internet port... runs as root. I'm not kidding. For those unfamiliar with the principle of least privilege- this is an indicator of a highly unskilled design. Unfortunately, when we got down to basic forensics, LANRev appears to cover its tracks well.Things keep looking worse for the school, and school officials have done little to actually explain what happened, if the prevailing story is not actually the case.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
You can turn off the camera
[ link to this | view in chronology ]
By the sounds of it they had something more akin to Bo2k but without the security measures. Personally I'd be less concerned about the camera than the effective yet insecure root kit. Who cares what they can do with your camera, with a rooted machine they could screw your life up without you ever finding out what caused it.
[ link to this | view in chronology ]
Re:
> ever finding out what caused it.
How could a school-owned laptop that you use to do your homework screw your life up?
[ link to this | view in chronology ]
Re: Re:
Do you just do work on your work machine?
[ link to this | view in chronology ]
Re: Re: Re:
Yep. It's actually a requirement where I work.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
> Use work credit cards, perhaps make purchases
> that you will charge back to the company with
> your card.
It's not a company, it's the US government, and no, I don't do any of that. Our computers aren't even connect to the internet for security reasons.
[ link to this | view in chronology ]
Re: Re:
By someone else using it for things other than homework, obviously. Actually, I could probably come up with some pretty damaging scenarios involving homework too.
[ link to this | view in chronology ]
Silver Lining
[ link to this | view in chronology ]
Re: Silver Lining
[ link to this | view in chronology ]
@3
its a TOOL a mathematical tool that does wonderful things i make it do. while a toaster can be said to be a tool to burn bread it can do very little else and doesn't add or do any math. you could i supposed make a toaster with ten slots and do math but your going to need a lot of bread to count to 100.
AND last i checked a toaster doesn't require DRM, nor spyware to see what your up to while you wander around the kitchen ( playboy nude models aside )
[ link to this | view in chronology ]
Re: @3
Maybe, but I'm pretty sure I've read about Internet connected refrigerators.
[ link to this | view in chronology ]
Re: Re: @3
Even has a built-in camera.
[ link to this | view in chronology ]
Re: Re: Re: @3
[ link to this | view in chronology ]
Re: Re: Re: Re: @3
[ link to this | view in chronology ]
Re: @3
If you can't jailbreak it, then it is.
See the above story.
[ link to this | view in chronology ]
Re: @3
[ link to this | view in chronology ]
Re: @3
[ link to this | view in chronology ]
I think Cory Doctorow (from Boing Boing) described something very similar in his novel "Little Brother".
[ link to this | view in chronology ]
In the not too distant future
[ link to this | view in chronology ]
Re: In the not too distant future
for instance, take your televisions remote control, aim it in a camera, press the button, you'll see a light through the cameras display but you won't see it with your eyes.
[ link to this | view in chronology ]
Re: Re: In the not too distant future
[ link to this | view in chronology ]
Re: Re: In the not too distant future
[ link to this | view in chronology ]
Re: Re: Re: In the not too distant future
[ link to this | view in chronology ]
Re: Re: Re: Re: In the not too distant future
Well, the problem to accomplish this was actually a bottleneck at computing capability. The computing capability necessary to accomplish such a task is very much possible. GPS data on ground is more accurate than in the air.
This may be possible in the not-so-distant future. After all, earlier this month, a major defense contractor was able to shoot down missiles using laser technology. The contractor was then sent to the drawing board. What was the problem? It was too near-field. Does that make it not applicable to other applications? Not at all.
In fact, application of techniques and new technology such as a car-mounted chemical oxygen iodine laser, may hold promise to fix the red light camera problem that enslaves us all. It's possible that a small-scale implementation that would fit in a trunk would be quite marketable.
[ link to this | view in chronology ]
Re: In the not too distant future
www.appleinsider.com/articles/08/03/26/apples_patent_for_an_lcd_display_that_also_takes_pho tos_video.html
[ link to this | view in chronology ]
Re: In the not too distant future
[ link to this | view in chronology ]
Re: Re: In the not too distant future
So you just don't do homework? You might as well drop out.
You do your homework on your own machine,
No go. Homework assignments can require the use of programs which the school only allows to be used on it's own computers. They can also require access to resources which the school only allows to be accessed from the the school's own computers. Or the school can simply require that all assignments be completed on school computers (so that no one has an unfair advantage or cheats).
Leave your school laptop powered down, closed, and stored in your bookbag whenever you're at home.
Again, that could make it impossible to do the required homework assignments. I doubt if most parents want to see their kids flunk out.
[ link to this | view in chronology ]
Re: Re: Re: In the not too distant future
> No go. Homework assignments can require the
> use of programs which the school only allows to
> be used on it's own computers.
Unless the school writes the apps themselves (and I haven't encountered one who does that), how can they allow or not allow anything?
> Or the school can simply require that all assignments
> be completed on school computers
Again, unless they're using some kind of proprietary software, how would they know? And even so, there's ways around that, too. I can write my English paper up as a text document, e-mail it to myself, then copy and paste into their special word processing app, they're none the wiser.
[ link to this | view in chronology ]
Re: Re: Re: Re: In the not too distant future
It's called "licensing". Look it up.
Again, unless they're using some kind of proprietary software,
Well there you go. Get a clue.
And even so, there's ways around that, too.
So, people should disregard laws and other rules if they think they can get away it? That's your solution? What do you do for a living anyway?
I can write my English paper up as a text document, e-mail it to myself, then copy and paste into their special word processing app, they're none the wiser.
Man, how dense can you be? Do really think the computers are limited to using them for word processing? Often times they can't even receive the evening's assignments unless they log onto the schools network using the school computer and those assignments must then also be completed and submitted on line that evening.
The more you try to defend your ignorance, the more ignorant you look.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: In the not too distant future
> > encountered one who does that), how can they allow or not allow
> > anything?
> It's called "licensing". Look it up.
Oh, look! You've decided to start being a sarcastic asshole. That's always productive.
The point is, if I want to my homework on my own computer at home, the school can't tell me what software and is not "allowed" on it. If they're using MS Word on the issued laptops, I can go out and buy my own copy of MS Word, put it on my home computer, and do my assignments with it.
The only way this doesn't work is if the school is writing its *own* proprietary software-- it's own spreadsheets, word processors, etc.-- and that's not something that most schools can afford to do.
> > Again, unless they're using some kind of proprietary software,
> Well there you go. Get a clue.
So you're basically criticizing me for not knowing something that I obviously knew. Seems like you're so intent on being a humorless jerkoff that you've lost all sense of basic logic. Well done!
> So, people should disregard laws and other rules if they think
> they can get away it?
They're just rules, not laws, bright eyes-- public schools can't impose laws on the populace. What was it you said earlier about getting a clue?
And if the school is imposing those rules with a nefarious (and illegal) purpose in mind-- namely to force me to use a device in such a way that they can monitor me in contravention of state, federal and constitutional law, then you bet I have no problem with circumventing that purpose.
> Do really think the computers are limited to using them fo
> word processing?
No, that was just an example, chief. I would have thought that obvious. Apparently I gave you too much credit. That's my mistake and I apologize. Since you seem to require it, I'll certainly attempt to be more pedantic for you in future.
> Often times they can't even receive the evening's assignments
> unless they log onto the schools network using the school computer
And what happens with homes that don't have internet service? Or whose service goes down some night? There has to be other ways of getting the assignments.
> The more you try to defend your ignorance, the more ignorant you look.
Behold the irony.
[ link to this | view in chronology ]
Re: Re: Re: Re: In the not too distant future
Copy and paste outside the application is disabled, as is printing, screen capturing and offline saving. Supposedly to prevent students from copying from each other or violating copyrights.
[ link to this | view in chronology ]
Re: In the not too distant future
> intergrates many webcams within the pixels of the display
I wonder what they're gonna do when they get some student who's an exhibitionist and starts purposely doing all sorts of self-stimulation exercises in front of the camera?
Seems like a good way to get the school authorities in a lot of hot water. Maybe make a few of them into sex offenders.
[ link to this | view in chronology ]
Re: Re: In the not too distant future
Selective enforcement. Authorities live by different rules than plebs.
[ link to this | view in chronology ]
Rest of story
[ link to this | view in chronology ]
Re: Rest of story
[ link to this | view in chronology ]
[ link to this | view in chronology ]
"I turned to my SchoolBook and hit the keyboard. The web-browser we used was supplied with the machine. It was a locked-down spyware version of Internet Explorer, Microsoft's crashware turd that no one under the age of 40 used voluntarily.
I had a copy of Firefox on the USB drive built into my watch, but that wasn't enough -- the SchoolBook ran Windows Vista4Schools, an antique operating system designed to give school administrators the illusion that they controlled the programs their students could run.
But Vista4Schools is its own worst enemy. There are a lot of programs that Vista4Schools doesn't want you to be able to shut down -- keyloggers, censorware -- and these programs run in a special mode that makes them invisible to the system. You can't quit them because you can't even see they're there.
Any program whose name starts with $SYS$ is invisible to the operating system. It doesn't show up on listings of the hard drive, nor in the process monitor. So my copy of Firefox was called $SYS$Firefox -- and as I launched it, it became invisible to Windows, and so invisible to the network's snoopware."
It's a great book. I highly recommend it. Should be required reading for any teenager or young adult. :)
[ link to this | view in chronology ]
THE KID WAS EATING MIKE & IKE'S
This nation is in the middle of a youth obesity epidemic! Think of the children!!!!!!
[ link to this | view in chronology ]
Wow ...
http://strydehax.blogspot.com/2010/02/spy-at-harrington-high.html
That is pretty sick stuff
[ link to this | view in chronology ]
What?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Wait so...
[ link to this | view in chronology ]
Re: Wait so...
As far as I see the network Admin and school board should be thrown in jail for this kind of screw up
[ link to this | view in chronology ]
Re: Wait so...
[ link to this | view in chronology ]
First annual CFW-(RTB) party "TrollinTime"
It all makes sense now. I'd let it go.
[ link to this | view in chronology ]
First annual CFW-(RTB) party "TrollinTime"
Mike, you are super sexy for changing letters around. Grrr!
[ link to this | view in chronology ]
Teacher: Ok, everyone email in your homework.
Student: Ms Overbearing? ... umm my laptop ate my homework.
[ link to this | view in chronology ]
Defending the school
But reading the article, seeing the creepy administrator brag about how he could do everything without the kids knowing and seeing the comments from the parents and students feeling like they had no say in the Big Brother experiment makes it clear that the district acted unconscionably and that the district is in serious trouble.
After seeing that guy brag, I wouldn't be surprised if most of the pictures were deleted very quickly into the beginnings of the investigation. There is no way they only snapped 42 pictures total with all the complaints of lights coming on at random intervals.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Looooots of T-Shirts
Gotta love that they used HAL as the base image there. Well played.
[ link to this | view in chronology ]
Frontline spin on this...
One more detail - by chapter it's "4 - Teaching With Technology".
[ link to this | view in chronology ]
how this ends
[ link to this | view in chronology ]
Re: how this ends
[ link to this | view in chronology ]
i think
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So a girl has the laptop ...
[ link to this | view in chronology ]
du lich nha trang
[ link to this | view in chronology ]
[ link to this | view in chronology ]
du lich mien trung
[ link to this | view in chronology ]
Camera ip gía rẻ
[ link to this | view in chronology ]
[ link to this | view in chronology ]
program to 'việt nam
[ link to this | view in chronology ]