Student changes wallpaper on teacher's computer

Apr 11, 2015 07:40 GMT  ·  By

The 14-year-old boy at Paul R. Smith Middle School that accessed without authorization the school’s server storing info on the FCAT standardized test was looking for a computer receiving live feed from surveillance cameras of the educational institution.

He used the credentials of an administrator account, which are apparently known to other students and used quite often to access the cameras and search each other on school premises.

Weak password and weak security stance exploited by 14-year-old

In an interview for The Tampa Bay Times, he said that the password was obtained by simply watching the teacher as he logged into the computer.

He also said that remembering the access string was hardly a problem since it was the teacher’s last name.

Such a negligence from the teacher got the kid, identified as Domanik Green, felony charges for computer intrusion.

During his search for school cameras, Green accessed a server with encrypted FCAT (Florida Comprehensive Assessment Test) questions from 2014. Once he noticed that the computer was not connected to a video feed, the student logged out.

School officials said that the student did not view the sensitive information on the server and did not make any modification.

Green’s computer intrusion did not stop at this, as he accessed the computer of a teacher that wasn’t close to his heart and changed his wallpaper to an image of two men kissing, "to annoy him."

The prank was not well-received by the officials of the school, though.

Security awareness would have paid off

Eileen Foster, the mother of the student, said that she understood her son did something wrong, but she believes the deed was not fit for an arrest. She also says that students should not have an easy job gaining log-in access to school’s computers.

Most of the times, a password is the only defense against threat actor’s reaching sensitive digital assets.

Their importance should not be overlooked or minimized, and keeping them safe also includes making sure that no one can see what you are typing, just like in the case of PIN codes for payment cards.

Green has been released from the juvenile detention center and could be tried for his actions (although there is a good chance that he would benefit from a pretrial intervention). He also received a 10-day suspension from school.

However, it is unclear if the teacher’s negligence attracted a penalty from the school, or if policies and training for a healthier security stance will be imposed to the educational staff.