Student trying to alert school to computer vulnerability instead charged with three felonies


Dear school administrators,

What’s the best way to ensure that your computer network remains riddled with security vulnerabilities that leave you, your personnel and [someone think of the] schoolchildren in danger? Why, to demonize the student who discovered the vulnerability and alerted you to it, of course. Have him charged with a felony while you’re at it.

A student in a Saratoga County (New York) school alerted his principal to a computer security vulnerability that could expose the names, social security numbers and addresses of school employees. While the student tried to do it anonymously, he was eventually tracked down. Then the school threw the book at him.

The student is now being charged with three felonies for his unauthorized use of the computer network. The best is this quote from a state trooper:

The kid committed an intentional criminal act. He deceitfully used someone else’s name and password so he would not get caught and was looking to profit from his criminal act.

The only thing we can take away from this is, even if you discover a security vulnerability, it’s completely in your best interest to keep it to yourself, otherwise you’ll be branded a criminal terrorist when you were merely trying to do a good deed. Or, if you insist on doing the right then, use Wikileaks.