Computer Crime Is Getting Too Simple – A Very Local Example

Back in the day, hackers had to be good. Really good. Like Robert Redford’s crew good


Not the case anymore. Computer Crime is now available to the masses. And while the best hackers create the most havoc, it’s increasingly easy for “regular” users to either use pre-made hacking tools or to know just enough to create lower level, but still potentially devastating, havoc.

Sad case in point: Last night the school district where I live had to send out a broadcast email, detailing an ongoing investigation into a local middle school principal and his wife who works for a neighboring district.

They’ve been involved in computer crime, and it’s become very public because the police had to seize info from at least one of the schools during the school day.

Honestly, I’m glad that this wasn’t, at least from the press release, a kid crime. For school employees to be involved in kid computer crimes, well that’s unconscionable. But it doesn’t make this story any less weird or sad… I’m just glad that it makes it less perverted.

Below is the full transcript of the email, but like the old Dragnet series I’m removing the names and locations, just for anonymity’s sake.

Here are two sad takeaways:

  1. Every internet connected device, everywhere, is at risk. Please take some steps to minimize this risk
  2. Do what you can to protect your personal information, even when it’s on a work-owned device. If your workplace doesn’t have decent security, then demand that they do something better on your behalf
  3. If you’re tempted to do what this couple has allegedly done, don’t. This is a huge, sad, scary, sordid story that will permanently affect the lives and careers of at least 2 employees.

On January 5th, 2018, the {redacted} Police Department took a report of suspicious activity at {redacted} Middle School. An employee of the middle school reported several suspicious instances regarding her District issued iPad and her cell phone which is connected to the District server. Over the course of several days, the employee reported unauthorized factory resets were performed on her phone and iPad.

The employee notified the District {redacted} IT department to assist with the issue.  The IT department determined that the resets were performed remotely.  In addition, the employee learned that private documents she created and saved on her secure drive were now transferred to a shared drive within the District.

District {redacted} IT staff continued to look into the matter and ultimately learned their computer systems were being accessed by someone outside their District network for the past 18 months.  Search warrants served by the {redacted} Police Department revealed the intrusions were coming from two specific Internet Protocol (IP) addresses.  These IP addresses were tracked to a residence in {redacted} as well as an IP address belonging to ISD {redacted} (different school district) in {redacted}. The residence in {redacted} is owned by District {redacted} (different school district) employee {redacted} and his wife {redacted}, who is a District {redacted} employee.

Search warrants were executed to seize devices and other evidence.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s