Computer and Network Abuse in Schools
Anecdotes and Antidotes
Tim Bouwer (DSG/St Andrew's)
Introduction
I am not sure what it is about young adolescent boys that prompts some of their behaviour, but we spent a couple of weeks at the beginning of this year with a tube of SuperGlue, fastening the little door onto the bottom of the mice. It had become fashionable for Std 6 boys to collect mice balls. I doubt that this says anything about the testosterone levels of this age group, but an incident later in the year confirmed that sexual games do indeed play a role in some of the abuse of computers and networks at schools.
A young Std 7 lad managed to become a group manager on our Novell server and used this new status to create a few users on our system. One of these users, a Std 5 girl called Christina Kotze (no relation to any person living or dead), developed a persona of her own and became a bit of a legend amongst the underground computer club fraternity of the school.
A matric boy took over this account shortly after and began to use it to offend and incite people on the Internet (including other school children) and ultimately to set up a sting on a few matric and Std 9 boys who were wooed by her to a fever pitch. They were eventually humiliated to learn that their secret correspondence with this worldly-wise 13 year-old was circulated for the general amusement of his peers. We only discovered this after weeks because the Junior School accounts are not cross-checked with our marks and admin system in the same was as the Senior school is.
These pranks make amusing anecdotes because they illustrate both the inventiveness and the naughtiness that characterise much of the activities of young high school children. The problem is that the offspring of these pranks are often in the real world and often have real world repercussions.
Three first year students at a South African University found a computer that had been left logged onto the network by a naive first-time user. One of them had had a run-in with the Head of the Dept of Chemistry and they decided to send a bomb threat to him to get lectures stopped for a day or two.
Naturally, the HOD went through the roof and the police and campus security were called. After two hours of interrogating the poor student they began to realise that he really didn't have a clue as to what was going on. The network administrator was called in and after two hours of scratching through log files and looking at mailboxes, the three students names were retrieved. They confessed as soon as they were confronted with the logs and faced serious charges. In South Africa sending a bomb threat almost always results in a jail sentence.
Fortunately for them, the State prosecutor was lenient and allowed the University to deal with the matter internally. Nonetheless they were required to do a hefty community service and were banned from using the computer network at the university.
So what is the challenge? I doubt that we are going to be able to prevent curiosity about computer systems or the spirit of hacking that pervades the computer nerd cliques at our schools. But we do have a responsibility to temper their behaviour, to channel it (where possible) into more creative activities and to make them aware that anonymity can often be an illusion on a Network or on the Internet.
The challenge is all the more pressing given the certainty of a future that will include computers in ways which will make them as ubiquitous in schools at the calculator is today. Their inter-connectivity will likewise be as common as telephones are in households.
Anecdotes
Perhaps it would be easier if we were to have a look at different types of abuse that we would expect to be subject to at schools. This would include abuse in cases where our computer network is used by people outside of the schools for things like relaying bulk email or launching hacking attacks on other sites.
Tampering with individual computers
Mice balls, accidental or deliberate deletion of system files, alteration of settings in software packages on computers' disk drives.
Pranks with user accounts, local network
Stealing passwords, changing personal login scripts, stealing space or access rights, mailbombing, email forgery.
Determined attempts to break into or tamper with local network
Experimentation with hacking toolkits or virus toolkits, sustained attempts to get supervisor accounts on the file server.
Abuse external to your network
Spamming, hacking of servers, denial of service, mailbombs, bleeding heart email chain letters, virus hoaxes
Other ways of getting into trouble
Fraud (credit card), telephone and cellular network hacks, Warez, hacking remote networks
Antidotes
If the primary objective of dealing with abuse was catching the offenders, the most difficult to solve would be tampering with individual computers. This best describes a situation where there is no network and therefore no logging of user activity in a way that enables identification of people using particular computers. Perhaps the only way of dealing with that is to have some kind of automated access control either on the computer laboratory door, or on the individual computers. A close second is abuse that is external to the network. Both of these types of abuse can be limited by better control of access.
Logs and log summaries
A number of tools in the Novell environment are available for logging activity on the network. The most useful of these in a 3.1x environment is paudit. A newer version of paudit allows you to summarise information based on login times or station number or username:
ftp://ftp.ru.ac.za/pub/novell/utils/paudit2.zip
So, for example, you could select a network ethernet address and print a summary of who logged onto the network from that machine. An example of the use of this would be if a forged email message came to light, and it originated from a workstation on your network - you could find out who was logged onto that machine when the message was sent.
Technical ability of staff managing the network
This is becoming a more and more crucial aspect of schools' networking. With staff and scholars using a local area network for research and recreation, it has become imperative that someone is given full time responsibility for administering the network and the hardware connecting to it. It can no longer be regarded as an extra-mural of a subject teacher, and in many cases, where the network extends into classrooms and hostels it will require a full-time technical staff member.
Unfortunately most schools can't afford to employ an IT teacher, let alone a full-time network administrator, which leaves a gap for specialist consultants who will be making deals with collections of schools to advise and assist them in IT purchases, configuration and administration. A point of growth perhaps for local schools' network organisations?
Scholar involvement
There is a strange arrogance about being a "computer boff". The easiest way to see this is to pick a fight with someone who knows a bit about computers over some trivial aspect of computers. We are all guilty of it to some extent or another and it often prevents us from getting involved with what the scholars are doing.
Many of the more successful implementations of networks have scholars involved in a meaningful way in setting up and administering the network.
This is not to say that you should give away supervisory rights, but it does help to ask for some advice from some of these computer hot-shots.
Hack and tell philosophy
I am not sure of the wisdom of this one. I have suggested to some of the pupils who have been involved with some dubious pursuits on the network that they are welcome to experiment with hacking on my network - provided they tell me beforehand and allow me to be involved in what they attempt.
I say this with some reservation, because if it is a successful attempt and it does something like alter user profiles across the board it could be quite something to rectify afterwards.
On the other hand - setting up a separate server on a separate segment might be a good way to isolate these efforts!
Negotiation with your ISP
It should be possible to negotiate with you ISP to have certain filters placed on who can connect to your network and in which way.
In particular it would be useful if you could get the ISP that relays you mail to institute some sort of proactive Spam filter for you.
Fair warning (AUP, pupil contact)
In many cases, scholars are simply not aware of ways in which their activities can be logged or monitored. They are equally unaware of copyright issues relating to images on their web-sites and also relating to the distribution of copyrighted software (Warez). The counter culture on the Internet is strong and pervasive and pupils need to be told that illegal activities could result in legal action being taken against them or the school.
Herschel and other schools have developed an Acceptable Use Policy which they require pupils and parents to sign.
Parents sign to give permission for their children to use the Internet and pupils sign indicating that they agree to the conditions of use of the network.
Elimination of anonymous user accounts
Anonymous accounts often used for guests, once off classes, cdrom access etc. are often a launching place for hacking and forged email. If it is not possible to remove all anonymous accounts it is important to make sure that these accounts are not able to be active on the Internet with web browsers or other Internet clients (telnet, irc etc.)
Some useful sites to visit
http://ciac.llnl.gov/ciac/bulletins/h-05.shtml (email virus hoaxes)
http://193.2.154.119/natan/stuff.html (novell netware utils)
http://aas.duke.edu/HyperNews/get/nt/2.html (NT Telnet Hack info)
http://www.lib.ox.ac.uk/internet/news/faq/archive/computer-security.ntsecurity.html (NT)
http://www.txdirect.net/~wall/winnt.htm (lots of NT links)
http://www.darkening.com/flawed/index.html (Win95, NT)
http://www.darkening.com/flawed/ssping/index.html