Interesting People mailing list archives
Business-School Applicants, Under Cover of Anonymity, Dispute'Hacker' Label
From: David Farber <dave () farber net>
Date: Fri, 11 Mar 2005 12:00:56 -0500
From
Dave, We have an article today about the business-school 'hackers' that I thought might interest your readers. I'm attaching below. -Jeff Youngjeff.young () chronicle com Friday, March 11, 2005 Business-School Applicants, Under Cover of Anonymity, Dispute 'Hacker' Label By DAN CARNEVALE Business-school applicants who tried to sneak early peaks at their admissions status online are sniping anonymously at Harvard University and two other institutions, saying administrators have overreacted by labeling the applicants hackers and denying admission to all of them. Their claims are winning them some support, although not from business-school officials. By Thursday the applicants had achieved an unusual kind of notoriety, as bloggers, professors of ethics, and other members of the professionally opinionated classes debated whether breaking into the business schools' online admissions systems was really wrong -- and if so, how wrong. The applicants in question include more than 200 individuals who had applied online to six business schools and then tried last week to skirt the admissions systems' security after someone posted instructions on a forum on Business Week's Web site explaining how to do it (The Chronicle, March 4). Carnegie Mellon University, Harvard University, and the Massachusetts Institute of Technology said that they knew which of their applicants had tried to break into their computer systems, and that none of those applicants would be admitted. Carnegie Mellon had two applicants attempt to sneak into the system; Harvard, 119; and MIT, 32. The other three institutions -- Dartmouth College, Duke University, and Stanford University -- are still debating what action to take against the applicants they caught trying to preview their admissions status. All six of the institutions were using the same commercial online-application software, licensed by ApplyYourself Inc. Programmers at the software company patched the security flaw about nine hours after the hacker posted the instructions to the online forum. One of the Harvard applicants, who asked to remain anonymous, said in an interview on Thursday that although he now sees that what he did was wrong, he wasn't thinking about that at the time -- he just followed the hacker's posted instructions out of curiosity. And, he said, he doesn't consider what he did to be "hacking," because even somebody with his novice computer skills could easily follow the posted instructions. "I'm not an IT person by any sense of the imagination," he said. "I'm not even a great typist." After he found out that Harvard was looking into the situation, he wrote the university a letter to apologize. "I admitted that I got curious and had a lapse in judgment," he said. "I pointed out that I wasn't trying to harm anyone and wasn't trying to get an advantage over anyone." Although he will be denied admission to Harvard Business School, he said he had been accepted by another top school. According to the posted instructions, obtained by The Chronicle, an applicant had to log into the admissions system using his or her name and password and then view the source code of the Web page to find a unique identification number. The applicant then had to add that ID number to a URL provided by the hacker. Whatever information was in the applicant's file then appeared. Len Metheny, chief executive officer and president of ApplyYourself, said the applicants should have known, simply by how complicated the procedure was, that they were gaining access to something they were not supposed to see. "These students used this procedure that was posted by a self-identified hacker himself to get unauthorized access to an otherwise restricted page," Mr. Metheny said in an interview on Thursday. "That is wrong." But Richard M. Smith, an Internet security and privacy consultant based in Boston, said what the applicants did hardly qualified as a "hack." He said it is not uncommon for people who are familiar with the Internet to check a Web site's source code to see what is available. "Since I go through source code a lot, you're probably asking the wrong guy," he said. "I wouldn't characterize what they were doing as hacking into the Web site." The applicants should have known better, he said, but he thought the applicants hadn't done anything seriously wrong, especially since they couldn't change anything in their files or view anybody else's information. "I don't think the applicants are blameless here," Mr. Smith said. "I think they did cross the line, but I think the punishment is a little harsh." Harvard officials referred to a previously released written statement by Kim B. Clark, dean of the Harvard Business School. Any applicant who tried to look up his or her information, the statement said, "will not be admitted to this school." It continued: "Our mission is to educate principled leaders who make a difference in the world. To achieve that, a person must have many skills and qualities, including the highest standards of integrity, sound judgment, and a strong moral compass -- an intuitive sense of what is right and wrong. Those who have hacked into this Web site have failed to pass that test." Another Harvard applicant, who also wished to remain anonymous, said he knew he had made a poor judgement call. But he said he was offended by having his ethics called into question. "I had no idea that they would have considered this a big deal," he said. "The attacks that Harvard has been putting out are ludicrous." One poster on the Business Week forum who identified himself as "GaelicPrice" said he had applied to Harvard's business school and had given his wife access to his admissions Web account. According to his post, his wife found the instructions and tried to check whether her husband was accepted -- and didn't tell him until the next day. "I'm really distraught over this," the post said. "My wife is tearing her hair out. Honestly HBS has dropped several notches in my eyes." Copyright © 2005 by The Chronicle of Higher Education ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Business-School Applicants, Under Cover of Anonymity, Dispute'Hacker' Label David Farber (Mar 11)