Vulgar hacker hits school Web site

[InfoSec News <isn () c4i org>]

http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2005/11/10/BAGGCFLUCA1.DTL

Nanette Asimov
Chronicle Staff Writer
November 10, 2005

San Francisco school officials are trying to figure out who hacked
into a high school Web site, posted a student's face over vulgar and
mocking images, then added racist and gang-related captions using the
student's name.

Normally, the Washington High Web site features the usual school fare:  
club news, athletic schedules, student triumphs and information for
parents.

But on Wednesday, school officials realized that someone had replaced
all the school information with a set of photo montages apparently
intended to humiliate a single student.

David Campos, the district's legal counsel, said the site was ordered
shut down as soon as the invasion was discovered.

That didn't happen instantly. For hours, the mean-spirited images
lingered on the site as frustrated administrators prepared to take
legal steps against the company unless it cut off public access.

"If I have to stay here till midnight to get this shut down, I will,"  
said Principal Andrew Ishibashi of Washington High.

Finally, at about 3 p.m., the site was closed down.

But questions remained, such has how the hacking happened, why it took
so long to shut down the site, and how the software security breach
might be patched.

The hacker used the breach to post the "N" word on the school's site,
as well as gang references.

"Hacking into a computer is against the law. Everything else is
freedom of speech," said an inspector with the San Francisco Police
Department's Gang Task Force. "It doesn't sound like gang involvement.  
It sounds like one guy trying to make fun of another guy."

But Web technology has transformed what once might have been a
heartless practical joke within school walls into a far more extreme
brand of public humiliation. Milder versions have been dubbed
cyber-bullying.

The school will provide counseling for the victim of the hacking,
school officials said.

The incident is the district's second computer-related glitch with bad
consequences in less than three weeks. On Oct. 20, the personal
information of tens of thousands of California children -- names,
state achievement test scores, identification numbers and status in
gifted or special-needs programs -- became open to public view through
a security loophole in San Francisco and dozens of other districts
statewide using a popular education software system.

In that case, San Francisco administrators were able to shut down
access to the system, called OARS -- Online Assessment Reporting
System -- almost immediately.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.