Hack this school network, win a router

There's a wireless router gathering dust in Bob LaRocca's office. It's yours if you can hack into his network. First, some background: LaRocca is director of IT security with the School District of Palm Beach County in Florida, where he oversees a network of 60,000 computers in 175 schools and which he says covers more acres than any other school district east of the Mississippi River. Computer security has traditionally been a low priority in the public school system, but that's not the case in Palm Beach County. That's because a computer breach stung the school system in a very public way two years ago when local papers reported that Jeff Yorston, a student at one of the county's schools, got hold of an administrative password and gave himself an "A" in a French class he never took. He also managed to boost the grades of a few friends.

Yorston was discovered when another student complained that her ex-boyfriend -- with worse grades than she had -- was accepted into the University of Florida while she had been rejected. He has since paid a fine and agreed to state supervision in connection with the charges, according to the Palm Beach Post. After an investigation, county officials discovered that they hadn't been hacked. Instead the breach occurred because of a leaked password. "One of the administrators lent her password out to one of the students who was working on a project," LaRocca said. "That's what happens when you share passwords. We could put $1 million worth of controls in place, but when I give you my password, all bets are off." LaRocca says that the grades-changing incident was "a wake-up call for the district," which has now made security a top priority.

View: Full Story @ InfoWorld

Report a problem with article
Previous Story

Sun will Support OpenOffice.org

Next Story

Life on the EEEdge: Daily life with Asus' tiny laptop

13 Comments

Commenting is disabled on this article.

Ahh but Wireless can be fairly secure if not robust. Setup your WAPs on a untrusted network WPA2 TKIP and require the use of a AES FIPS140-2 vpn tunnel through the wireless.

This is very secure however not robust. I say that because its still radio freq and radios can be jammed.

Nice challenge This way he can even check which students are the ones with hacking knowledge.

Our company doesn't even use Wi-Fi, as it can be easily hacked. They even set up a demonstration with an invited Cisco network guru. It took all of 5mins to convince senior management to drop that idea :nuts:

Pre-made tools have made it very easy to hack wireless. Once inside, to get 'super user' access to a system is tough. Basically you need an open port. With even windows firewall monitoring the ports, script kiddies are going to have a tough time getting through that. There are tools that exploit vulnerabilities, but the computer needs to be running the exact version of software. Usually the exploit is patched before someone creates a tool for it. Simply put, a script kiddie probably won't be able to it.

um with something like BackTrack I can't imagine this would be very hard to do. Once set up, most of the tools - even the ones for WPA2 - are automatic. It's just a matter of time before security is breached.

Thrawn said,
What a loser. That purse is so small that no qualified hacker will waste his time here. He should bet his job :D

I think you miss his point, he's not asking for qualified hackers. He wants run of the mill script kiddies who don't know jack squat other than good hacking tool download sites. Real hackers are in short demand as it is. If his security on the Wi-Fi is even decent enough for him to feel confident to make this challenge, than other by brute force or social engineering, I don't expect you find many vulnerabilities to exploit here.

WPA2+RADIUS authentication perhaps... I assume he wants a "wardriver" setting up shop in his parking lot as he's focused on internal threats (students) and not the from the Internet side of the router. Brute forcing is going to take a while if has a decent authentication system and encryption in place.

This is the kind of attitude that leads to really getting hacked....

Leaking a password from your own internal people to a student isn't a "hack".

I wouldn't ever invite trouble like this... I hope they get in there and wreck havoc on the network, and this guy loses his job.

I can't imagine it would be that hard to do. You also have to define "hack," but then again, it is only for a wireless router.