[ISN] Hacking charges to be dropped against Palm Beach high student

InfoSec News isn at c4i.org
Fri Jun 17 01:46:36 EDT 2005


June 16 2005

WEST PALM BEACH - Charges will be dismissed against a 19-year-old
Inlet Grove High student charged with hacking the Palm Beach County
School District's computers if he completes parts of a deal agreed to
in court on Thursday..

Ryan Duncan, of Palm Beach Gardens, has agreed to pay $2,025 in
investigative costs and complete 100 hours of community service. He
also has to write a letter of apology to the district.

Under the agreement overseen by Circuit Judge Lucy Chernow-Brown, the
100 hours of community can be waived if Duncan agrees to work with the
school district and a create a program on the seriousness of computer

Investigators believe Duncan illegally obtained a password that
allowed him to access district servers. Duncan may have received the
login information by looking over the shoulder of a computer
technician who was working at Inlet Grove High School in Riviera
Beach, where the teen is a student, district spokesman Nat Harrington
said in an April interview.

Duncan was arrested that month by school district police and charged
with offenses against intellectual property, a felony. He was released
on his own recognizance. Under the terms of Duncan's release, he is
allowed computer access only at work, sheriff's officials said.

He hacked into the system on nine occasions between December 2003 and
February 2004, according to court documents. He created his own
administrator account that allowed him to create other user names and
IDs, documents show. He caused little damage, but the potential impact
"could have been catastrophic," an investigator reported.

School district officials used his Internet Protocol address, a unique
identifying number, to track him through Adelphia, his Internet

Duncan told investigators that he knew his actions were illegal, but
he was doing it only to gain knowledge, according to the report.

Harrington said the accounts Duncan created were deleted. In addition,
the district requires users to regularly change their passwords. But
no additional security measures were needed, Harrington said, since
this was a matter of someone illegally obtaining a password, not a
case of someone unlocking the codes of the district's computer system.

"It wasn't a security breach. It was analogous to stealing someone's
keys to their house," he said.

Staff writers Akilah Johnson and Scott Travis contributed to this

More information about the ISN mailing list