More Details Emerging About School Laptop Spying, And It Doesn't Look Good

from the a-bit-proud-of-your-spying... dept

Following up on this morning’s post, new details are emerging about the school spying scandal in which a student was punished for apparently chowing down on Mike&Ike candy (which the school thought were drugs). In our comments, someone named Paul points us to a blog post from a security consultant, who digs much deeper into the story — focusing on one of the techies who worked at the school and apparently had a noticeable internet presence, having said a few things that could come back to haunt him. Note, that the school itself has said that only two techies on staff had the power to initiate the use of the remote spying tool.

Apparently, in various forums, blog posts and videos, one of the school’s techies talked about the technology they were using and how to set it up so that the user would not realize they were being spied on. He also discussed how to prevent a laptop using this software from being “jailbroken,” so users couldn’t discover that their computers were being used in this manner. Other forum posts from students at the school show that they were told they could not use other computers, could not disable the cameras and could not jailbreak their laptops on the risk of expulsion.

Furthermore, in looking at the software that was being used, the security consultant found serious security problems with it, in some ways similar to the famed Sony BMG rootkit:

With some of my colleagues, I began a reverse engineering effort against LANRev in order to determine the nature of the threat and possible countermeasures. Some of the things we found at first left us aghast as security pros: the spyware “client” (they call it an agent) binds to the server permanently without using authentication or key distribution. Find an unbound agent on your network with Bonjour, click on it, you own it. The server software, with an externally facing Internet port… runs as root. I’m not kidding. For those unfamiliar with the principle of least privilege- this is an indicator of a highly unskilled design. Unfortunately, when we got down to basic forensics, LANRev appears to cover its tracks well.

Things keep looking worse for the school, and school officials have done little to actually explain what happened, if the prevailing story is not actually the case.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “More Details Emerging About School Laptop Spying, And It Doesn't Look Good”

Subscribe: RSS Leave a comment
65 Comments
vivaelamor (profile) says:

“Bah, I don’t care what they claim you can easily turn off that camera with a clip of a notecard and some tape :D”

By the sounds of it they had something more akin to Bo2k but without the security measures. Personally I’d be less concerned about the camera than the effective yet insecure root kit. Who cares what they can do with your camera, with a rooted machine they could screw your life up without you ever finding out what caused it.

NAMELESS.ONE says:

@3

um my computer is not a toaster thank you
its a TOOL a mathematical tool that does wonderful things i make it do. while a toaster can be said to be a tool to burn bread it can do very little else and doesn’t add or do any math. you could i supposed make a toaster with ten slots and do math but your going to need a lot of bread to count to 100.
AND last i checked a toaster doesn’t require DRM, nor spyware to see what your up to while you wander around the kitchen ( playboy nude models aside )

Nightmare on webstreet says:

In the not too distant future

It is easy to say that a bit of tape will cure this particular problem, but I have seen articles about the next great display technology which intergrates many webcams within the pixels of the display. You can not tell where they are. Disabling this monster will take a bit more hacking than a bit of tape.

Anonymous Coward says:

Re: In the not too distant future

Fine, I’ll just get an infrared source (a frequency slightly lower than visual light, where humans can’t see it but cameras still can) with a reasonable amount of intensity and shine it on the cameras overwhelming it with light that the camera can see but we can’t hence interfering with its ability to see us.

for instance, take your televisions remote control, aim it in a camera, press the button, you’ll see a light through the cameras display but you won’t see it with your eyes.

Anonymous Coward says:

Re: Re: In the not too distant future

Better yet, long exposure to high intensity light will damage many camera receivers/antennas much like it’ll ruin your eyes, and most cameras are certainly much more sensitive to it than your monitor/computer screen. Just aim your monitor at the sun for a while and it’ll probably damage the antenna of the camera.

Anonymous Coward says:

Re: Re: Re:2 In the not too distant future

You want to get away with a red light ticket aim a laser pointer at the camera.

Well, the problem to accomplish this was actually a bottleneck at computing capability. The computing capability necessary to accomplish such a task is very much possible. GPS data on ground is more accurate than in the air.

This may be possible in the not-so-distant future. After all, earlier this month, a major defense contractor was able to shoot down missiles using laser technology. The contractor was then sent to the drawing board. What was the problem? It was too near-field. Does that make it not applicable to other applications? Not at all.

In fact, application of techniques and new technology such as a car-mounted chemical oxygen iodine laser, may hold promise to fix the red light camera problem that enslaves us all. It’s possible that a small-scale implementation that would fit in a trunk would be quite marketable.

btr1701 (profile) says:

Re: In the not too distant future

Yep. In that case, you just don’t use the laptop at home at all. (Assuming this nonsense is legal– which it isn’t.) You do your homework on your own machine, save it to a thumb drive or email it to yourself, then transfer it to the school computer at some later time. Leave your school laptop powered down, closed, and stored in your bookbag whenever you’re at home.

Anonymous Coward says:

Re: Re: In the not too distant future

Yep. In that case, you just don’t use the laptop at home at all.

So you just don’t do homework? You might as well drop out.

You do your homework on your own machine,

No go. Homework assignments can require the use of programs which the school only allows to be used on it’s own computers. They can also require access to resources which the school only allows to be accessed from the the school’s own computers. Or the school can simply require that all assignments be completed on school computers (so that no one has an unfair advantage or cheats).

Leave your school laptop powered down, closed, and stored in your bookbag whenever you’re at home.

Again, that could make it impossible to do the required homework assignments. I doubt if most parents want to see their kids flunk out.

btr1701 (profile) says:

Re: Re: Re: In the not too distant future

> > You do your homework on your own machine,

> No go. Homework assignments can require the
> use of programs which the school only allows to
> be used on it’s own computers.

Unless the school writes the apps themselves (and I haven’t encountered one who does that), how can they allow or not allow anything?

> Or the school can simply require that all assignments
> be completed on school computers

Again, unless they’re using some kind of proprietary software, how would they know? And even so, there’s ways around that, too. I can write my English paper up as a text document, e-mail it to myself, then copy and paste into their special word processing app, they’re none the wiser.

Anonymous Coward says:

Re: Re: Re:2 In the not too distant future

Unless the school writes the apps themselves (and I haven’t encountered one who does that), how can they allow or not allow anything?

It’s called “licensing”. Look it up.

Again, unless they’re using some kind of proprietary software,

Well there you go. Get a clue.

And even so, there’s ways around that, too.

So, people should disregard laws and other rules if they think they can get away it? That’s your solution? What do you do for a living anyway?

I can write my English paper up as a text document, e-mail it to myself, then copy and paste into their special word processing app, they’re none the wiser.

Man, how dense can you be? Do really think the computers are limited to using them for word processing? Often times they can’t even receive the evening’s assignments unless they log onto the schools network using the school computer and those assignments must then also be completed and submitted on line that evening.

The more you try to defend your ignorance, the more ignorant you look.

btr1701 (profile) says:

Re: Re: Re:3 In the not too distant future

> > Unless the school writes the apps themselves (and I haven’t
> > encountered one who does that), how can they allow or not allow
> > anything?

> It’s called “licensing”. Look it up.

Oh, look! You’ve decided to start being a sarcastic asshole. That’s always productive.

The point is, if I want to my homework on my own computer at home, the school can’t tell me what software and is not “allowed” on it. If they’re using MS Word on the issued laptops, I can go out and buy my own copy of MS Word, put it on my home computer, and do my assignments with it.

The only way this doesn’t work is if the school is writing its *own* proprietary software– it’s own spreadsheets, word processors, etc.– and that’s not something that most schools can afford to do.

> > Again, unless they’re using some kind of proprietary software,

> Well there you go. Get a clue.

So you’re basically criticizing me for not knowing something that I obviously knew. Seems like you’re so intent on being a humorless jerkoff that you’ve lost all sense of basic logic. Well done!

> So, people should disregard laws and other rules if they think
> they can get away it?

They’re just rules, not laws, bright eyes– public schools can’t impose laws on the populace. What was it you said earlier about getting a clue?

And if the school is imposing those rules with a nefarious (and illegal) purpose in mind– namely to force me to use a device in such a way that they can monitor me in contravention of state, federal and constitutional law, then you bet I have no problem with circumventing that purpose.

> Do really think the computers are limited to using them fo
> word processing?

No, that was just an example, chief. I would have thought that obvious. Apparently I gave you too much credit. That’s my mistake and I apologize. Since you seem to require it, I’ll certainly attempt to be more pedantic for you in future.

> Often times they can’t even receive the evening’s assignments
> unless they log onto the schools network using the school computer

And what happens with homes that don’t have internet service? Or whose service goes down some night? There has to be other ways of getting the assignments.

> The more you try to defend your ignorance, the more ignorant you look.

Behold the irony.

Anonymous Coward says:

Re: Re: Re:2 In the not too distant future

“I can write my English paper up as a text document, e-mail it to myself, then copy and paste into their special word processing app, they’re none the wiser.”

Copy and paste outside the application is disabled, as is printing, screen capturing and offline saving. Supposedly to prevent students from copying from each other or violating copyrights.

btr1701 (profile) says:

Re: In the not too distant future

> I have seen articles about the next great display technology which
> intergrates many webcams within the pixels of the display

I wonder what they’re gonna do when they get some student who’s an exhibitionist and starts purposely doing all sorts of self-stimulation exercises in front of the camera?

Seems like a good way to get the school authorities in a lot of hot water. Maybe make a few of them into sex offenders.

nelsoncruz (profile) says:

I found the part of Cory Doctorow’s “Little Brother” that this this thing reminded me of:

“I turned to my SchoolBook and hit the keyboard. The web-browser we used was supplied with the machine. It was a locked-down spyware version of Internet Explorer, Microsoft’s crashware turd that no one under the age of 40 used voluntarily.

I had a copy of Firefox on the USB drive built into my watch, but that wasn’t enough — the SchoolBook ran Windows Vista4Schools, an antique operating system designed to give school administrators the illusion that they controlled the programs their students could run.

But Vista4Schools is its own worst enemy. There are a lot of programs that Vista4Schools doesn’t want you to be able to shut down — keyloggers, censorware — and these programs run in a special mode that makes them invisible to the system. You can’t quit them because you can’t even see they’re there.

Any program whose name starts with $SYS$ is invisible to the operating system. It doesn’t show up on listings of the hard drive, nor in the process monitor. So my copy of Firefox was called $SYS$Firefox — and as I launched it, it became invisible to Windows, and so invisible to the network’s snoopware.”

It’s a great book. I highly recommend it. Should be required reading for any teenager or young adult. 🙂

Anonymous Coward says:

whats with all this jail breaking stuff. What if I dont want to have to break my electronics from the confines of authority. My electronics are free and that is how they should all be. I payed for my pc…I can do what I want with it(Linux). I bought my phone…guess what, I can do what I want(Android). Its sad that only techies are allowed to have freedom on there electronics.

Thomas (profile) says:

Re: Wait so...

So a girl has the laptop in her bedroom and comes in from the shower to get dressed and the admins salivate and copy the images and post them on pr0n sites and then the kids parents find out about it. Now what do you think the kids parents will do about it? And how about the school board? Just picture one of the school board members finding pictures of their kids on the web undressed. oh my. The sheer magnitude of a lawsuit allowing this to happen would be enormous.

PRMan (profile) says:

Defending the school

IF (and a big if) the school had only used this for stolen laptops, took the minimum pictures necessary to recover them and was being sued by a student that didn’t like being caught, then I could understand people defending them.

But reading the article, seeing the creepy administrator brag about how he could do everything without the kids knowing and seeing the comments from the parents and students feeling like they had no say in the Big Brother experiment makes it clear that the district acted unconscionably and that the district is in serious trouble.

After seeing that guy brag, I wouldn’t be surprised if most of the pictures were deleted very quickly into the beginnings of the investigation. There is no way they only snapped 42 pictures total with all the complaints of lights coming on at random intervals.

Bob F. (user link) says:

Frontline spin on this...

Recent pbs “frontline” episode “digital_nation” casually describes this same topic. At about 30 minutes in – journalist sitting w/high school vice (?) principal. He’s demoing the ability to observe student laptops remotely – including web cam. I believe in this case the laptops & network are both owned by a public school district. Might put a different spin on it. I was surprised the topic of privacy didn’t even come up.

One more detail – by chapter it’s “4 – Teaching With Technology”.

Stephen says:

how this ends

At what point does the school counterattack by having its lawyers try to settle on these terms: if the boy’s family drops its suit, the school won’t pursue its allegations into illegal behavior, although it also won’t admit any wrongdoing, just that “mistakes were made, and policies are being reviewed”?

foxsan48 (profile) says:

i think

i think this is totally wrong i know my school can see everything i type and can take control even at home, ment to be for school use only and have a blue coat proxy(on laptop) that blocks sites, when connected to internet i think it updates the database and blocks and new sites added to it, guessing, the laptop has a sim card to im a techy person they say they have satalite tracking, i dont believe they could afford it, then again it is the government

Linux Tutorials (user link) says:

So a girl has the laptop ...

So a girl has the laptop in her bedroom and comes in from the shower to get dressed and the admins salivate and copy the images and post them on pr0n sites and then the kids parents find out about it. Now what do you think the kids parents will do about it? And how about the school board? Just picture one of the school board members finding pictures of their kids on the web undressed. oh my. The sheer magnitude of a lawsuit allowing this to happen would be enormous.

vietdutravel (user link) says:

program to 'việt nam

But reading the article, seeing the creepy administrator brag about how he could do everything without the kids knowing and seeing the comments from the parents and students feeling like they had no say in the Big Brother experiment makes it clear that the district acted unconscionably and that the district is in serious trouble.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...