More Details Emerging About School Laptop Spying, And It Doesn't Look Good
from the a-bit-proud-of-your-spying... dept
Following up on this morning’s post, new details are emerging about the school spying scandal in which a student was punished for apparently chowing down on Mike&Ike candy (which the school thought were drugs). In our comments, someone named Paul points us to a blog post from a security consultant, who digs much deeper into the story — focusing on one of the techies who worked at the school and apparently had a noticeable internet presence, having said a few things that could come back to haunt him. Note, that the school itself has said that only two techies on staff had the power to initiate the use of the remote spying tool.
Apparently, in various forums, blog posts and videos, one of the school’s techies talked about the technology they were using and how to set it up so that the user would not realize they were being spied on. He also discussed how to prevent a laptop using this software from being “jailbroken,” so users couldn’t discover that their computers were being used in this manner. Other forum posts from students at the school show that they were told they could not use other computers, could not disable the cameras and could not jailbreak their laptops on the risk of expulsion.
Furthermore, in looking at the software that was being used, the security consultant found serious security problems with it, in some ways similar to the famed Sony BMG rootkit:
With some of my colleagues, I began a reverse engineering effort against LANRev in order to determine the nature of the threat and possible countermeasures. Some of the things we found at first left us aghast as security pros: the spyware “client” (they call it an agent) binds to the server permanently without using authentication or key distribution. Find an unbound agent on your network with Bonjour, click on it, you own it. The server software, with an externally facing Internet port… runs as root. I’m not kidding. For those unfamiliar with the principle of least privilege- this is an indicator of a highly unskilled design. Unfortunately, when we got down to basic forensics, LANRev appears to cover its tracks well.
Things keep looking worse for the school, and school officials have done little to actually explain what happened, if the prevailing story is not actually the case.