Teen Changes Wallpaper On Teacher's Computer; Gets Charged With A Felony By Sheriff's Office

from the CFAA:-Teen-Edition dept

Change a teacher’s desktop wallpaper? That’s a felony.

The Pasco County Sheriff’s Office has charged Domanik Green, an eighth-grader at Paul R. Smith Middle School, with an offense against a computer system and unauthorized access, a felony. Sheriff Chris Nocco said Thursday that Green logged onto the school’s network on March 31 using an administrative-level password without permission. He then changed the background image on a teacher’s computer to one showing two men kissing.

Seemingly everyone at every level of government wants to talk about cybersecurity. Most of what’s discussed is delivered in the breathless cadence of a lifetime paranoiac. (Won’t someone think of the poor multimillion-dollar studios?!!?) This school is one level of government. So is the sheriff’s office. Both felt the 14-year-old’s actions were severe enough to warrant felony charges. Why? Because somebody hacked something. If you can even call it “hacking…”

Green had previously received a three-day suspension for accessing the system inappropriately. Other students also got in trouble at the time, he said. It was a well-known trick, Green said, because the password was easy to remember: a teacher’s last name. He said he discovered it by watching the teacher type it in.

The teen changed a computer’s wallpaper and was able to do so because the most basic of security precautions weren’t taken. Multiple students took advantage of this lax security to access computers with webcams so they could chat “face-to-face” while utilizing the school’s network.

The school got all bent out of shape because some of the computers accessed contained encrypted test questions. It turned the student over to law enforcement because it deemed his “breach” of its system too “serious” to be handled by just a 10-day suspension. It had him arrested because of things he could have done, rather than the thing he actually did.

One of the computers Green, 14, accessed also had encrypted 2014 FCAT questions stored on it, though the sheriff and Pasco County School District officials said Green did not view or tamper with those files.

And yet, Sheriff Chris Nocco is still looking to prosecute a 14-year-old for attempting to annoy one of his teachers. Here’s the student’s description of what he did.

“So I logged out of that computer [because that computer didn’t have a webcam] and logged into a different one and I logged into a teacher’s computer who I didn’t like and tried putting inappropriate pictures onto his computer to annoy him,” Green said.

Here’s Sheriff Nocco’s statement:

“Even though some might say this is just a teenage prank, who knows what this teenager might have done,” Nocco said.

Well… you do know what “he might have done,” Sheriff Nocco. And yet, your response to this situation is to hand out felony charges to a teen for something he might have done? Is that the way law enforcement is really supposed to work? [The FBI has issued the following statement: “That’s the way it works for us. Almost exclusively.”]

He told you exactly what he did and why he did it. Your own investigative efforts confirmed he never accessed the oh-so-untouchable FCAT questions. Incredibly, Sheriff Nocco wants to not only punish this student for something he might have done, but any other teens who might do stuff.

The sheriff said Green’s case should be a warning to other students: “If information comes back to us and we get evidence (that other kids have done it), they’re going to face the same consequences,” Nocco said.

Sheriff Nocco: I will arrest and charge teens with felonies for annoying educators and/or exposing their inability to make even the most minimal effort to keep their computers secure. If I lived in this county, I’d be very concerned that law enforcement officials are keen on the idea of arresting and prosecuting teens for stuff they didn’t do (access test questions) or things they might have done (TBD as needed for maximum damage to teens’ futures).

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Teen Changes Wallpaper On Teacher's Computer; Gets Charged With A Felony By Sheriff's Office”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

While we're at it...

If hypothetical actions are now to be treated as though they actually happened, I suggest that along with the felony, the teenager be awarded a Nobel Peace prize for securing peace in the middle east, an Ig Noble Award for finding the most petty way to garner a felony charge(wait, that one’s not hypothetical), a Medal of Valor for his daring rescue of an entire aircraft carrier from communist terrorists, and a Purple Heart for injury sustained in combat rescuing said aircraft carrier.

After all, he might have done all that too.

Anonymous Coward says:

What is really sad is that a bunch of students got in trouble for accessing the system and based on the article it sounds as though the admin never changed the password. Shame on the school! Seriously, what did they expect.

This is what kids do. Even 20 years ago when I was in school the first thing everyone did when sitting in front of locked computer was try and bypass the controls. It was a badge of honor for the person who broke them. Shoulder surfing for passwords was even then standard practice

Rabbit80 (profile) says:

Re: Re:

Brings back memories of when I went to college.. I had many ways around the security – using a RM Networks default account for login, using a modified version of regedit to gain additional privileges then installing whatever we wanted. We gamed the system mainly so we could set up Quake LAN parties – our 10Mb account limit was too small for keeping the game files in so we needed access to the C: drive 🙂

Other tricks I used was a DDOS that caused a BSOD on any machines in a list – we used that as soon as a teacher walked in the room to crash all the gaming machines.

I got into trouble a couple of times – but never serious.

Anonymous Coward says:

High School

When I was in high school I had access to the attached university’s network because I was taking AP Pascal and that’s where we did our work. There was no web at the time, but I had a modem at home and was active on local BBSes. While messing around on the network my friend and I found a modem and used it to call some BBSes across the country. Apparently we set off some security warning because suddenly my account didn’t work. So I logged in using an unused account (they created a bunch of accounts for the class and they all had default passwords at first). Then that got cut. Then a teacher burst into the lab demanding that we stop doing whatever we were doing.

Luckily our Dean was not an idiot, and after we explained, we didn’t get into any trouble. These days I wonder if I would be charged with a felony.

That Anonymous Coward (profile) says:

And the felony is from making someone with power look stupid… and the Sheriff has decided to make himself look even stupider.

“Even though some might say this is just a teenage prank, who knows what this teenager might have done,” Nocco said.

Which sounds like the justification for each person who gets shot by cops. We dunno what they would have done so we went with the most extreme response. Cop logic.

The teenager would have done something stupid but pretty much harmless. But for making the powers that be look bad he must be punished to the insane limits of the legal system (and then some) to remind the little people to never ever color outside the lines or question their betters.

Zero tolerance, zero thought, zero intelligence…
Perhaps something this stupid should be used to examine how those “unforeseen consequences” from shitty laws play out and how to fix them before ruining a teenagers life.

Chronno S. Trigger (profile) says:

Re: Re: Even less

Oh, anything he might have done does enter into it. They aren’t saying what he could have done to get a harsher punishment, they’re doing as an emotional plea.

If they just said what he did and nothing else, there would be public backlash. Why should a student face felony charges for a stupid prank? Throwing words like “hacking” and saying what he could have done adds an emotional layer that blinds people.

David says:

He was lucky

It had him arrested because of things he could have done, rather than the thing he actually did.

Well, they only got him arrested because he could have accessed tests. Since the whole previous incident involved webcams, he should be glad he did not get booked for child pornography charges.

After all, he had access to a webcam and a child, and it likely can be proven that he had undressed the child (namely himself) on previous occasions.

These days, it is probably easiest to arrest people for being in the U.S.A., and if one takes a look at incarceration rates, it seems not too far from what is actually happening.

Maybe just put a fence around the entire country, not just the Mexican border, and put everybody on probation.

Just Another Anonymous Troll says:

Re: teen gets charged with felony

No one said not to punish him. He did tamper (if you can call screwing with the wallpaper tampering) with a school computer and should face some sort of consequence. Charging him with a FELONY is about as dumb as it gets. It doesn’t matter how old he is, his attitude, (protip: having a bad attitude is not a felony), or whether or not he knows right from wrong, a practical joke is not worthy of felony charges, not even if it’s on a computer. Teenagers do stupid stuff. Their lives should not be ruined just because of a minor lapse in judgement at 14. I pray to God that you are never on a jury.

Anonymous Coward says:

Re: teen gets charged with felony

I’m pretty sure he knew this was wrong and just did it anyway. He deserves a suspension. Maybe he deserves to be banned from the computers for the rest of the year. But a felony? You think he should be in prison for the next year or so? You think that will produce the best outcome for society?

Not every bad action needs to be a crime, and not every crime needs to be a felony.

My guess is that the school was afraid of getting into huge trouble for letting a student access a computer with those standardized test questions on it (even though the student would have no reason to even want to look at those questions since their grades are unaffected by those tests – and in fact he did not even attempt to look at them even after he got access to the computer that had them) and decided to come down as hard as possible in the hopes that this would mollify the state.

Anonymous Coward says:

Re: Re: teen gets charged with felony

This is the authoritarians bureaucrats ways of increasing security, use sever punishment to discourage people, rather that them having to take security seriously. It is an approach that suits them, because they do not have to understand or deal with security directly.
Like all authoritarian measures it is prone to failure, and this is dealt with by making the punishment more sever, and applicable to more minor infractions of the rules.


Re: teen gets charged with felony

The kid clearly has some sense of proportionality that “The Law” clearly does not.

It should require a little bit more than being a disrespectful kid in order to get the kind of criminal record that can strip you of basic rights and prevent you from holding many professional and even non-professional jobs.

This nonsense is in the same territory as jaywalking or spitting on the sidewalk.

Anonymous Coward says:

Re: teen gets charged with felony

Ah, I see…make it a felony based on a teenager’s attitude.

Let me ask why you don’t think the teacher should be punished for potentially exposing students’ personal information because of a weak password?

You know, since you’re all hell bent on punishing the kid for what “could’ve happened…”

JMT says:

Re: teen gets charged with felony

“I think the Sheriff did the right thing based on the terrible attitude of the teen.”

If you think this teen’s actions rise to the level of “terrible” compared to the sort of things most teens do during a period of incomplete emotional growth, then you must be seriously lacking experience with actual teens.

sigalrm (profile) says:

Re: Re:

If we’re going to wield the “What part of illegal don’t you understand” hammer, then here’s a random thought:

The school district needs to be investigated for probable FERPA violations by the DoE Family Policy Compliance Office. Because based on what’s in the article, they clearly have problems controlling access to the computer systems containing student records.

Oh, and the head of their IT department needs to be fired for gross negligence – for allowing the system to be configured to use such a weak password in the first place. Because in Active Directory, at least, you have to specifically enable use of such crappy passwords.

Anonymous Coward says:

Re: Re: Re:

Hah. As someone who works in the IT department. You clearly have no understanding of what some IT departments have to deal with to keep everyone online and running. First, there wouldn’t be a FERPA violation as most student record system in my state are cloud base and not integrated into AD. Otherwise you can specify a more complicated password but what ends up happening is then you then have a far high amount of students coming in to reset their passwords. Administration then gets upset because students are losing learning time since they are having to change their passwords. You fight with them for a couple years till they finally see that you are right. You are not allowed to put a fine in place for repeat offenders. My only reprieve after increasing the complexity in our district was that I was allowed to give librarians the ability to reset passwords. Then you top it off with trying to keep 10 year old machines running.


Re: Re: Re: Great, the "but it's too hard excuse".

The fact that most people are mouth breathing, knuckle dragging, idiots doesn’t absolve you from legal and professional responsibilities.

Anyone that works in IT should be able to tell you that.

This is especially funny since we are talking about SCHOOL where the “but it’s too hard excuse” should get you laughed out the door.

Anonymous Coward says:

This is what happens in a larger town where no one really knows those around them. I live in a small town and if this happened here the game would then be on. That teacher would hack his computer or cell and post a picture that might embarrass him, for certain it would get a laugh out of everyone. Yes I really know my neighbors and most of their dogs and cats names as well. It is sad what this world has come to, arresting and charging children, making them felons over a common sense issue.

Anonymous Coward says:

In other news, Instructors who have chosen their own passwords (poorly) for administrative functions were not “sent a message” about how serious the consequences of their actions can be.

We only care about the victims, not the dangerously ignorant behaviors of those tasked with overseeing children 180 days of the year.

PaulT (profile) says:

“Even though some might say this is just a teenage prank, who knows what this teenager might have done”

I once snuck into a storage room at school without permission and unsupervised. While there, I could have looked at some test papers. I might also have poured petrol over the paperwork there and set the whole place on fire. So, even though I didn’t do so much as steal a pencil or copy a test question, I should have been charged with arson and attempted murder, because that was possible.

I what kind of mental deficiencies you must have for this to sound reasonable just because you put “on a computer” after the initial action.

lars626 says:

… and when do we hear about the punishment for the teachers and administrators for the lax security features? They created the situation in the first place. If the 14 year old is to be charged then they should be charged with ‘contributing to the delinquency of a minor’ or what ever it is called these days.

A better outcome would be for the sheriff to get the parents and kid in a room and give them the ‘stern cop’ treatment. He then collects the school staff and rips them up for being lazy, stupid, and wasting his time.

Berenerd (profile) says:

So, as this computer had sensitive materials on it, does the teacher get fired for not following security procedures put out by those who do the testing? How about the school administrator who allowed this to happen? If they are going to go over board with the student they should be doing the same for all who were involved on both sides. Seems fair to me.

PaulT (profile) says:

Re: Re:

In fairness, this is consistent with modern corporate and government procedures. If someone finds a security flaw, the usual reaction is to get the researcher who found the flaw arrested and prosecuted rather than admit fault or fix the error. Doesn’t matter how easy it was (people have been prosecuted for changing the URL in a link, for example), as long as those responsible can divert blame, it’s all good.

Chronno S. Trigger (profile) says:

“‘Even though some might say this is just a teenage prank, who knows what this teenager might have done,’ Nocco said.”

I don’t get it. Why is human motivation treated like Quantum Theory? The wave form has already collapsed, we know the outcome.

The kid wasn’t interrupted while logging in, he completed his prank. We know what he might have done because he already did it.

What would you do if you had unfettered access to a school computer? Well, for this kid the answer was: put up a stupid wallpaper.

eye sea ewe says:

Re: You can't expect a lowly LEO to understand...

anything regarding high technology, quantum mechanics or advanced mathematics.

It is very likely that he has only mastered the rudimentaries of “reading, riting, and rithmatic”.

My sheep probably know more than he does about the complexities of computer technology. One can only hope that, if he has any children, they are somewhat more intelligent than he is.

I suppose it’s time to stop being sarcastic at this little man and let it go. But stupidities like this wear thin against my charitable side.

eye sea ewe says:

Re: Re: Re: You can't expect a lowly LEO to understand...

Which stupidity, a kid being a kid, and which a teacher should know how to deal with, or authority figures turning a harmless prank into a felony.

I thought it was obvious that I was talking about the “supposed” adults (you know the copper and the school admin).

The kid has been a kid that could use some good self-discipline, but he isn’t going to learn that from the examples of the various “authorities” he is now dealing with. They are acting more like little tantrum throwing children and are not providing any sort of decent adult example.

Anonymous Coward says:

Working in a school, we had a student who brute forced a computer and started installing a bunch of games. That was actually hacking and not just figuring out someones password. As punishment, we had him do some work for the tech department. We got 4 hours of his time and he never did it again at the school.

DCL says:

Re: Re:

I disagree with your definition of “hacking”. Hacking a system is just to get unauthorized access to a computer and the majority of the time that is not done via code but by “social engineering”.

Over the shoulder attacks are really just an old form of social engineering since you have to make the user feel comfortable to enter the password yet still be able to watch. Even easier is the “password under the keyboard/in the drawer”.

Even “brute force” methods start with the common passwords (see the yearly list of common passwords)if you know the person then you start with birthdays, kids names, favorite sports teams etc.

JP Jones (profile) says:

Re: Re:

I did the same thing when I was 14. I “hacked” our school’s advanced security system. Basically, the system prevented you from right clicking on the desktop or accessing the “run” command (Windows 95) to lock students into approved programs. So I opened Word, opened a “Open” dialog, and right clicked the C: drive and chose “Explore.” A couple seconds later I found File Manager, which conveniently had a run command…yeah, you get the idea.

Four player deathmatch Grand Theft Auto (yes, the original top-down game) is all I remember from my typing class. I ended up getting the “Excellence in Computer Science” award all four years in high school, even after finally being caught (well, someone else got caught and told on me). I ended up helping them out with the computers after hours, no big deal.

Seriously, though, I’ve committed half the crimes students are getting criminal charges for in high school. I’ve hacked computers, wrote threatening messages, drew pictures of guns and knives, got in fights, and even proved teachers wrong. It sickens me that normal behavior has become such a huge deal.

Anonymous Coward says:

Re: Blame the school administrators

As an IT administrator at a school, I can tell you that the teacher union would come down on you if you tried to make dual authentication a standard. Passwords are effective in a school environment. They don’t need to have high level of security. Teachers already have a problem remembering passwords. Any additional complication, that could be viewed as unneeded, such as dual authentication, would cause the teachers to get angry and go to their union rep. Passwords are only effective if it is a proper password. The password in this instance was the teachers last name. I have stronger requirements in place but I still find teachers making passwords that are easy to guess.

sigalrm (profile) says:

Re: Re: Blame the school administrators

Forget 2-factor:

In AD Group Policy Management:
Computer configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies/Password Policy -> Password must meet complexity requirements.

Turn the knob from Disabled back to Enabled (which is the default, anyway) and hit apply. And now Windows won’t accept a password as simple as a person’s last name.

Where should I send the consulting bill?

Anonymous Coward says:

Re: Re: Re: Blame the school administrators

“Student logs into teacher’s computer! Password written on a post it note under the keyboard! When asked for comment, the teacher said ‘I kept forgetting my password, so finally I just wrote it down and put it where I could get it when I needed it. I didn’t think any students would start messing around at my desk.'”

sigalrm (profile) says:

Re: Re: Re:2 Blame the school administrators

Then that’s on the teacher, and punishable as per their employment agreement. You know, the one where they agree to follow district policy, and then make a conscious decision not to?

It would – at the very least – partially insulate the school district from liability in this case. Which doesn’t seem like a lot until your lazy teacher brings the federal government down on the school and the district.

Anonymous Coward says:

Re: Re: Re:3 Blame the school administrators

Trying getting that past the teacher’s union. You can’t just fire them like in a business. It is difficult to even get minor changes in the contract and once it is set, you have to wait 3 years before you can implement even more minor changes. Anytime you try to make any changes, it is instantly associated with better pay. If you can’t afford to increase their pay then you can’t really make a change unless you give up on another issue. On a lot of these issues, you just have to hope that the teachers holding up that section of the contract will retire. Then new younger generation of teachers are much more conscious about their digital citizenship so it isn’t a problem. Otherwise, I completely agree with you.

Anonymous Coward says:

Re: Re: Re: Blame the school administrators

You can keep your consulting fee to yourself. Mine is already setup with that but it is still get things like FirstLastname15. But you know what ends up happening even after you implement a layer of complication? They put a sticky note with the password attached to their monitor. What is more secure? An easy password that they can remember or a hard password that they attach a sticky note to the monitor.

Anonymous Coward says:

Re: Re: Re:2 Blame the school administrators

These are.. teachers? That we entrust the future of our countries children to?

How did they become teachers if they can’t remember anything more difficult then their name? Isn’t college, and being a teacher requires college, supposed to prepare you for the hardships of life?

I didn’t finish college but I made my way to Engineer. Even without college I can remember a complex passPHRASE. (Insert obligatory correct horse battery staple XKCD here). You should have moved to this method over all others.

John Fenderson (profile) says:

Re: Re: Re:3 Blame the school administrators

Even without the XKCD method, memorizing random passwords isn’t hard. Ignoring my personal machines, I have five passwords that I need to use on a daily basis for work. These must be changed frequently. They are all random. Here’s a typical example: mZcN&Or-xE

When password change day comes around, I do have a couple of days of fumbling because I need to look the passwords up in my password locker, but after that, my fingers just know what they are. I wouldn’t be able to tell you what they are, because I don’t remember, but my fingers know.

Muscle memory FTW!

In any case, remembering passwords isn’t so hard even without using mnemonic tricks. Part of the problem is that people have had it drilled into their heads that they should never write down passwords. This is incorrect and harmful to security overall. What people should be told is how to keep passwords safe regardless of the medium they’re stored in.

Jeff Green (profile) says:

Fair is fair

If the student’s name is to be made public for playing a stupid prank then the school principal, the school head of IT and the teacher in question must all be named too so we can see what sort of incompetent idiots are in charge of educating young Americans.
We could then start a couple of watch lists
“People who should never be allowed to teach or work in contact with young people”
“People who must never be allowed to work in any way connected with law enforcement”
This could also be a shot in the arm for the American paper ink and pen manufacturing industries …

LVDave (profile) says:

While we're at it...

You don’t have to have your tin-foil hat on too tight, or hell, even HAVE a tin-foil hat, to realize that this government is working hard to make EVERYBODY a criminal.. With all of the laws/rules, written by unelected bureaucrats, its close to impossible to NOT break some law/rule every day of the year.. No matter how law-abiding you are, I gar-on-tee you you’ve broken *some* law or “rule” every day of your life, and are just lucky some gun-happy LEO hasn’t caught you and put you behind bars.. THAT, Friends, is the aim of our current “government”….

Falindraun (profile) says:

Could have done ?!? Might have done?!?

i could have ran over about a dozen people on my way home from work on friday, but did I? No I didn’t.

If we as Americans were arrested on what we could have done or might have done, then everybody would be in jail. I hope this kid gets a good lawyer and sues the sh*t out of the school district and the sheriff for this misuse and abuse of justice and the law.

Uriel-238 (profile) says:

Re: Not unable. Unwilling.

This is how it works.

If you follow policy then you are not held responsible for the outcome.

If you used discretion, even if it was in good faith (e.g. rational, compassionate or proportionate to the circumstances) then you are held responsible for the outcome, even if the outcome had nothing to do with the decision you made.

In this case, held responsible can be anything from being publicly censured to fired to sued directly by parents or even imprisoned.

So people follow policy because if they have to choose between some other guy’s kid or their own ass, they’re going to cover their own ass. Every. Single. Time.

Anonymous Coward says:

Re: Re: Not unable. Unwilling.

“If you follow policy then you are not held responsible for the outcome.”

In a lot of places and situations, even if you follow policy you will be held responsible for the outcome if a stupid policy backfires. Either way, you loose.

The ones not usually held to any meaningful level of accountability are the ones who make stupid policies in the first place. Sh*t still flows downhill.

Anonymous Coward says:

So, the point is that our Law Enforcement and school officials have sunk to the lowest common denominator. Whatever you do, DON’T THINK! Follow the “rules” exactly and literally. Any deviation will be grounds for dismissal or worse.

Kids? We don’t need no stinkin’ kids. Throw ’em in a concentration camp where they belong.

What’s next? Arresting toddlers in preschool and charging then with felony assault for throwing their sippy cups at another student? Wouldn’t put it past them! Where does it end?

Uriel-238 (profile) says:

The sheriff will exempt himself.

They always do.

Obama believes the drone-strike program and the dragnet surveillance program are both safe while he wisely administrates.

But there were lame-duck bills standing by to curb presidential power if Romney were to get elected.

Ourselves, we are pure and good and incorruptible. It’s the other people we have to watch out for.

Always the other people.

Ole Canadian says:

Thought crimes

I have grown up as a Canadian, smug in the knowledge that ‘we’ Canuk’s were smarter, kinder, more compassionate and sharing [of our tax dollars funding healthcare for all] than our American kin folk down south.

That, is about to end; Comrade Harper , our glorious evangelical [American GOP/tea party inspired] Leader, is about to pass legislative Bill C-51. C-51 will allow our version of the NSA, to ‘interrupt’ the activities/financing/travel/freedoms of anyone who ‘MAY’ commit a criminal/terrorist act. Presently, the threshold stands at ‘likely to’

Amazing, when you realized that presently, peaceful environmental activists, and/or peaceful tar sands demonstrators, are tagged in the same category as domestic jihadi terrorists…

Once C-51 becomes law, our smugness will be wiped from our faces.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...