For your faithful blogger, Programmer School was a small community college with only two full-time I/T instructors--let's call them "M" and "N." "M" was better geared to teaching actual coding, while "N" mostly concentrated on application-based courses, and was a bang-up administrator for the dept. We were a tight-knit enough tribe that "N" thought nothing of mentioning that "M"'s birthday was the next day.
I happened to have the first class period of the day with "M" that semester. And, by good fortune, the janitorial folks knew us all--particularly the 2nd year students--well enough to trust us after hours in the classrooms/labs. I knew from observation that "M"'s morning routine was to turn on the projector and instructor's
computer, then meander back to his office or chat with students during boot-up. It was the perfect opportunity to pounce.
This was also the era of Windows 95, which didn't support multiple logins. And honestly, the projector-connected instructor's computer at the head of the class didn't have much use for security--anything important like grades would have been on "M"'s office computer.
After hours, I used MS-Paint to make a colourful .BMP file bearing a "Happy Birthday" message and set that as the Windows background image on the instructor's computer. Then I ran down the Beatles' "Happy Birthday" and set the Windows start-up sound to a clip from it. Finally, I powered down and made sure all the other computers in the lab were off (part of our implicit bargain with the cleaning folks) and went home.
The prank worked perfectly. True to form, "M" hit the "on" button and strolled back through the classroom. A collective chuckle at the sight of the desktop background rippled through the classroom. And just as "M" turned back to look at the screen, sound clip made everyone (else) jump a bit. The grin and eye-roll were exactly the payoff I was hoping for.
It's one of my fonder memories of Programmer School. Yet, if this had gone down in Florida instead of Minnesota, pranking "M" could be considered a felony. Why? Because I used a computer to which I was not authorised.
In Florida, a 14 year-old is facing felony charges for changing the desktop background of his teacher's computer. Just like I did to "M" nearly 20 years ago.
It might be tempting to make the argument that, because my background image was amusing rather than potentially offensive, it's not illegal. That argument would be wrongity-wrong-wrong. Because, as the Sheriff's Dept. stresses, it's not about what the student actually did. Or even what he provably had intentions of doing. No, no, no--it's about what he might have done under the lax security conditions.
And that, Gentle Reader--that is one dangerous precedent right there. Like, irradiated city-stomping B-movie monster dangerous.
Cynically, I understand that piling on every possible charge basically amounts to a sandbagging tactic when law enforcement tries to finagle a guilty plea from the suspect. That doesn't make it smart, much less right. Law enforcement in the U.S. already has a huuuuuge PR problem, and this certainly doesn't help.
More significantly, criminalising woefully uninformed, hysterical notions of "hacking" doesn't improve infosec. All it does is shifts responsibility away from companies that should be enforcing strong passwords, multi-factor authentication, and, well, not hiring the kind of moron who clicks URLs in dodgy emails in the first place.
But it's we who should be worried far more. There's a reason that breaking and entering is a separate crime from actual theft (or any other malfeasance one can wreak in another house). Opportunity does not constitute intent.
And we in the I/T community need to step up and hold politicians accountable for perpetuating decades of ignorant, alarmist, knee-jerk legislation/regulation. Seriously, even Hollywood has a better grasp of computers and networking--and that's not exactly pegging the bar high, y'all.
