Uni student cuffed for 'hacking professor's PC to change his grades' A student at Kennesaw State University in Georgia is accused of hacking into his professor's computer to improve his grades. Chase Arthur Hughes, 19, was arrested and charged this week after allegedly raiding the university's computers in May. The teen made a number of alterations to his grades, and those of his friends, for …
That's just the maximum sentence under the class of felony he was charged. There are other offenses covered under that same felony class that are much worse, that might rate a 15 year sentence, but he won't.
If they didn't have offenses that are defined as "class C felony" or whatever they'd have to create separate sentencing guidelines for each one and that would be a lot more difficult to manage. Even then, if the crime was defined as "gaining unauthorized access to a computer for the purpose of committing fraud", it could also cover breaking into a bank computer and stealing $10 million, or planting evidence of child pornography to try to get someone they don't like sent to prison so even if that crime had its own specific guidelines it might still say "up to 15 years".
You could prevent that by having a law specifically for breaking into a computer to change your grades, but if you are going to write laws that narrowly, we'd need a whole library just to hold all the books for the laws in a single state!
You could prevent that by having a law specifically for breaking into a computer to change your grades, but if you are going to write laws that narrowly, we'd need a whole library just to hold all the books for the laws in a single state!
No need - the judge could decide to be lenient, after all, they to let someone off with a mild slap on the wrist for rape. I guess the chap is not as "promising" (as in "has rich parents who can sponsor the required officials").
That said, the legal system has to ensure it has work in the future too, of course. By effectively destroying the kid's life for what would in earlier days saw them punished in house or at best booted out of the school, they assure he'll only ever be able to support himself with crime, which means more arrests, more state payment for keeping him in privatised jail, more lawyer fees earned etc etc. It's all rather well planned out - profit must be made, ruining lives in the process is "just collateral damage".
It does, of course, do away with any sense of justice, but as far as I can tell they've stopped keeping up that myth quite a while back, around the time the first LEO got away with killing an unarmed man.
Yeah, he could have kicked the shit out of an Uber driver instead and got a slap on the wrist, but, instead, he showed how vulnerable our computer systems still are and for that our Corporate Masters demand that he deserves to have the book thrown at him...
... It might have been that other 80s film with school computer hacking.
My preferred explanation is that they let him go for reasons of cover-up. A trial, prosecution and imprisonment would have meant risking the world finding out how close they came to WW3, and the embarrassment of national security being compromised by a teenager. So they let him go, with the warning that if the government ever catches him trying to pull a stunt like that again he won't get a trial, he'll just join the list of unsolved murder cases.
Der Dimbulb is classic PHB material. Grade changes are monitored and not that common. You might have enough to get need two hands to count for the entire year. So the professor will know who he sent in a grade change for. (I taught at KSU many years ago).
Changing a grade from a B to an A, or a C to a B, might go unnoticed. Might. It's a big risk, because there's a good chance the professor will look at it and recall that isn't the grade he gave, and it won't match up with paper records. That's even if they don't have electronic audit.
But F to an A? You're going to get caught.
Journalists love to use the word "hack" as often as possible. You can just picture him typing furiously as the 0s and 1s fall down the screen. Next he's flying through a Doom-like maze. Then you see a brick wall on fire, which finally tumbles as he ceases typing and announces in a deep voice: "I'm in."
Another article mentioned that he had a professor's login credentials as well as those of 26 others in a notebook found at his house. That tells me he probably used a keylogger, as no system keeps a plaintext list of logins and passwords ready to grab.
So, he found a USB keylogger online and used it. That is hardly "hacking" by any stretch. If he was worth anything at all he would have done it from open wifi from somewhere (not his girlfriend's ISP like he used) and they would have zero evidence on him.
Journalists love to use the word "hack" as often as possible. You can just picture him typing furiously as the 0s and 1s fall down the screen. Next he's flying through a Doom-like maze. Then you see a brick wall on fire, which finally tumbles as he ceases typing and announces in a deep voice: "I'm in."
Yes, the reality is different :). I just think it's getting a bit stupid to call in the police for things like that.
It's admittedly quite a while back, but if I had pulled a stunt like that at my school it would have been suspension or something - they would never have called the police because that would suggest they were not able to control their own affairs. The first question I would have is how this person was able to gain access - it's not hard to work out that curious students will try just about anything, with or without malicious intent.
The extreme reaction does have a whiff of a negligence coverup about it.
"I just think it's getting a bit stupid to call in the police for things like that.
It's admittedly quite a while back, but if I had pulled a stunt like that at my school it would have been suspension or something - they would never have called the police because that would suggest they were not able to control their own affairs"
You just answered your own question. If they don't call in the police for something like this, when it happens again, or something worse, or someone sues over something similar, then all past incidents get dragged up and it needs to be demonstrated that all those previous incidents were handled "properly" in ways where lawyers can't use it against them.
Back in the days when a detention or suspension could have handled this sort of incident, schools being sued was a rarity.
"After his arrest, investigators found the usernames and passwords for at least 36 faculty members in a notebook stored at his home, we're told."
No matter how he got those passwords (shoulder surfing, plaintext in the system, keylogger, postit notes under the keyboard), it shows that security is incredibly lax.
It's not just the kid who needs a good kicking (being a business major, he's demonstrated exactly WHY he should be unemployable). The problem is that there are no penalties for careless operation of a computer network.
Of course he might be innocent.
The really clever hacker has no problem getting straight A's but might have had to put a little bit of effort into planting the evidence on his enemy's laptop and bouncing the obvious grade boosting hack via the vulnerable wifi router/printer/tv/toaster of the target's girlfriend.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
