File Server Security?

[HardWareGuru]

ok here is what has happend to me in the last few days and I want to know if I in anyway broke the law or are grounds for Termination.

I work at my highshool as an IT guy, I am smarter and know more about the school network then anyone includeing my bosses. I however had a case of badjudgement when in a class I was browseing the file Server which is open to public access (There is no Password needed and the security setting is not restricted.) I found a paper on the Server that had all the answers to my current assignment. I took the paper and "Slightly Modifed some answers on it" and turned it in. I was caught for cheating which I can understand. It was a extremely badjudgement to plagerise. I was given a Saterday school so I thought that would be the end of it. However later in the day I was called to the office and there I see my boss with a pissed off look and I am wondering what did I do ? I was fired from my job on the spot for missuesing the school network and my accounnt (not administor or anything just a basic citrix acount I got onto the fileserver with was taken away) This preventing me from being able to compleate school work. I was told that I was fired because I missuesd the school network. I do not belive that I missued the network The information was on a public server into witch means all information on it is "Open to the knowledge or judgment of all" do you think that since i cheated in school I should be penilized. ? I am going to tell you everything I just said maybe confuseing so I am going to add in a letter after the fact I sent to my Ex-boss.

To Whom It May Concern:
When you first hired me for the school, I felt privileged, privileged for a chance to apply the skills that teachers, mentors, and well just the internet taught me. I know that highschool is made to prepare you for the real world and I do see a sort of mini society inside it. People continue on with their lives, they learn, they are taught and of course educated; At least that’s supposed to be the idea. Everyday you learn something new, whether it be in highschool or everyday life. I don’t feel as if I should tell you what I learn day by day, but I thought someone might be interested in hearing this. If one is accused of something don’t you think there should just be more than accusations that back up ones decisions? I know I cheated, but that was during school and for a class.
I, in no way abused the privileges that were given to me through my job to benefit my schoolwork. The file server that I found the documents on was in fact a public file server. Public is defined as “Open to the knowledge or judgment of all.” If they were somewhere else, say somewhere that only a person with my job would have access too then I would understand your concerns, but you just as well as every other student in this school had access to the files concerned. When you interviewed me you asked what I thought about trustworthiness, well to fire someone based on speculation and hearsay doesn’t exactly define what I would want an employer later on in life to abide and follow by. If anyone has answered what can be defined as trustworthiness it has been you with this latest incident. I was told upon my termination that I had other accounts of me committing malicious acts or wrong doings which was also weighted in your decision to let me go. If this is true, under the Freedom of Information Act passed by congress in 1966 I am to be given access to view these statements and amend them at my disgression if they are considered inaccurate or inconclusive in any way. High school has taught me a lot lately, but so has the internet, with this I’ll close the letter asking you if the power of one person can influence someone to make rash decisions, then what about the power of many?

then a list of 50 signitures that agreed with my view point that school should be in no way related to work.

[HardWareGuru]

I posted this hear because I know that most scripters know more about what is considered illigal. I do not think what I did was hacking mostly because I am no were near the knowlage needed to hack through server security. I just want to know what the most experinced computer users think. I know that cheating is wrong and what I did was wrong but I also belive that I took Double Jepordy for what I did. because If I was a normal student I would have not lost my job at Mcdonlds or whatever. Because I never broke into the network I did not load the file of information onto the server and did not know about it untill I found it in school under a student account.

[biosx]

A similiar situation happened when I was in high school.. If you don't want to read the story, just skip to the last paragraph...

// ------------- Beginning of Story ------------------
It was like 5 of us and we were in a Pascal/C++ class together. A couple of us would browse the network and we eventually found some things that were wide open on the network. I wasn't really interested in it, but 2 of my friends took high interest and spent alot of their lunch time in labs and such just messing around. It wasn't long before they found a couple database files full of information. They waited for programming class to show us all. It was alot of information. Names, addresses, phone numbers, and id #'s of basically everybody in the school.

Afraid that they would lose their time window on the file, one of them asked to go to the bathroom and went to the a/v room asking for 2 floppy disks (we had to get them from here to assure a virus free, pre-formatted disk; so it wasn't that unusual for them to have people ask for floppies). He came back down and copied the db files to the floppies and sighed in relief. He handed one to a friend and kept one for himself. For the rest of the hour in class he (and basically the other 4 of us) had this aura of cocky relaxation. Our programming teacher noticed right away. He saw the floppy and immediatley took it. He told us that he didn't know what was on it but he would find out. He went to the a/v office and told them what happened. The kid who got the disk taken away was kicked out of the class, given a Saturday school, and was eventually suspended for a week. He was also going to be put on a board to be expelled b/c he had been suspended a couple of times before and he met the criteria for expulsion. That eventually died down and he never even went to the board.
// ------------- End of Story ------------------

Well, all in all, it breaks down like this. You usually sign a computer contract when you are in a computer lab. If you violate this, you usually get kicked out of the class and receive other punishment. If you don't have this contract, it is usually implied or written someplace where it is seen by all. They make it clear that if you mess up, you are screwed.

No offense, but if you knew what you were doing was wrong why are you surprised that you got caught and were punished? Also, how could you get caught so easily, lol Did you just print out the file and write your name at the top?

I don't know. It just sounds like you are trying to deflect the blame onto somebody else.

[biosx]

Originally posted by HardWareGuru
I posted this hear because I know that most scripters know more about what is considered illigal.

Did you mean to say "lawyers" when you said "scripters" b/c most of the Perl mongers I know don't even know their own civil liberties.

[e_dawg]

Originally posted by biosx


Did you mean to say "lawyers" when you said "scripters" b/c most of the Perl mongers I know don't even know their own civil liberties.

Most real geeks know their personal liberties and are very seriously opposed to civil liberties...

Some of us do know what is legal and what is not in this realm from working in the biz. I am not up on the network end of it, but technically, regardless of ease of access (including if you are given a password), at least in the US, it is illegal to obtain data and programs without the permission of the author, as well as illegal to modify or delete data that is owned by someone else. I came in contact with this a few weeks ago when a company I did some contract work for had their site vandalized by a disgrunted former employee. It was foolish of them to leave the password the same, however, that didn't make it legal.

Therefore, you're lucky they didn't file charges against you for gaining access to data you were not allowed to and exploting network resources you were not given permission to.

[Begby]

I agree with e_dawg, you are lucky you didn't get in more trouble.

Its like if someone left a copy of the answers on a desk, and there were no teachers standing around guarding it. Would it be wrong for you to look at the answers? Would it be breaking the rules? If you did break the rules and looked at the answers on the desk would it be the fault of the teachers for leaving the answers unprotected? In my opinion, it would most certainly be wrong and breaking the rules. Also, it wouldn't be the fault of the teacher's since its assumed that the students should be trustworthy and know better.

I think the burden should ultimately be placed on your own shoulders as an employee or student. As an IT employee you were in a position where you needed to show a lot of responsibility and trustworthiness so you should be held to higher standards as well.

So not to sound like a jerk or anything, but I think that you should just take this as a life lesson and move on. Just be glad they didn't call the police, prosecuters have a lot of laws they can pull out of the closet when it comes to computer crime nowadays.