DISCLAIMER: The content in this article is based on real events, but it is shared solely for educational purposes. My intentions are to provide insights into the consequences of unauthorized activities and the importance of responsible and legal use of technology. I do not encourage any form of hacking, unauthorized access, or other illegal activities.
Back in high school, I was a very curious teenager. In 9th grade, I got the idea to hack my school district server. First, I tried putting a backdoor on the servers with a bad USB loaded with malicious code that I found on the internet. I thought I was being sneaky, planning to insert it into the school’s computer lab. However, little did I know that my plan had a major flaw. The code I had found on the web triggered alarms as soon as the USB was inserted it was detected by the security systems.
The school must have investigated. I’m positive they reviewed the footage from the security cameras and saw me using the same system at the same time the malicious code attempted to run. To make matters worse, the librarian saw me using the same system shortly after the USB incident.
A few days later I got called to the principal’s office, and I found myself in a tight spot. In a desperate attempt to save myself, I claimed that I had found the suspicious USB in the school’s driveway and was just curious about its contents. Surprisingly, they assumed I was just a curious student with no real malicious intent. Perhaps they couldn’t fathom the idea that I was capable of orchestrating it. Lucky for me, they let me off with a warning.
My second attempt was during my senior year. I had evolved from a script kiddie to an okay hacker LOL, instead of using code and tools I found on the internet. I decided to make my own sophisticated tools to exploit the school’s grading system. I used a combination of custom crafted malware and readily available penetration testing tools to exploit vulnerabilities in the school’s outdated software.
I made a custom RAT that allowed me to gain control of a computer within the school’s network. This would allow remote access and control over the compromised system. It gave me an entry point to launch more attacks. I added a keylogger to capture login credentials This is a tool that records keystrokes. I also used a network sniffer to intercept and analyze data traffic it was what allowed me to find a vulnerability within the school’s internal systems.
My plan seemed proof, but the flaw was in the execution and not covering my tracks, like erasing my digital footprint and ensuring intrusion remains undetected, and most importantly I forgot to clean the logs. I’m not really sure but, the school must have implemented an advanced intrusion detection system (IDS) that monitors network activities for any unusual patterns. The IDS detected must have flagged it as abnormal behavior as I attempted to exploit the grading system.
The security systems were triggered, and the school began an investigation. They reviewed logs, network traffic, and security camera footage. They even discovered the specific tools and methods I had employed. The RAT, keylogger, and network sniffer left traces that pointed directly to me. They even had videos of the security cameras capturing me in the act, using my system during the breach. This time, there was no room for explanation. The evidence against me was staggering. I remember the dean came to my class in the last period and called for me. I knew what it was for as soon as he said my name LOL. I was led to the principal’s office. They searched my locker and bag for any contraband. They found my laptop, Wifi adapter, data blocker, bash bunny, and a bad USB I had recently bought from Zsecurity. They seemed to think they were just regular USBs. I was sent home, and My guardian was informed and told to pick me up. I was told I would have a meeting with the superintendent and administrators, who would decide my fate.
In the meeting with the school superintendent and other members, they presented hard evidence of the tools I used and my actions. The severity of the breach, and evidence of repeated attempts to compromise the school’s systems. Luckily it led to the decision to suspend me for only two weeks since it was my senior year and they wanted me to keep up with my academics as a stern warning and a response to protect the integrity of the school’s network. Little did I know that the day I returned from my suspension would be the last time I physically set foot in the school. COVID lockdown had begun and we transitioned to virtual learning.
My hope is that others can learn from my mistakes and understand that hacking, in any form, should only be done legally and ethically. There are numerous opportunities in the field of cybersecurity for individuals with technical skills. It’s crucial to use your knowledge to protect and improve systems, rather than exploit them for personal gain.