Schoolboy hacker Omar Khan who upped his grades faces 38 years in jail

Wow, I hacked into my Catholic High School and changed grades and got a slap on the wrist, all I had to do was write a statement of how I got in so they could secure the network. Wow, that is some years....

You'd think the normal punishment for something like that would just be expulsion in the county or maybe even state, but come on, 38 years in prison? That is actually more than some people get for armed robbery. Its not like he hacked the school's system to release a deadly gas that kills everyone in the school. He changed his grades, that should just be punishable by throwing out the said student.

I've got another spin on this. Perhaps longer sentences for hackers are being handed out to keep them out of the public. Think about it for a sec - the media will publish the story one way or the other, so everyone knows now that the kid is smart. In jail, a terrorist won't solicit this kid to come work for his cause to hack into systems that might cause a national security breach.

38 years is way disproportioned . I guess it is excess of force used instead proper IT security system. Much cheaper...

Try and apply some common sense here.

That law is designed to provide a range of sentencing for everything from a hacker trying to get personal financial details, to Abdul the terrorist trying to get nuclear weapons release codes.

This kid will get a suspended sentence, a fine, and a very promising career after college.

What I want to know is how did someone this capable get "F" grades in the first place. You have to be a complete moron to score below a C these days.

reply to post by sos37


Awesome....now everyone who breaks a law is a G.D. TERRORIST!

This is exactly what the goal was from the start.....
Divide and conquer.

No way should he be put in prison that long!! Not even a year in my opinion.

Damn there are so many big criminals out there, but all I see is police targeting the "easy" ones.

Originally posted by Retseh


What I want to know is how did someone this capable get "F" grades in the first place. You have to be a complete moron to score below a C these days.

Life problems, school problems, bad teachers, teachers leaving at bad times, depression etc etc

I got $20 that says the way the kid "hacked" the computer was by looking for a password some secretary wrote down on a post-it note.

Any takers?

reply to post by sir_chancealot


ha ha, you probably are right, and that administrator had admin access to the entire server.

I agree that this is a rediculous sentence, although some form of punishment should be allowed, this is not the right answer.

When I was thirteen years old about, I was really into the black hat cracking scene. I was well versed in most distributions of UNIX, a solid knowledge programming in C, perl, and some assembly, and found my way in and out of many high profile servers - sadly, I was caught scanning class B addresses for OS detection and services before it was legal, but was too young to do anything about it and recieved a slap on the wrist. When I was in secondary school after high school, I dusted off some old techniques for fun and to show a friend how easy it was. With a spoofed MAC/IP address and some ARP poisioning, I setup a packet sniffer on my box that was spoofed to be recognized as the domain controller and collected logins and passwords as they were typed in plain text, no encryption. Sadly, they knew something was up when the network was unresponsive due to traffic being routed to my box instead of the actual domain controller, and I ate the consequences - another slap on the wrist. Although, it was serious enough that I could have been kicked out if I wasnt so liked by the teachers and because I was actually using it to prove a point, not for negative reasons.

These days basically, you can give anyone the latest zero day and they dont even need any of that knowledge to crack a server, pretty much $ ./hack and you end up with a sexy root shell from a remote connection. Anyone can do it. This could have been a kid who wasnt really thinking how serious what he was doing really was, because when you are doing such things online, it seems very akin to a game - whereas I would never, ever break into a house - I would break into hundreds of systems a week without a care in the world - you dont really notice the seriousness of the situation due to the way its being carried out and the simplicity.

Sadly, he did what he did and I am sure he knew the risks. I do not think however he expected to get close to fourty years - probably expected just to get failing grades, which he was getting anyway, so why not. He will probably get a minimal sentence and be barred from using the internet or any capable device for a long time - If he had any interest in going into computer science, his dreams are gone now.

Cracking for malicious reasons is a very dangerous thing, and can cripple a network easilly if you type the wrong command, or enter a wrong argument to a command. I really hope he doesnt get such a harsh sentence but I also hope he learned his lesson and from now on will use his knowledge to benefit others. He could have told the network administrator about the security vulnerability and even though it diddnt change his grades, which he gave himself, he could have shown some true character.



[edit on 20-6-2008 by deadline527]

[edit on 20-6-2008 by deadline527]

Personally, i think hackers are usually pretty smart.

38 years? Dude the Guinness world record book said the longest ever was 7 years for hacking.

Why don't the stupid ass police catch those identity thieves and scammers that actually ruin the lives of others? This situation is plain, gay as teens would call it.

38 years!?! For hacking a collage for his OWN grades!? A CRIME!?! Thats like me going out in my front yard and taking a crap on it and get sent to jail for life! I guess they like to take it all out on the people they can catch for the people they cant. Pathetic.

[edit on 20-6-2008 by CloakATS]

He changed his grades, yes. But, also changed other students grades as well.

Also, he could have copied test answers to quizzes or even finals without using anything such as ftp, http, wget, or any other file transfer protocol - so they would have no proof to that. It is very hard to trace the steps of someone who knows what he is doing, obviously he diddnt, but he may have done things they have not caught.

If he set up suid root binarys, trojaned protocols such as telnetd to record logins and passwords, keyloggers that do not show up in a ps listing, packet sniffers to aid in gathering information... the list can go on and on. He may have told others how to gain access as well, which makes the problem that much worse.

There is a lot he could have done without them figuring it out, and because of that they must treat the situation as if he did do them things. Usually this requires a total revamp of the operating system, security protocols, as well as adding more security measures and possibly intrusion detection systems. This all costs time, money, and resources which I believe he should have to pay for.

Overturn that stupid 38 year sentence and instead make him pay for damages, remove his ability to use the internet for a few years, and charge him with something but not so serious. He made a mistake, and I do believe he should pay for it - but what they are trying to give him is much too excessive. That is unless somehow by him cracking the network he caused the death of two children and their pet dog.

Originally posted by Retseh

What I want to know is how did someone this capable get "F" grades in the first place. You have to be a complete moron to score below a C these days.

It says he was given the F as he was suspected of cheating.


I think the problem these days is that life and people have no value anymore, only money and material goods have value.

It's obvious in the ridiculous discrepency between lengths of sentence for financial crimes, fraud, crimes against property etc and crimes against the person.
There is too much fear of dirty secrets being exposed to tolerate computer hackers and the like.

Here in the UK there has been the most atrociously short sentences given, for example, 2 or 3 years for raping and photographing a tiny baby, 11 years for repeated serious child rapes, even murderers are not given such severe sentences as this young man. I know he will probably not serve anywhere near that long but neither will the truly dangerous and evil people.

I wonder how much worse it can get

Originally posted by deadline527

Overturn that stupid 38 year sentence and instead make him pay for damages, remove his ability to use the internet for a few years, and charge him with something but not so serious. He made a mistake, and I do believe he should pay for it - but what they are trying to give him is much too excessive. That is unless somehow by him cracking the network he caused the death of two children and their pet dog.

I agree this is exactly the severity of punishment that would be fair, I'm sure he would feel it as reasonable punishment and not an easy option.

You know, people arguing the merits of penalizing criminals, and for how long, is EXACTLY why we are in the position where rapists and murderers get 5-8 years. This "kid" perpetrated a crime that I have been a victim of as well. Let me tell you, if I had gotten my hands on the hacker who ruined my life.... he would have hoped for prison.

STOP DEFENDING BLATANT CRIMINALS ATS!

Originally posted by jasonjnelson
You know, people arguing the merits of penalizing criminals, and for how long, is EXACTLY why we are in the position where rapists and murderers get 5-8 years. This "kid" perpetrated a crime that I have been a victim of as well. Let me tell you, if I had gotten my hands on the hacker who ruined my life.... he would have hoped for prison.

STOP DEFENDING BLATANT CRIMINALS ATS!

Did this kid ruin anyones life? Did he try to steal any identities?

Obviously you have no idea how easy it is to crack a server. I can send you a zero day and with ONE COMMAND you now have a root shell on the server, complete access and it took you less then thirty seconds.

Read my post a few posts above this. When someone is hacking on the internet, it does not seem like you are committing a crime, you are not hurting anyone, and it almost feels like a game. I can see very easily how a student can get caught up in the whole "glamor" of being a hacker and with how easy it is sometimes to gain access to a server, they don't really take into consideration what they are actually doing.

Typing one command on your computer does not seem akin to kicking down a door, ransacking the house looking for a grade book, erasing the current grades and putting in your own, and leaving the house in a mess.

If a teacher left the door to the classroom open, and the child walked in and changed the grade - that is exactly the same as what he did, just he did it on a computer.

This kid needs to be taught a lesson, not forfeit the rest of his life for a stupid mistake.

[edit on 20-6-2008 by deadline527]

reply to post by jasonjnelson


I'm not defending this guy, no way! but there has to be some common-sense used here. How does discussing sentencing result in rapists and murderers getting short sentences?
If the right people got short sentences there would be more room in prisons for the really dangerous criminals.

reply to post by deadline527


Seriously? Did you not read the poster who pointed out the affect this has on other kids in that school? It is an elite school, Ivy leagues will take note.

And why do you all sit here and defend something you know is wrong?

So you can hack my #, so what?

Is that meant to be a threat?

What if I broke into your house? Burned your passport, all your ID's, took ALL your money and then ruined your credit while buying electronics with your future earnings? And then fried your PC to boot.

You say this kid hurt no one? What about the kids that are all MESSED UP in these schools, because they want to make something of their lives, and they spend all 4 years of high school, studying their butts off, (you cannot place a value on that time) Only to have this punk STEAl the same grades they earned. And when he is caught, ALL of YOUR HARD WORK is now thrown into question!

Are you with the same group that thinks high school bullies build character, and parents shouldn't swat their kids?

He will never, ever get the time sentenced.
But I will bring up this point. How many kids did the Record companies have to go after to stop most casual illegal downloads?

How many kids will learn from this selfish idiot?

Stop making excuses for the losers that populate this country. What he did was selfish, and wrong, and he knew it. His history shows his level of respect for authority.

You cheer him, when he has shown you that when he is older, he could do far, far worse.