University thinks I hacked another students account

[blinkMD]

so apparently the school thinks i hacked into another students account and dropped him from his classes. they say that it matches an IP ive used several times.

i told them i wasnt even home or near a computer at the time and provided proof.

i had to do some research myself. im running windows xp, linksys router (no password until recently, after the school charged me), no antivirus software (until recently) all i really do i download torrents and chat online. i told them that someone couldve logged into my router and used the internet and have the same IP address. i dont know how they'll take that?

i tried to tell them my situation and now theyve begun their own investigation. i wanted to know how this would hold up? i told them i would take responsibility for not protecting my router and computer. do they have any basis for finding me guilty for this despite providing proof of being somewhere else?

thanks.

[RoboGeek]

If your IP rotates, they are going to have to PROVE that it was you, sitting in front of your PC at that precise time and doing bad things. To do that they will have to confiscate your computer and do a forensic investigation, inform your ISP and subpoena records to show the IP you were assigned at that time, and find someone to testify that it was indeed you sitting there typing the commands and not just someone using your name/pw.

And if you have a wireless router its going to be very hard for them to prove it wasn't someone just piggybacking on your router (illegally I might add)

Most likely some IT monkey did a quick check of IP's and did that to scare you. If you were really under investigation the last thing they would do is tip you off so you could destroy log files, software, delete emails or convo logs, forum posts, etc. You wouldn't know you were a suspect until your door broke down and they took you and your PC away

[blinkMD]

thanks robogeek.

i just have no idea what's going on and what's going to happen but they threatened a whole bunch of stuff and my main focus is not to have a blemish on my record; being so close to getting into med school.

the wait is killing me because this is decided by one person, and everything is to her discretion.

[Groovicus]

Well, schools have means of appealing unfavorable decisions, so even if the decision goes against you, you will still have that venue. At that point, Robo's assessment of the situation is something you will need to consider when presenting your case to the appeals board.

[stimpy99]

As RoboGeek said - they will have to prove this. In computer forensics this is incredibly difficult - most of the time you can only point out that they were "most likely" to have done this. Accusing you from an IP address in the logs is not evidence that would stand up in court. As RoboGeek said they will have to *PROVE* it was you - I do this for a day job and it is effing hard work to prove *anything* conclusively but show a pattern of usage or habits.

In a work environment we can seize a machine or records at any point as the kit/services belong to th company and you have signed an "acceptable usage policy document". In the "real world" they will have to convince a Judge that they have enough evidence to seize your machine before they can take your machine for forensic examination or get records from your ISP.

Also "heads up" to the person who told you that they are investigating you! Nice ONE - muppet !

[blinkMD]

well, they sent me a letter saying im involved in an incident.

i set up an appointment to see what it is. i go there and they give me a list of things that happened from my IP.

told me to meet up with them at another date.

i met up with the assistant dean and told them i didnt do anything. provided proof. then she said she'll investigate. said "Our IT guys are REALLY good" as if to scare me?

and now here i wait. so it's not like it was a secret they're investigating me.

[stimpy99]

No not a secret but if there IT guys are "really good" why give you the chance to destroy evidence? If you did it - not saying you did or didn't - just get a drive cleaner - Clean Disk Security is a good one - or format your HDD and then run a drive cleaner. They have no evidence from your machine.

When I investigae people - logs are not enough - I have to find the stuff on their machine! They will need a Court Order for that! And they have already let you know?$?$?$!!!

It is like they are saying "Oh we think you are growing weed at home. We are going to bust you on Thursday the 15th on May 2007 - please don't get rid of any evidence before then!"

They need hard evidence and they cannot have it yet. It looks like they are trying to bully you into leaving and just go away - then they have no problem. Get a lawyer dude.

[hax0r26]

The bark is worse than the bite. Seriously. If they don't have any proof or evidence your in the clear. More than likely someone breach your system and used your system to break into another computer making it look like your the culprit instead of the vicitm.

They threatened me with legal action AOL and Juno for some stuff I did back in 97 and 98 again, the bark was worse than bite.

If I was you I wouldnt even sweat it. If you know your stuff your straight dude.

[blinkMD]

is there a website for lawyers specializing in this kind of stuff?

i dont even get how this investigation could still be ongoing; i proved that i wasnt even home! w/ witnesses/documentation. it boggles my mind.

[stimpy99]

[blinkMD]

im from houston,tx

[hax0r26]

Houston Texas? Thats cool. Texas is the home of the players and pimps. Anyways, this might assist you since its attorneys locally in your area.

http://www.lawyers.com/All-Areas-of-Law/Texas/Houston/law-firms.html?ns=y&st=q

or

http://www.lawyers.com/Internet-Law/Texas/Houston/law-firms.html

I am no attorney. However, you have not been charged with any crime yet.

If they can prove your the guilty party they will probably charge you with offenses against computer users & Offenses against computer equipment or supplies & offenses against intellectual property;

Intellectual property = data, programs etc....

It's not like you disclosed any trade secret information.

[blinkMD]

thanks hax0r.

as of right now, based on what robogeek and co have said, i dont think theyre bringing up any criminal charges. im just worried theyll do something that will go on my academic record... which is equally as bad when applying to grad school.

[RoboGeek]

If they put anything on your record, threaten you with any punishment - get a lawyer. They can't just arbitrarily screw your life up like that, and they know it. They will do it as long as they think they can get away with it, but when push comes to shove, they will back down when faced with actually having to prove their case

Hopefully you were not using a firewall and maybe even running some freebie proxy software at the time that might have had a backdoor or forced your machine to become a proxy server. If you were a proxy, anyone could have used your IP

oh.. beware the 'really good' college IT people. That would be really rare. Most schools don't pay well at all, and really good IT people go elsewhere to work. And your typical IT admin type isn't good enough with forensic knowledge to fight their way out of a wet paper bag. They are going to have to have very good logs from multiple devices, showing not only IP's, but MAC addresses - and they are going to have to be perfectly synced time-wise. If a server shows you logged onto a machine at 10am, but the router shows you logged on at 3pm.. good luck in court with that!!

[blinkMD]

what devices would i get these logs with the MAC address? I tried snooping around my router but found nothing related to MAC addresses. would time warner have the MAC address?

[Dan.M]

If I were you I'd turn the investigation back around on them. If they continue with any action against you (even just nagging you) demand to see the evidence they have against you.

* Ask them for the detailed log files linking your IP to the break-in in question.
* Ask them for the complete history of all the machines in question and if they've ever been broken into/compromised before and from where and if any people were previously caught/accused and/or prosecuted successfully.
* Ask them if their machines all have their time synchronized and if so, how they correlate that to the time synchronization at your own ISP (if they even have any).
* Ask them for the application logs within the class scheduling system (if they even keep them). If they can't provide this, ask why. Ask if they even keep logs in this system.
* Ask them why, if their "IT guys are REALLY good", that they don't know that an IP address is not an identity.
* Ask them if their application uses a database, what database (oracle, mysql, db2?), who administers it, and logs from that system as well. Get specific versions of everything (i.e. "You're running a version with 700 known vulnerabilities and you're accusing ME of acting in bad faith?!?")
* Ask them when the last vulnerability assessment and penetration test was run on said compromised system. If they actually had one done (I highly doubt it) ask them for a copy of the report. Ask them if they fixed all the vulnerabilities found (hah!) and if they didn't, how they can accuse anyone of breaking into a system with such vulnerabilities when they know it is so easily compromised and evidence tampered with.
* Ask them to name all the people who have write access to the application, the systems it resides on, and the database (if any) it connects to. Then ask them if they questioned any of those people or investigated them for the said activity.

...and when they realize that accusing you of such nonsense is not worth the hassle you should ask them how they're going to prevent such false accusations in the future!