ADVERTISEMENT
Photo
Kirk Henry
JANESVILLE ? Kirk Henry said voters considering him for the Janesville School Board should focus on the person he has become, not the 17-year-old who four years ago crashed Craig High School’s computer system.
Henry, now 21, is one of six people running for three seats on the school board in the April election.
Henry said he gained access to computer passwords and to the district’s student-information system to warn school officials their system was vulnerable, he said.
The 17-year-old was suspended. Janesville police executed a search warrant on his home and confiscated computer equipment.
Documents filed with the search warrant alleged Henry installed a computer hard drive at Craig. The hard drive contained “software hacker tools� and records belonging to the district, according to court documents.
The district never identified Henry publicly, but officials said the student, who was expelled, had caused intermittent outages of the Craig computer system during a two-week period in fall 2006.
The district said a flood of “data packets� was released into the computer network at Craig through a computer loaded with hacking software, causing the outages.
Henry acknowledged that he was expelled, but he noted he was never arrested, never charged and never prosecuted.
Because he was 17, he could have been charged as an adult.
“I think if they had had a case and could have proved it, they would have charged me,� Henry said.
Henry said voters should consider what he has made of himself since that incident. He has gone to technical college, where he earned academic honors. He now is enrolled at UW-Whitewater. He started his own computer-service business in 2008.
“I think I have changed,� he said.
Henry graduated in 2007 and joined the Army. He fell and fractured his back during basic training, however, and after several months was released with an honorable discharge, he said.
Henry then moved to Fond du Lac and enrolled at Moraine Park Technical College’s computer network specialist program.
Henry was an honors student, a Moraine Park news release indicates. He said he also was inducted into the Phi Theta Kappa honor society and served in the student senate.
“I traveled the state, going to different meetings for technical colleges, representing our school,� Henry said.
Henry said he moved back to Janesville last fall and enrolled a UW-Whitewater. He is thinking about becoming an IT manager or going to grad school.
He supports himself with his business and is a member of the UW-W Collegiate Entrepreneurs Organization, he said.
Henry said he was never malicious in what he did with the Craig computer system and was only trying to show the system’s vulnerability.
“I’m a very honest man. I didn’t want a bad person to come along … like a hacker,� he said.
The student’s attorney in 2006 told the Gazette the student technically didn’t hack into the computer system and had no malicious intent.
For seven days in 2006, “teachers were unable to teach, and students were unable to attend classes reliant on this technology. Staff who rely on this technology were unable to perform portions of their work …� the district said in a written statement.
The district said it was unaware of any lost data, unauthorized changes to teacher or student passwords or to grades or any other student records during the interruptions.
Henry said when he discovered he could gain access to restricted areas of the computer system, he talked to a district official, who encouraged him to discuss his concerns.
But nothing was done to protect the system, Henry said, and eventually officials took action against him.
“They looked at me as a threat. I was in there to help them. I was there to show them that, hey, there’s a problem that should be fixed,� Henry said.
Eventually, “I was getting so much information that the network started collapsing,� Henry said.
Henry said if officials had heeded his warnings, they could have avoided the problems that came to light after an unrelated computer virus attack in 2008.
In the aftermath of the 2008 disruptions, officials admitted they had taken a “minimalist� approach to maintaining the computer system.
The district has since upgraded its system at considerable expense.
“They could’ve saved themselves a lot of money if they had listened to what I told them,� Henry said.
Steve Schlomann, who worked on the upgrade and now manages the computer system, said the system is much more secure today than it was back then.
If elected to the school board, Henry would have limited access to the district’s computers.
Schlomann said board members each have a district e-mail account. Board members also have limited access to the district’s computer system during school board meetings, when they are given laptops to access documents for that meeting. Those laptops also have Internet access, but the rest of the district’s system is sealed off, Schlomann said.
Schlomann said any system can be hacked, given enough knowledge and time. That’s why buildings are locked and computers have safeguards, he said.
Schlomann said it’s possible the school board could ask for more access to the district’s system, but that hasn’t happened.
Article source: http://gazettextra.com/news/2011/jan/14/janesville-school-board-candidate-was-expelled-stu/
Category: Vulnerabilities/Exploits