From Hacker to Employee: How My High School’s Network Shenanigans Landed Me My First Job

If you’ve been following my blog for a while, you’ve probably come across some of my high school escapades. From challenging social norms to orchestrating elaborate pranks, I was constantly pushing the boundaries of acceptability.

I had a mischievous streak, and my antics ranged from flying under the radar to leaving the school administration scratching their heads without any concrete evidence to pin on me. Whether it was covering my tracks with precision or simply evading detection, I was always up for a challenge.

Back then, numerous schools and large corporations relied on Novell NetWare to manage various network functions. Comparable to later Microsoft server products, NetWare handled tasks like user directories, internal messaging, file sharing, and user permissions within the network infrastructure.

This system proved beneficial for both users and administrators alike. It facilitated seamless file sharing among users, enabling quick messaging within the network, and allowed for easy access to shared files without the hassle of constant permissions or authentication. In high school, every student and teacher had their unique username and password, used during computer login to authenticate with NetWare, which then managed permissions and granted access to resources. To simplify matters, elementary and middle school students in our school corporation used a generic login, sparing them the need to remember individual credentials.

I vividly recall stumbling upon the capability to send messages to fellow logged-in users through Novell, essentially granting us an almost clandestine instant messaging system at school. This feature was particularly handy in the library, where we could discreetly converse without uttering a word aloud. Whether we wanted to gossip or simply keep our conversations private, Novell provided us with a convenient means of communication right at our fingertips.

Back then, popular messenger applications like AOL Instant Messenger or MSN Messenger were off-limits on the school network—they were blocked at the network level. Even attempting to download them proved futile; their web addresses were filtered out, preventing access. Undeterred, I tried to sidestep these barriers by bringing the programs on a flash drive, only to find that the network had blocked the specific ports they used, rendering them unusable.

I had already gained a reputation as the go-to person whenever something tech-related went awry. Teachers would often bypass the central office’s help desk and reach out to me directly when they encountered issues with classroom technology. It wasn’t uncommon for me to find myself troubleshooting computers or printers during class time.

Outside of school, my friends frequently sought my assistance with their home computers, and I even made house calls to teachers’ homes to address tech problems. This earned me the unofficial title of the school’s resident computer whiz. Despite the relatively small size of our school, word had spread about my expertise, especially after I wrote an eBook on navigating Windows XP, which was all the rage at the time.

Seemingly word that I was helping around the school did start to reach the central office and I am sure that they were slightly annoyed because the help desk was being passed a bit. At the time I didn’t understand why they’d feel that way as I was just trying to be helpful but as I’ve aged I realize how that likely impacts ticket responses and justifications for the department budget amongst other things, not to mention controls on who handles what.

Once I had delved into Novell NetWare and grasped its intricacies through my own exploration, I began delving into educational resources during my free time to deepen my understanding of its workings and administration. It was during this period that I discovered the ability not only to map shared folders and drives but also to use symbolic links to reference files in other locations.

For instance, the dictionary files used by applications like Microsoft Word were stored locally, but I learned how to configure them to be referenced from different locations upon login. This knowledge sparked an idea for a prank, one that I naively believed wouldn’t backfire.

I discovered that the file permissions for one particular file were quite lenient, allowing any user with the right knowledge to write to it. While security through obscurity is generally discouraged, lax permissions on this file were a reality, likely for the sake of convenience. With this in mind, I seized an opportunity one day in the library by logging in with an account typically used by elementary school users, rather than my own.

Uncertain about how to proceed with this account, I began exploring its file permissions and the extent of its modification rights. Compared to our high school-issued accounts, the security privileges were notably lax. This wasn’t surprising, as it was unlikely that elementary school students would be engaging in unauthorized computer activities (though I certainly would have).

After logging out, I headed to my next class, my mind buzzing with the possibilities of this newfound access. I entertained thoughts of pulling a prank, leaving my mark in some way. However, as I pondered further, I realized the importance of covering my tracks if I were to engage in any mischief. I couldn’t risk jeopardizing my standing at school—I’d already skirted suspension or expulsion for my past antics. Deep down, I knew I didn’t want to cause harm to anyone.

As the day wore on, a mischievous impulse took hold of me. By lunchtime, I found myself sneaking down to the library, a place where the risk of being traced back was considerably lower. Although there was a sign-in sheet, I typically avoided signing in. Surprisingly, no one ever questioned me about it. Occasionally, to maintain appearances, I’d sign in, but more often than not, I relied on my stash of forged passes to slip away from class and indulge in some internet browsing at the library.

I settled in at a computer tucked away from prying eyes, logging in with the elementary school credentials. Making my way to the Microsoft Word Dictionary files, I found myself in a folder that allowed editing privileges for this user account. This meant any changes I made would be propagated to every user.

Contemplating my next move, I realized I needed to select a word so ubiquitous that it would undoubtedly appear in every document. After some thought, I decided on the word ‘the’ and planned to replace it with something attention-grabbing. Though uncertain about the replacement word, I knew a swear word would certainly raise some eyebrows.

I made my selection and put it in the file and saved it. I immediately logged out of the elementary student account, got up, pretended to search for a book in the card catalog (remember those?) and made my way to another computer and logged in to my own account and opened up a very educational looking Word document and typed to see if my change had worked and propagated.

I was ecstatic to see that my prank had worked flawlessly, but I knew I couldn’t leave it up for long. Swiftly, I removed the alteration and nonchalantly opened a browser to maintain my innocent facade. With half of my lunch break already gone and the prank live for about five minutes, I anxiously awaited any reaction.

As the lunch period drew to a close, I reluctantly left the library, heading off to my next class. Despite my hunger, I felt the sacrifice of food was a small price to pay for the thrill of pulling off the prank.

After my class concluded, I made a spur-of-the-moment decision to skip the next one and head back to the library. Armed with a forged pass, I smoothly made my way out of class and back to the familiar surroundings of the library.

Once there, I discreetly settled at a different computer, trying to blend in with the bustling atmosphere. In the midst of my mischief, I overheard the librarians discussing a computer glitch and efforts to rectify it, which seemed to be progressing well.

Taking precautions, I opted for a shared machine, refrained from signing in, and used a generic account. Yet, lurking in the back of my mind was the realization that if the central office deemed it necessary, they could trace the IP address and potentially identify the culprit. It was a risky game.

Suddenly, the shrill ring of the library phone shattered the tense silence. The head librarian’s concerned tone filled the room as she scanned the area, her gaze landing squarely on me. In that moment, I realized my fatal error – like a classic criminal blunder, I had returned to the scene of the crime.

As I observed her, she mentioned on the phone that she wasn’t sure who was in the library at the time but could check the sign-in sheet to verify. I realized she must have noticed me earlier because we had made eye contact, and she was well aware of who I was. I frequently skipped class using one of my forged passes and often assisted in checking in the stacks of returned books while browsing the internet.

She hung up the phone, grabbed the sign-in sheet, and began examining it. She then turned to the other librarian, who had been at the elementary school when this issue with the swear words in Microsoft Word first surfaced, and asked if she was aware of the problem. The other librarian confirmed that she knew about it but reassured her that it would be resolved quickly. Feeling nervous, I decided to log out of the computer and sign out on the sheet that had been returned to the front desk.

As I approached the desk to sign out, she looked directly at me and asked if I had encountered any unusual swear words while using Microsoft Word. I could tell she was probing for information and that she might have known I was involved but was possibly covering for me.

She made a point to discuss with the other librarian how awful it was that young children had to see those messages. She admitted it was funny, but emphasized that the impact on the younger students was far from desirable, and whoever did it should have considered that. I understood her message clearly.

I left the library and returned to class. No one ever confronted me about the incident, but I suspected that the people in charge were well aware it was me. They couldn’t directly prove it, and they probably knew I wouldn’t admit to it either.

A few weeks later, while I was helping a teacher with some computer issues, the technology coordinator from the school corporation’s central office called. The teacher explained that I was assisting with the issue, and the coordinator asked to speak with me.

I answered the phone and the coordinator asked if I could stop by the central office after school. Since I drove past it every day on my way home, I agreed.

For a brief moment, I panicked, thinking the coordinator had caught me in one of my many shenanigans on the school computers. However, I realized they would likely pull me directly into the office during the school day if it were something serious, rather than asking me to stop by after school.

At the end of the school day, I usually either rushed to my car to be one of the first off the property to avoid traffic, or I stayed back, passing the time by talking to my favorite teachers and helping them clean up their rooms. On this particular day, I left as quickly as possible to get to the office. It was less than a mile away, so the drive was quick.

When I arrived, the receptionist greeted me, and I informed her that I was there to see the tech coordinator. She made a call, and a few minutes later, he came to the front and asked me to follow him to his office.

As we walked down the hallway, he introduced me to various staff members, including the business director, the superintendent, and other employees. Eventually, we reached his office at the back of the building. It was a decently sized space, cluttered with computers, hardware, and ongoing projects.

He sat at his desk and directed me to sit at a nearby desk with a laptop displaying a Netware login screen. He then asked me to log in to an account with elevated privileges. I hesitated, unsure of what he meant, but he clarified that he wanted to see an account I had access to that had more privileges than my own.

Previously, I had given myself elevated privileges on the network during a keyboarding class, and I had also used a teacher’s account to change other students’ grades in exchange for favors like parking spots. I didn’t charge money, just asked for favors.

I asked him what level of privileges he wanted to see. He specified an account that could write in the STAFF folders. Instead of using the teacher’s account, I logged into my own school-issued account, navigated to the STAFF folder, and saved a file called IAMHERE.txt in another staff member’s directory.

He asked me to confirm which account I used. Knowing he could see the file properties, I confirmed it was my own account, feeling this was some sort of test and not wanting to compromise the teacher’s account just yet.

He then asked me to log out and log back in again to try changing the file name. I did as he instructed.

I was unable to change the file name as he had reverted my security level to that of an average student. I knew I could later use the compromised teacher account, whose password was carelessly left on a post-it note, to regain those privileges.

He reminded me that each student signs an acceptable use policy and that I was in violation, which could result in losing my account privileges altogether. I sheepishly explained that losing access would make it difficult for me to do homework at school and access resources. He pointed out that the library had books and that homework could always be done at home. While he had a valid point, I knew I wasn’t going to change my ways, and I suspect he knew it too.

He asked me to log out of my account and then revealed he had checked the logs to see how I had gained such privileges. He wasn’t sure if he needed to speak with the teacher whose account I had compromised. He was concerned that teachers might inadvertently escalate my privileges when I helped them.

To avoid the teacher facing disciplinary action, I explained how I had obtained her account information. The tech coordinator laughed about the post-it note with the password, acknowledging that clever students could figure it out. He said he’d send a district-wide email reminding staff not to leave passwords lying around.

We shared a laugh about the situation, and then he leaned in closer, offering me a challenge: regain those privileges because he’d be watching my account closely. As long as I did nothing but modify the IAMHERE.txt file, we could discuss further opportunities. I accepted the challenge and left.

The next day, a teacher asked for help installing a program. Remembering the acceptable use policy, I knew this was a violation but agreed to help. The teacher had some local administrator access, so I attempted to overwrite a file downloaded upon login to include the executable name but failed. Then I realized I could rename the installer to something on the approved list, which worked.

As the installation completed, the teacher looked away, and I used his account to give myself write access to his directory. Although I couldn’t write to the STAFF directory, I could write to his folder under it. I logged out and back in as myself to verify the installation and created a new IAMHERE.txt file in his folder.

During lunch, I heard my name called over the intercom and was told to call the central office to speak with the tech coordinator. Finding an unguarded phone, I dialed his extension. He noted my location and acknowledged that I had written to the directory.

He sighed in frustration, mentioning he had sent a security email to the staff that morning. He asked me to stop by the central office again that evening, and I agreed.

When I later arrived at the school district central office, I asked for the technology coordinator at the front desk and was told to go ahead and make my way back to his office. I made sure to greet each person I had met the day before by name as I passed them. When I reached his office, I knocked on his open door, and he asked me to take a seat.

He immediately let me know that, while I hadn’t written to the topmost folder, he could see I was a determined student in how I used the network. I laughed at this, and he then asked if I knew anything about the previous incident with the dictionary files. I denied it, but I could tell from his expression that he didn’t believe me.

He then pulled out a stack of files and handed them to me, asking if I wanted an after-school and summertime job working for the school corporation.

I didn’t need a job. I had plenty of money from my various Internet ventures, which I had been operating since before and during high school. However, I liked the idea of having an ‘official job,’ getting paid for the help I was already providing, and gaining access to resources without having to use trickery.

The top form explained that if I was accepted for the position, I’d be paid minimum wage and needed to be approved by the school board at their next meeting. The next sheet detailed the responsibilities and expectations of the position. As I read through it, the tech coordinator reminded me how critical the acceptable use policy would be.

It was then I realized that it was likely easier to pay me a small amount of money to get me to stop messing with things. Fair enough.

I filled out the forms, turned them in, and was told I could attend the school board meeting where the vote would be taken, though it wasn’t required. I anxiously awaited the publication of the next board meeting agenda.

A few weeks later, I was approved and started my job, helping with various computer-related tasks at school. My antics would be mostly over, for the time being.