I'm getting the blame for hacking

[streaker69]

Quote:

Originally Posted by Goldhedge

Sit down and document all that you can before speaking to anyone. If you have nothing to hide, then there's nothing to fear and you should welcome the opportunity to aid in the investigation.

If you have something to hide, then call a lawyer.

He should probably be talking to an attorney regardless. If they're accusing him of a crime, the sooner he speaks to an attorney the better.

[Fancy]

Quote:

Originally Posted by streaker69

He should probably be talking to an attorney regardless. If they're accusing him of a crime, the sooner he speaks to an attorney the better.

Totally right! Even if you have nothing to fear or hide, consulting an attorney is really the best you can do in this case.

[godcronos]

Quote:

All the teacher does is open the client, click connect, enter their username and password,a couple of clicks and they are connected.

That means the VPN router's username and password are saved in the client app.

Quote:

I've bought some of these laptops home myself

- first, where I work we have a policy - never take home any systems that don't belong to you. And then, you get paid to clean them of viruses and trojans, during business hours, not at home, during personal time. Big mistake. I guess you like working for free or wanted some OT.

Quote:

How does an ISP give out the owner of an IP address?

- well when you login ( I think you have DSL, I could be wrong) to their servers, you authenticate with a username and password. I think that's how they traced you and found out the IP address. If you got cable, I am guessing, they know who the cable box belongs to( it's got a serial number or some crap like that) and where it's located.
They don't call the police, just like that. They will provide the info, but leave it up to the victim to call them. They are not prosecutors, they are just an ISP. Hell, if they wanted to incriminate people for what they do online, most people would be sanctioned for something. Don't be so paranoid, it doesn't help with your state of mind!
Plus those user accounts can be restored from a backup, that is if anyone there ever thought about doing one. No offense , I hope.

So, you're better off relaxing and update your resume, contact a lawyer, stuff like that.
When those security geeks find out how bad the security is there, they will probably think and say, that this was a long time coming!

[lupin]

Quote:

Originally Posted by Morbius

Would the MAC address of the machine that VPN'd in be listed in their logs somewhere - because if it's a MAC address that doesn't belong to any of these machines then that's maybe a start?

I agree with what Fancy said about this, MAC addresses get translated as soon as your connection goes past the first router.

Quote:

Originally Posted by Morbius

I think they found the source IP and the ISP (Tiscali) provided my name as the owner of that IP.

The ISP should not have done this without a court order, and this usually requires the Police (or at least the schools lawyers) to be involved. Are you sure the Police haven't been contacted?

Anyway, to reiterate what I already mentioned and what others have repeated - Get a lawyer. Do it right now. Like right this second. Its really, really important and the best advice we can give you. You need a lawayer and you need one as soon as possible, to tell you what your options are and how best to proceed, to act as your advocate, and to help prevent this trouble from getting worse. Im not just repeating myself here because Im a fan of hyperbole, Im trying to help you understand just how important it is that you get a lawyer and do it without ANY further delay.

If this defacement has only been connected to you via your IP address, and not by the use of an account that only you had access to, then Id also start thinking seriously about other ways this connection could have been made from your network. Find out when it happened, and try and think about what you were doing then. Check with your ISP to see if your account was connected to from another physical location (unlikely, but confirm anyway). Think about whether you had any of the work laptops at home then, and see if theres some way you can confirm whether this system had a trojan installed. Also, confirm that the school doesnt think that this was you only because a VPN connection from you was connected at the same time as the defacement supposedly happened. Ensure that they can provide a direct link between you and the defacement, meaning that they known when the defacement happened, when you were connected, AND they can show that your specific connection was the one that make the deletions. Is your IP Address directly recorded in the AD Security logs, or have they extrapolated this information by consulting multiple log files and making (possibly incorrect) correlations.

Some of this you may only be able to do if someone decides to press charges, in which case you should be able to have accesss to the evidence against you. Get your lawyer to assist as needed (and did I mention to get a lawyer right now by the way?)

[Thorn]

Quote:

Originally Posted by lupin

The ISP should not have done this without a court order, and this usually requires the Police (or at least the schools lawyers) to be involved. Are you sure the Police haven't been contacted?

Huh? Maybe it works that way in Australia, but in the US any interested party can obtain the that info from an ISP. All the school district would have to do would be have their attorney to get a subpoena. That can be done in civil court without ever involving the police.

[IAMZOMBIE]

They could have also gotten his ip simply by looking at the logs and seeing that the same IP that he has connected with for the past x years was the same IP used in this incident. Just depends how good the security team is, and what kind of logs they keep. AKA, they *might* not have gone to the police yet.

My first guess is the OP has a trojan planted by a student.
Someone could have hacked his wireless, but to then get his vpn password and then keep going from there???? I doubt it.
It could be a random trojan, but to then log into his VPN and delete accounts???
I would guess a kid emailed him an attachment, or gave him a usb key, or something like that as a joke.

I would probably talk to a lawyer if it was me.

[lupin]

Quote:

Originally Posted by Thorn

Huh? Maybe it works that way in Australia, but in the US any interested party can obtain the that info from an ISP. All the school district would have to do would be have their attorney to get a subpoena. That can be done in civil court without ever involving the police.

Yes, it could be done by involving the Police (especially if there was an eventual intention to charge someone with a crime), but as I did mention it would be possible to also get the information from the ISP by having the schools lawyers petition the court. Here, from memory, the Police usually wont get involved unless the damage done is over about $50,000 which may or may not be the case here. (Probably not)

[SephStorm]

Get a lawyer. I'm assuming that whatever computers you took home you at least logged them out or something of that nature? They can forensicly check those machines to see if those were the ones that perpatrated the attack. I assume you also have a personal firewall on the laptops, most schools use secondary software, in leiu of the windows firewall, so there may be some sort of log if someone connected to your computer remotely, even allowed connections should be noted.

I would also like to know what security software was on those machines, so I can make sure I dont use it. I assume Norton or McAffee. In my experience Norton... well it's Norton. Way to many computers have norton and get and stay infected.

Oh, and norton will notify you (and log) intrustions into your machine, as well as port scans and so on. So assuming all of the above, you may have a chance. Albeit a small one.

[williamc]

I have some concerns about your IT department. First off, if you've been implicated in an investigation, why are they coming to you with accusations? Any time a client hires us for an investigation, the accused is either on administrative leave or completely unaware until he's escorted from the building.

With that said, you need to get some things straigthened out. First, VPN can be used from WEP or even open networks. We connect from hotels and client guest networks all the time. We use the VPN to encrypt our session. Obviously, an IT department cant contol the home environment, as is evident in this case. What they can do is check for AV, firewall, etc. Doesn't appear they are, but that's not the point.

Here's what I'm getting at. They are full of crap. Your VPN creds are probably stored on a client on one of these laptops. Someone took it home and logged in as you. Your incompetent IT department checked logs after the intrusion and found your account logged in with the IP address your assigned to their internal network. This appears to be enough for them to accuse you of wrong doing.

Now I'd say get a lawyer, but if you've ever needed one, you'll find they are less than helpful unless you have a lot of money for a retainer. Maybe speak to the head of IT (if he's not a moron) and see if he's receptive to your explanation. This is a case of guilty until proven innocent. Do yourself a favor and use this as a learning experience.

William

[lupin]

Quote:

Originally Posted by williamc

Here's what I'm getting at. They are full of crap. Your VPN creds are probably stored on a client on one of these laptops. Someone took it home and logged in as you. Your incompetent IT department checked logs after the intrusion and found your account logged in with the IP address your assigned to their internal network. This appears to be enough for them to accuse you of wrong doing.

That was my first impression too, but according to post 6 this activity was traced to the OP by the IP address assigned to him by his ISP.

Quote:

Originally Posted by williamc

Now I'd say get a lawyer, but if you've ever needed one, you'll find they are less than helpful unless you have a lot of money for a retainer.

If there's a chance that this is going to court Id get a lawyer. If this may only end in termination of employment, a union rep may be better if finances are an issue. However it may be hard to determine exactly where this will go, and Id rather have a lawyer and not need them than the reverse.