Illinois Kid Hacked District Computers To Rickroll Entire School District At Once
A kid in Illinois is going places, and it all started with an idea for the greatest Rickroll of all time.
Minh Duong pulled off the greatest senior prank of all time this spring when he managed to Rickroll the entirety of his school district at the same time.
District 214 is the second largest school district in Illinois, just outside of Chicago, consisting of 6 schools and 11,000 students.
As a freshman, Minh became very interested in tech, and started looking into the district's internal network. With only half of the network scanned, his school's supervisor noticed the spike in traffic and came to find him and ask him to stop.
Minh said he did, in his written up report on WhiteHoodHacker. However, with only half of the network scanned, they found 8,388,606 IPs.
Within those IP's were all kinds of devices that were unsecured on the network, requiring no password. This included the printers, the internet-based phones, and security cameras.
"The district tech team was informed about the issue, which they resolved by placing the cameras behind ACL restrictions," Minh wrote. "However, many devices remained exposed to the student network — more importantly for this post, the IPTV system!"
TV Access
In every class room and attached to every TV screen and projector in the building is a box that allows remote access to the screens' power and display, called the AvediaPlayer r9300.
Now, I'm not going to get into all the technical mumbojumbo about how he gained access to the boxes and all the scripts and stuff, but I will say Minh documented his process very well and provided some very good examples of the script used for, you know, educational purposes.
The Prank
The day of the prank, he had everything planned down to the minute for what would become one of the greatest pranks of all time.
To be a good guy at the end of it all, he had plans to send a report to the tech supervisors of the district with detailed information of
He wrote on the website:
- 10:40 AM Rickroll stream goes live with a 20-minute countdown.
- 10:55 AM AvediaPlayer systems are initialized, turning on displays and changing the active channel to the rickroll stream.
- 11:00 AM The stream finishes the countdown with the rickroll playing at the end of the first block.
- 11:10 AM The payload restores the AvediaPlayer systems to their previous state and removes itself.
- 2:05 PM The end of the third block bell plays a rickroll instead of the dismissal bell.
- 2:15 PM The penetration test report is automatically sent to the technical supervisors.
As the Rickroll played, a message scrolled on the screen explaining that over 500 screens were part of the prank, across the entirety of District 214.
Check it out:
Aftermath
After sending an anonymous email with their report to the district, they received an email from District 214's Director of Technology. He said that thanks to the detail of their report and guidelines to fixing the security threat, they wouldn't be taking disciplinary action, according to Minh's write up.
The director also mentioned that the debrief impressed the superintendents.
Minh explained that he just now is publishing his write up because he wanted to make sure it was after his graduation that his identity was revealed to the world.
Read more at WhiteHoodHacker