Got access to QNAP network appliance in school...

[schoeee]

Well basically me and a friend found a way into the schools network host via internal network links. We access the home page and login with the username Admin and password Admin. We have access to everything on the schools servers, all files and have administrator access on everything.

Now I was just wondering, IF we do get caught, what could the consequences be? I mean, the schools IT staff shouldn't have a password the same as the username for a starter. There's a lot of security flaws within our schools computer network and me and my friend are always the ones to come across it but usually end up in trouble for trying to help them and make it more secure.

If any sneaky people are here on Hexus, what should we do with this information? Download it all onto an external hard-drive and look at it all at home? We think we can only access it from school computers but going to try turning on the cloud service to see if we can connect from home, through tor of course. What else could we do with this information?

Thanks guys!

[blueball]

The very fact that you are accessing it without permission is against the law. Tell them that you have discovered a weakness in their system. If you do get caught you could feasibly face a jail sentence although in reality that might be a last resort.

http://www.legislation.gov.uk/ukpga/1990/18/contents

Read section 1!!!

[schoeee]

We are in the UK I've never heard that we could go to jail. We are using other peoples accounts in school so it kinda can't be traced to us? We aren't doing anything that can harm the integrity just looking around.

I mean this has huge possibilities and the fact we could access it so easily means that a hacker attack could resort in the loss of everything.

[blueball]

See my update to previous post.

By using other peoples accounts you are making things worse. You may think this is fun but you are breaking UK law.

I agree that it is serious but you have to let them know (anonymously if necessary by creating a gmail account) that their system is insecure. Then you need to stop accessing the relevant areas.!

[schoeee]

I see, thank you. Our IT technicians don't really have any idea what they are doing, if we tell them we will most likely end up in trouble and they probably won't fix it like all the other stuff..

[blueball]

As I said, if you feel you will get in trouble (and by using other peoples accounts you should) then create a one-off email account and email the school anonymously to let them know.

[schoeee]

I see! Cheers buddy!

[peterb]

You have potentially committed an offence under the computer misuse act.

HEXUS is a UK based site and does not condone activity that is unlawful.