The students shut the system down and held control, communicating with DePaul officials via computer. They demanded expensive computer software as ransom.

The youths were tracked down and apprehended, but the siege cost DePaul more than $22,000. It also raises discussion on how colleges can protect themselves against such crime.

Dan,

High School District 211 co-purchased the HP-2000 with Harper Junior College. The district had 12 dial-up ports, and the college had 12 hard-wired ports. I can't say what the other schools in the district had (Conant, Palatine, Hoffman Estates, Schaumburg), but at Fremd we had the ASR-33, and a Digital Decwriter. I think it was an LS-120, but I could be a little off on the model number.

Aside from the machine at DePaul, the only other HP-2000 we knew about was in a neighboring High School district (District 215, if memory serves). I think we knew about them via the grape vine: friend of a friend, some traded logins, etc. I suspect the two targetted DePaul because it seemed a better target. That, and we already had a stolen account to the District 215 system, and there wasn't anything at all interesting there.

Anytime a vulnerability within the HP2000 was found, it seemed to spread like wildfire throughout the other schools in the district, so the admins at Harper did a pretty good job of keeping the system patched. Other admins weren't quite so proactive. Many of the things we found would either bring the machine to a grinding halt, or would crash it entirely, requiring a very manual restart. DePaul's computer wasn't adequately patched, and that's how the two got the attention of the DePaul admins.

Toward the end of my tenure at Fremd, they started teaching computers a little bit. It was a three or four week segment in one of the math classes. We had an HP card reader, and the students would write their programs on cards, using a #2 pencil instead of card punch. By that time in school, I was a regular fixture in the computer room (which was adjacent to the math office), so all the math teachers knew me, and I got to sit out that part of the math class. Instead, I got to submit and run everyone's homework.

There's more, but I'll have to write that later.

Update:

I received the following update regarding this event:

Hi,

I was a classmate of Brian and... the other guy's name escapes me (it's been more than 25 years, gimme a break!) I was Fremd HS class of 79, and I suppose it's dumb luck I didn't get involved in anything like that myself.

Brian and "the other guy" used a Commodore C64 with an acoustic coupled modem in their break-in. The DePaul security was weak, the password to the A000 account was ^A^N^T, so it was fairly easy for their brute force cracker to find it. DePaul discovered someone had gained unauthorized access to the system, so they changed the password to ^B^A^T. Again, it was fairly easy to break. The problem they ran into though, was that when using an acoustic coupler, they had to dial the phone manually. And the log in process would only allow 3 (or 5? I can't recall) attempts before it would disconnect, and they'd have to hang up and manually redial.

The DePaul system had a remote job entry mechanism for the university's IBM 360, and that's what the expense was about: the university took the '360 down for a couple of days to run a complete process audit to ensure the two hadn't planted anything malicious on it.

They based their C64 program on that of one written by another student that was class of 78, if I recall. That program ran on the HP2000, and spit out the HEL-A000<cr><password> string to the paper tape punch on the Teletype Model 33 we had in the terminal room. Of course, by 78 or 79, the school had installed locks on the rotary phones we used to dial the machine the high school district shared with the local junior college.

The last I saw/heard of Brian was spring of 1981. He told me he had a job offer from TRW right out of high school, and they were sending him to UCLA first. He said that with all the press attention (it was on local and national TV), he had all sorts of job offers rolling in.

I'll see what I can do to dig up the other guy's name. He was in the electronics club, and I think he might have been in the drama club - tech crew as well.

Update Redux:

The name of the other guy was Chris Adams. I was also a nerdy at Fremd at the time and was interviewed by the FBI when they were trying to track down who the perpetrators were. The last I saw of Brian was on a news show like 20/20 (early 90's, maybe). He had become a computer security expert and was living in California.

Further Redux:

From www.azius.com/instructors.htm:

Brian Catlin is co-owner and Vice President of Azius LLC. He started building and programming 8-bit microprocessors in 1977, switched to VAX/VMS in 1982 where he specialized in device drivers, and finally to Windows NT in 1992, specializing in device drivers and internals. Brian got into device drivers because he likes to write software that interacts with the real world; writing business software is his definition of torture. Brian also spent a great deal of time in the aerospace/ defense world designing command centers, where he learned the discipline of specification writing and project management. Brian offers consulting services through his company, Sannas Consulting.