A blog the FBI should read in the Spycamgate investigation

The Lower Merion School District officials are going to get seriously schooled. In repeated public statements, the school has denied spying, but has offered no other explanation for how Harriton high schooler Blake Robbins got busted for dealing Mike & Ike candies.

Now, the FBI has confirmed reports that it is actively investigating the Pennsylvania school district’s alleged spying on students using the webcams in school-issued laptops:

Ordinarily, federal law enforcement agencies do not confirm the existence of an investigation. The Department of Justice does have an exception for matters that have already received substantial publicity, or where the community needs to be reassured that law enforcement is investigating the incident.

Levy said, “We intend to work as a team with the Federal Bureau of Investigation, the Montgomery County District Attorney’s Office, the Montgomery County Detectives, and the Lower Merion Police Department to determine if any crimes were committed. The issues raised by these allegations are wide-ranging and involve the meeting of the new world of cyberspace with that of physical space. Our focus will only be on whether anyone committed any crimes. At this point, very few facts are known. Our first responsibility will be to conduct an orderly investigation to learn the facts.

via Federal Bureau of Investigation – The Philadelphia Division: Department of Justice Press Release.

The FBI may want to start its investigation with a thorough reading and archiving of “Best Thing Since Sliced Bread,” a blog started last year by Lower Meridian School District technician Michael Perbix.

The FBI may also want to hire as a security consultant, Stryde Hax, who discovered the blog. He reviewed the school district staff list and went scouring the Internet for information on the district’s three network technicians. The school superintendent has said previously that “only two members of the technology department could access the security feature.” Judging from his blog, Perbix is one of them.

He started the blog in September 2009 and uses it to talk about new technology and software fixes. He has written quite a few posts about LANrev, the system used by the school to track its 2,300 laptops.

In his first post, Perbix writes: “I don’t claim to be an expert but I do believe that you should share information that has helped you so that others may find it if they need help.  Everything contained in here are snippets of code that I have seen or found on the internet, as well as from the fantastic individuals on the MacEnterprise forum.”

He talks about how to block access to certain sites and forums. For example, he suggested blocking access to Chat Roulette for people operating networks for kids. “Upon testing, I was connected to a male chatter who was doing something less than appropriate on cam,” wrote Perbix. In other posts, he talks about:

– How to automatically install files onto all users’ computers: Best thing since sliced bread: Install files into user directories.

– More telling given the spycam investigation, he has a post on enabling and disabling Macbook cameras: Best thing since sliced bread: Enable and Disable the built in iSight.

– Perbix writes more about the web cam remote monitoring on this Mac Enterprise forum, though he only talks about using it for catching laptop thieves, and not suspected student drug Mike & Ike candy dealers.

Stryde Hax also points to a 2008 MacEnterprise webcast about LANrev featuring Perbix:

Mike Perbix identifies himself as a high school network tech, and then speaks at length about using the track-and-monitor features of LanRev to take surreptitious remote pictures through a high school laptop webcam. A note of particular pride is evident in his voice when he talks about finding a way outside of LANRev to enable “curtain mode”, a special remote administration mode that makes remote control of a laptop invisible to the victim. Listen at 35:47, when he says: “You’re controlling someone’s machine, you don’t want them to know what you’re doing.”

It isn’t until 37 minutes into the video till Perbix begins talking about the Theft Tracking feature, which causes the laptop to go into a mode where it beacons its location and silent webcam screenshots out to an Internet server controlled by the school.

via Stryde Hax: The Spy at Harriton High.

These blogs are really interesting. They don’t shine light necessarily on whether school officials were monitoring students with any frequency, but they do explain the mechanics of how it was being done.

The school has denied activating the cameras for anything other than retrieving stolen laptops, but it still has not explained the alleged webcam photo at the center of the case: Blake Robbins doing whatever he was doing with Mike & Ike candies. Does the photo exist? If so, how did vice principal Lindy Matsko get it?