For many of us we think sending our kids to school they are safe and that school computers are a place of sanctuary. When it comes to security like I have said before in the past no one can be trusted. We think of the recent tragedies with schools over the past few months but here is another school situation uncovered.
From the The Morning Call:
An internal probe by Easton Area School District claims the man who helped craft its acceptable use policy for Internet and technology was spying on administrators and hiding 70 photos of nude “breasts and vaginal areas” on his district-issued computer, according to a police search warrant.
Forks Township police on Friday seized the work laptop of Thomas Drago, Easton’s former director of technology, during a search of the district’s administration building.
Police also seized six other items from the school district’s offices and 19 items from Drago’s Bushkill Township home, including four computers, five flash drives, a digital camera and an iPod, according to court documents.
No charges have been filed against Drago, who resigned from his $105,000 position last month. But police wrote in the search warrant that his alleged actions could constitute unlawful use of a computer, unlawful duplication and invasion of privacy. The number listed for Drago’s home is no longer in service.
In addition to the nude photos, the internal investigation found a photo that shows the “breasts and cleavage” of a woman who could be a district employee, possibly taken through a webcam, according to the court documents.
The district said Drago accessed Superintendent Susan McGinley’s and several employees’ computers hundreds of times without authorization, the court documents say.
The internal investigation also claims Drago had a recording of an executive session to discuss contract negotiations that was not open to the public and which administrators did not know he was recording, according to the search warrant return.
The district contacted police in January after its own investigation, the court records say.
Northampton County District Attorney John Morganelli confirmed that police have an ongoing investigation involving a former district employee, but said he didn’t know specifics of the probe. Forks police Chief Greg Dorney could not be reached for comment.
District solicitor John Freund said police took a computer from Drago’s office on Friday when they executed the search warrant.
“That’s all we know,” Freund said.
McGinley, who was served with the warrant, could not be reached for comment.
According to court records:
In October, Director of Teaching and Learning Steve Furst noticed a binoculars icon with Drago’s name on the top right display of his computer screen. He emailed Drago, asking what he was doing and the icon went away. Furst contacted McGinley, saying he was concerned Drago was accessing his computer without authorization.
Another member of the district’s technology staff was directed to perform an examination of Drago’s remote access usage. It was discovered that Drago had remotely accessed the computers of eight administrators, including McGinley’s.
Drago initially denied accessing Furst’s computer, but later said he did it mistakenly. Drago then said that he did have permission.
The district asked New Jersey company, Miles Technology, to conduct a forensic examination of Drago’s computer. The examination found that Drago accessed computers without authorization and copied sensitive files and documents that may have included student information.
The examination by Miles Technology said Drago was hiding the nude photos using what’s called a “dual platform.” While his computer used a Mac operating system he had also installed a Microsoft Windows operating system to conceal the images. It’s not yet confirmed if the images are adults or minors.
Police also seized the 14-page acceptable use policy that Drago helped write. It prohibits sending, receiving, viewing, downloading, or transmitting sexually suggestive, sexually explicit, obscene or pornographic material or child pornography.
“Unauthorized access, including hacking and logging into the network using another individual’s username and password, is strictly prohibited and will result in discipline and denial of privileges. Such unauthorized access may also result in criminal charges,” according to the policy.