Hacking into Harvard
Hacking into Harvard
Permalink:
Everyone who has ever applied for admission to a selective college or who has been interviewed for a highly desired job knows the feeling of waiting impatiently to learn the result of one’s application. So it’s not hard to identify with those applicants to some of the nation’s most prestigious MBA programs who thought they had a chance to get an early glimpse at whether their ambition was to be fulfilled. While visiting a Business Week Online message board, they found instructions, posted by an anonymous hacker, explaining how to find out what admission decision the business schools had made in their case. Doing so wasn’t hard. The universities in question— Harvard, Dartmouth, Duke, Carnegie Mellon, MIT, and Stanford—use the same application software from Apply Yourself, Inc. Essentially, all one had to do was change the very end of the applicant-specific URL to get to the supposedly restricted page containing the verdict on one’s application. In the nine hours it took Apply Yourself programmers to patch the security flaw after it was posted, curiosity got the better of about two hundred applicants, who couldn’t resist the temptation to discover whether they had been admitted.
Many of them got only blank screens. But a few learned that they had been tentatively accepted or tentatively rejected. What they didn’t count on, however, were two things: first, that it wouldn’t take the business schools long to learn what had happened and who had done it and, second, that the schools in question were going to be very unhappy about it. Harvard was perhaps the most outspoken. Kim B. Clark, dean of the business school, said, “This behavior is unethical at best—a serious breach of trust that cannot be countered by rationalization.” In a similar vein, Steve Nelson, the executive director of Harvard’s MBA program, stated, “Hacking into a system in this manner is unethical and also contrary to the behavior we expect of leaders we aspire to develop.”
It didn’t take Harvard long to make up its mind what to do about it. It rejected all 119 applicants who had attempted to access the information. In an official statement, Dean Clark wrote that the mission of the Harvard Business School “is to educate principled leaders who make a difference in the world. To achieve that, a person must have many skills and qualities, including the highest standards of integrity, sound judgment and a strong moral compass—an intuitive sense of what is right and wrong. Those who have hacked into this web site have failed to pass that test.” Carnegie Mellon and MIT quickly followed suit. By rejecting the ethically challenged, said Richard L. Schmalensee, dean of MIT’s Sloan School of Management, the schools are trying to “send a message to society as a whole that we are attempting to produce people that when they go out into the world, they will behave ethically.”
Duke and Dartmouth, where only a handful of students gained access to their files, said they would take a case-by-case approach and didn’t publicly announce their individualized determinations. But, given the competition for places in their MBA programs, it’s a safe bet that few, if any, offending applicants were sitting in classrooms the following semester. Forty-two applicants attempted to learn their results early at Stanford, which took a different tack. It invited the accused hackers to explain themselves in writing. “In the best case, what has been demonstrated here is a lack of judgment; in the worst case, a lack of integrity,” said Derrick Bolton, Stanford’s director of MBA admissions. “One of the things we try to teach at business schools is making good decisions and taking responsibility for your actions.” Six weeks later, however, the dean of Stanford Business School, Robert Joss, reported, “None of those who gained unauthorized access was able to explain his or her actions to our satisfaction.” He added that he hoped the applicants “might learn from their experience.”
