It was nice to read about the lottery ticket finder, and think about Karma. Here's a flip side to that philosophy:
Link
Quote:
Man charged with accessing USC student data
Published: 2006-04-20
Federal prosecutors charged a San Diego-based computer expert on Thursday with breaching the security of a database server at the University of Southern California last June and accessing confidential student data.
A statement from the U.S. Attorney for the Central District of California names 25-year-old Eric McCarty as the person who contacted SecurityFocus last June with news of a flaw in the Web server and database system used to accept online applications from prospective students. SecurityFocus notified the University of Southern California of the vulnerability and worked with the university to close the flaw before publishing an article about the issue.
The flaw could have allowed an attacker to send commands to the database that powered the site by using the user name and password text boxes. USC's Information Services Division confirmed the problem and shuttered the site, which contained data on nearly 280,000 applicants, on June 20 as a precaution. The university believes, and the prosecutors allege, that only a handful of records were actually accessed.
"It wasn't that he could access the database and showed that it could be bypassed," said Michael Zweiback, an assistant U.S. Attorney for the U.S. Department of Justice's cybercrime and intellectual property crimes section. "He went beyond that and gained additional information regarding the personal records of the applicant. If you do that you are going to face, like he does, prosecution."
The FBI uncovered the Internet address of McCarty's home computer on USC's systems, according to the statement released on Thursday. USC would not comment except to say through a spokesperson that the university is fully cooperating with the investigation.
McCarty could face up to a maximum of 10 years in federal prison. He is schedule to make his initial appearance in U.S. District Court on April 28.
|
About six or eight years ago, I was less knowledgeable about computers than I am now. I also had less money.
During this time of need, I tried out the ebay "local" feature. Found a guy selling new computers he assembled.
I drove up there, bought a computer, received assurances that he would handle any problems for 90 days, and took it home. The motherboard crapped out a month later. The seller promptly became unavailable by phone.
He lived on a small farm which had an electric gate. Now I see why--I never could get him served to go to small claims because of that darned gate. Oh, he also put a bootleg copy of Windows on the computer, which I neither asked for nor needed.
Fast forward, and he has hacked into the USC student database. The FBI has been talking with him. He, of course, claims he was doing USC a favor by pointing out a vulnerability. This flies in the face of the laws he had to be aware of to obtain his certifications, which he should, of course, lose.
Couldn't happen to a nicer guy.
05-31-2006, 08:17 AM
