Tragedy

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: William Hugh Murray <whmurray () sprynet com>
Reply-To: whmurray () sprynet com
Date: Wed, 19 Mar 2003 12:52:34 -0500
To: David Farber <farber () central cis upenn edu>, etal
Subject: Tragedy

http://www.washingtonpost.com/wp-dyn/articles/A27370-2003Mar14.html

This is clearly a tragedy.

Put yourself in the place of this young man's faculty.  What message
would you wish that you had given him with all the powerful special
knowledge that you gave him?  Please pass that message to all your
students this week.  Thanks.

Regards, Bill


------ End of Forwarded Message


washingtonpost.com 

Student Charged With Hacking at U-Texas
Social Security Numbers Stolen

By Karin Brulliard
Special to The Washington Post
Saturday, March 15, 2003; Page A02


AUSTIN, March 14 -- Federal prosecutors today charged a University of Texas
student with breaking into a school database and stealing more than 55,000
student, faculty and staff names and Social Security numbers in one of the
nation's biggest cases of data theft involving a university.

Christopher Andrew Phillips, 20, a junior who studies natural sciences,
turned himself in at the U.S. Secret Service office in Austin. He was
charged with unauthorized access to a protected computer and using false
identification with intent to commit a federal offense.

Authorities had announced the cyber-theft last week. It sent shock waves
through the campus of the nation's largest university, prompting students
and staff to consider replacing credit cards and freezing bank accounts.
There is no evidence that Phillips disseminated or used the information,
officials said.

Phillips was released without bail and will have "limited access to
computers," Johnny Sutton, U.S. attorney for western Texas, said at a news
conference. "The main message today is that these cases will be taken
seriously, these cases will be prosecuted, and this case will be prosecuted
vigorously." 

If convicted, Phillips faces as many as five years in prison and a $500,000
fine, Sutton said.

After searching Phillips's Austin and Houston residences, Secret Service
agents recovered the names and Social Security numbers on a computer in his
Austin home, Sutton said. According to the indictment, Phillips wrote and
executed a computer program in early March that enabled him to break into
the university database that tracks staff attendance at training programs.

"This is a wake-up call to all institutions that use the U.S. Social
Security number as their customer ID number," said Dan Updegrove, the
university's vice president for information technology. "It's something that
all of us have to undo."

The university began in late 2001 to limit its dependence on Social Security
numbers as database identifiers, Updegrove said. Within two years, the
university will use an electronic identification number that can be matched
only to Social Security numbers in a hidden database, he said.

The data theft is probably the biggest ever at a university, said Jay Rosen,
director of consumer and victim services at the Identity Theft Resource
Center, a nonprofit group in San Diego.

"It's a massive undertaking as to what [the hacker] did," he said, noting
that identity theft is a growing problem nationwide. "All I need to steal
your identity is your name and your Social Security number."



© 2003 The Washington Post Company



-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/