Frustrated USC applicant pleads guilty to break-in

[Dan Updegrove <updegrove () MAIL UTEXAS EDU>]

Colleagues,

Some institutions that experienced security breaches have been
castigated for retaining records *online* of rejected applicants.
Perhaps there's an rationale here for keeping them *offline,* in the
event of a future break-in. And note anticipated sentence: six months
home detention and $37,000 in restitution.

Regards,
Dan


Man admits he hacked into USC's application system

Tuesday, September 5, 2006

(09-05) 22:06 PDT Los Angeles (AP) --

A San Diego man was so upset that USC did not admit him as a student
that he hacked into the school's application system and stole other
would-be students' personal information, he admitted in court Tuesday.

Eric McCarty, 24, pleaded guilty to a felony count of accessing a
protected computer without authorization and was scheduled to be
sentenced Dec. 4. Under terms of a plea bargain with prosecutors, he
is expected to receive six months of home detention and pay nearly
$37,000 in restitution.

In June 2005, McCarty accessed Social Security numbers, names,
addresses, dates of birth and applicants' passwords to the USC site,
according to the government. Federal investigators found information
on seven different people on McCarty's home computer, which they seized.

After the break-in, McCarty created a new e-mail account using the
sign-on "ihackedusc. Prosecutors said he used that account to send
messages explaining what he had done to a reporter at the Web site
securityfocus.com. The reporter contacted university officials.

Authorities said McCarty also boasted and joked about his
accomplishment on his blog.

Among the messages found on his blog: "USC Got Hacked" and "so all
the hot USC girls, I got your phone number, ladies."

VP for IT
The University of Texas at Austin
FAC 248-U, Austin, TX 78713-7407
(512) 232-9610