Re: Frustrated USC applicant pleads guilty to break-in

["Mark S. Bruhn" <mbruhn () INDIANA EDU>]

In any case, it seems USC made the right decision vis-à-vis that particular
applicant...
M.


-- 
Mark S. Bruhn

Associate Vice President for Telecommunications
Executive Director, REN-ISAC (http://ren-isac.net)
Indiana University



> From: Dan Updegrove <updegrove () MAIL UTEXAS EDU>
> Reply-To: The EDUCAUSE Security Discussion Group Listserv
> <SECURITY () LISTSERV EDUCAUSE EDU>
> Date: Mon, 11 Sep 2006 12:07:44 -0400
> To: <SECURITY () LISTSERV EDUCAUSE EDU>
> Conversation: [SECURITY] Frustrated USC applicant pleads guilty to break-in
> Subject: [SECURITY] Frustrated USC applicant pleads guilty to break-in
>
> Colleagues,
>
> Some institutions that experienced security breaches have been castigated for
> retaining records *online* of rejected applicants. Perhaps there's an
> rationale here for keeping them *offline,* in the event of a future break-in.
> And note anticipated sentence: six months home detention and $37,000 in
> restitution. 
>
> Regards,
> Dan
>
>
> Man admits he hacked into USC's application system
> Tuesday, September 5, 2006
>
> (09-05) 22:06 PDT Los Angeles (AP) --
>
> A San Diego man was so upset that USC did not admit him as a student that he
> hacked into the school's application system and stole other would-be students'
> personal information, he admitted in court Tuesday.
>
> Eric McCarty, 24, pleaded guilty to a felony count of accessing a protected
> computer without authorization and was scheduled to be sentenced Dec. 4. Under
> terms of a plea bargain with prosecutors, he is expected to receive six months
> of home detention and pay nearly $37,000 in restitution.
>
> In June 2005, McCarty accessed Social Security numbers, names, addresses,
> dates of birth and applicants' passwords to the USC site, according to the
> government. Federal investigators found information on seven different people
> on McCarty's home computer, which they seized.
>
> After the break-in, McCarty created a new e-mail account using the sign-on
> "ihackedusc. Prosecutors said he used that account to send messages explaining
> what he had done to a reporter at the Web site securityfocus.com. The reporter
> contacted university officials.
>
> Authorities said McCarty also boasted and joked about his accomplishment on
> his blog.
>
> Among the messages found on his blog: "USC Got Hacked" and "so all the hot USC
> girls, I got your phone number, ladies."
>
> VP for IT 
> The University of Texas at Austin
> FAC 248-U, Austin, TX 78713-7407
> (512) 232-9610