Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] San Diego man charged with accessing university applicants' inform

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] San Diego man charged with accessing university applicants' information
Date: Fri, 21 Apr 2006 04:51:02 -0500 (CDT) 
http://www.nctimes.com/articles/2006/04/21/news/sandiego/17_01_084_20_06.txt

By: North County Times News Service 
April 20, 2006

SAN DIEGO - A 25-year-old San Diego man is charged with hacking into
the University of Southern California's application system and
accessing confidential information on would-be students, federal
prosecutors said Thursday.

Eric McCarty, who earns money testing computers' network security, is
accused of using his home computer to hack last June into the Web site
that allows USC applicants to submit their information online.

Prosecutors said the data stored in the application system includes
Social Security numbers and birth dates of more than 275,000 people
who have applied to USC from 1997 through the present.
 
The site normally requires applicants to enter a username and password
in order to view the information they entered, and to change it if
necessary.

McCarty, who also works as a computer network administrator, allegedly
exploited a vulnerability in the database that allowed him to bypass
the password protection.

Assistant U.S. Attorney Michael Zweiback alleged McCarty accessed
"information on a number of students," over several visits to the
site. But he declined to give an exact figure on how many students'
records were allegedly accessed.

McCarty copied several applicants' records, prosecutors allege in a
criminal complaint unsealed yesterday.

On June 21, 2005, the site and the database were shut down as a result
of the vulnerability, and the Web site remained off-line for nearly
two weeks, according to the U.S. Attorney's Office.

USC officials could not be reached for immediate comment.

Zweiback would not comment on McCarty's motivations for the alleged
hacking. He did say, however, that hackers can be attracted to large
targets.

"I think individuals who are computer trained like he is ... they're
always looking for vulnerabilities in large institutions," the
prosecutor said. "Beyond that, I'm not going to comment."

FBI investigators tracked down McCarty through the Internet protocol
address on his home computer, authorities said.

McCarty is expected to make his initial court appearance in Los
Angeles April 28. If convicted, he could face up to 10 years in
prison.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] San Diego man charged with accessing university applicants' information, InfoSec News <=
Previous by Date:  [ISN] Microsoft Patches: When Silence Isn't Golden, InfoSec News
Next by Date:  [ISN] We're winning the war against hackers, InfoSec News
Previous by Thread:  [ISN] Microsoft Patches: When Silence Isn't Golden, InfoSec News
Next by Thread:  [ISN] We're winning the war against hackers, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]