[ISN] Y. hacking charge filed

InfoSec News isn at c4i.org
Fri Aug 12 01:10:06 EDT 2005 

http://deseretnews.com/dn/view/0,1249,600154978,00.html

By Tad Walch
Deseret Morning News
August 11, 2005

PROVO - A federal prosecutor has charged a Brigham Young University
student with fraud for tampering with four campus computers to
secretly log the private keystrokes of 600 students who used the
machines.
      
Esteban N. Rodriguez, 25, "intentionally accessed a computer without
authorization and exceeded authorized access, and thereby obtained
information from a protected computer," according to documents filed
Tuesday in U.S. District Court.
      
Rodriguez declined an interview request when contacted by phone
Wednesday evening. According to a BYU Web site, he is from Necochea,
Argentina.
      
The sophisticated software used in the break-in last spring recorded
every keystroke entered on four of the computers in the Widtsoe
Building open-access computer lab. The captured information was
periodically transmitted via e-mail to a Hotmail account created with
a bogus name. However, there is no evidence the information was used
for identity theft or any other purpose, said BYU officials and
Melodie Rydalch, spokeswoman for the U.S. Attorney's Office in Salt
Lake City.
      
No motive was given for the break-in.
      
Investigators had speculated the crime was an inside job by someone
with access to the lab's master password. Rodriguez had worked as a
part-time student employee in the lab. In fact, a work phone number
listed for him on a BYU Web site was for a computer lab in another
campus building, the Kimball Tower.
      
BYU officials could not confirm Wednesday whether Rodriguez was still
employed by that lab. An employee in the lab who answered the phone
Wednesday night said he had not seen Rodriguez this summer.
      
The spyware was discovered in late April when another student employee
in the Widtsoe lab noticed strange icons on two computer monitors. A
sophisticated search uncovered the software on two additional
machines.
      
BYU moved quickly to protect the identities of students. The
university terminated their passwords to the campus intranet - called
Route Y - so no one else could access their campus records, BYU
spokesman Brent Harker said.
      
Each student was contacted by phone, e-mail or via a notice on their
student computer accounts. They were told to change their Route Y
passwords and advised to do the same with other accounts they might
have accessed online from the Widtsoe Building computers.
      
Harker said the administrative password in the Widtsoe lab should have
been changed more often.
      
"Since that time we've changed administrative passwords in that lab
and reinforced a general policy to change those passwords routinely,"
Harker said. "This wasn't done from outside, it was from within."
      
FBI and BYU investigators seized a computer from a Provo residence and
used subpoenas to gather telephone and other electronic records during
an investigation.
      
The federal charge for fraud and related activity in connection with
computers is a misdemeanor, Rydalch said. It carries a maximum penalty
of up to one year in prison and a $100,000 fine.

More information about the ISN mailing list