[ISN] Computer hacker pleads guilty

InfoSec News isn at c4i.org
Wed Mar 15 03:22:50 EST 2006


By: North County Times News Service 
March 13, 2006 

SAN DIEGO - A young man who was 17 when he hacked into the computer
network at San Diego State University and compromised operations
pleaded guilty Monday to federal charges.

The defendant, who was not identified because he was a juvenile at the
time of the offense, was immediately sentenced by U.S. District Judge
Napoleon Jones Jr. to three years probation and ordered to pay $20,735
in restitution.

"This young man has now learned the hard way that the Internet does
not give anyone immunity from criminal prosecution and conviction,"  
said U.S. Attorney Carol Lam.
The defendant admitted knowingly and intentionally accessing various
legally protected computers in the SDSU network and recklessly causing
damage to those computers.

Assistant U.S. Attorney Mitch Dembin said the defendant admitted that
on Dec. 24, 2003, he scanned the university network looking for
vulnerable computers and happened upon one in the Drama Department.

He uploaded a variety of software tools and utilities to that computer
for use in ferreting out other vulnerable computers within the SDSU
network, cracking passwords and obtaining administrative privileges,
Dembin said.

Over the next several hours, the defendant located and compromised at
least seven additional computers, including the Financial Services and
Housing Department systems, according to Dembin.

In mid-January 2004, the defendant uploaded a program to the Financial
Services and Housing Department computers that would allow him to
store, share and distribute music and software, including pirated
video games, Dembin said.

He said the computer breach was discovered on Feb. 24, 2004, when
complaints were received from individuals who were getting unsolicited
electronic mail originating from the Financial Services computer.

That led to a full investigation by SDSU that revealed the larger
scope of the hacker's work, according to Dembin.

He said SDSU spent more than $20,000 investigating the extent of the
compromise and repairing and restoring the damaged computers.

The university also had to notify individuals whose personal
information was located on the Financial Services computer that their
data may have been accessed.

The prosecutor said there is no evidence, however, that any data
stored on the Financial Services computer was downloaded or used for
identity theft.

Steve Harshaw, an SDSU police detective, was involved in the case.

"Without the assistance from San Diego State's Information Security
Office, it would have been extremely difficult to track down this
criminal," he said. "We're very happy that an arrest was made,
especially in light of how difficult investigations into this type of
crime can be."

More information about the ISN mailing list