A 25-year-old computer network expert from San Diego was charged this week in Los Angeles with hacking into a University of Southern California admissions site last June. Officially he is accused of "intentionally transmitting a code or command to cause damage to the USC online application system". In all, the attack last June compromised personal records of more than 270,000 past and present university applicants.
It is believed Eric McCarty, the man charged, used a vulnerability in the online application system and gained access to personal records of applicants including dates of births and SSN numbers. The common vulnerability employed allowed a user to receive data from the database by sending commands using the login details fields on the admission site. It was discovered last June that the online admissions database was vulnerable to this security flaw and the site was shut down for a period. 2005 saw a whole host of high-profile personal data thefts including the loss by CardSystems of client records on some 40 million people in the biggest-ever data hack Personal details are increasingly valuable to modern-day cybercriminals who use them to commit identity fraud. Hackers have also targeted university computer systems as they provide immediate access to tens of thousands of personal records. The last two years saw personal data loss incidents at the University of Connecticut, Boston College, University of California and University of Colorado among others.
Eric McCarty, whose home computer was traced by its IP as the one used to access personal records on the admissions site, could face up to 10 years in prison. His first appearance at the Los Angeles District Court is scheduled for April 28. The university, who had to contact all the people potentially affected by the data loss, believes that only a small number of records was actually accessed. This is enough for Michael Zweiback, an assistant U.S. attorney for the cybercrimes and intellectual property unit. "It wasn't that he could access the database and showed that it could be bypassed," Mr Zweiback said. "He went beyond that and gained additional information regarding the personal records of the applicant. If you do that you are going to face, like he does, prosecution."
There are currently 1 users browsing this thread. (0 members and 1 guests)