[ISN] Ex-UD student faces hacking charges

From: InfoSec News (isn@private)
Date: Mon Jan 09 2006 - 22:33:48 PST


The News Journal

A former University of Delaware student could face up to 36 years in
prison on charges of hacking into a professor's computer to try to
change an exam date.

Marc J. Simpson, of Toms River, N.J., is accused of using a software
program that could spy on other computers via a wireless connection.  
The software, court documents said, gave Simpson the ability to gain
his professor's password as the instructor typed it during a class.

But in the end, UD police said, the 20-year-old's scheme was undone by
an anonymous tip delivered the old-fashioned way -- on a piece of

Simpson, who had been a computer engineering student, is charged with
two counts each of identity theft, unauthorized access of a computer
and misuse of computer system information.

Simpson could not be reached, but his attorney, Mark D. Sisk, said his
client is not guilty.

UD spokesman Martin Mbugua said the school would not comment. The case
is pending in Superior Court.

According to court records, several of associate professor Michael
Shay's students complained after he scheduled a physics exam for Oct.  
7, the same date as an exam another professor was giving.

They asked Shay to reschedule his exam, but he refused.

A day before the test, however, students in the class received an
e-mail from Shay's account telling them the exam had been rescheduled.

Later that day, Shay found out what had happened. He tried to log on
to his e-mail server three times, but discovered his password had been
changed. He also saw that the class Web page had been accessed and
edited to indicate the exam was rescheduled.

With the help of the department's computer technician, Shay gained
access to his account. But when he tried to correct the Web page, he
found a code had been installed that changed it back to the altered
version. The code eventually was disabled.

Shay contacted the students, told them what happened and said the exam
still would be Oct. 7.

He also contacted university police, who determined Shay's account was
accessed from a Comcast account in the 100 block of Main St.

Then, on Oct. 19, Shay told police he received an anonymous letter
that identified Simpson as the hacker and explained how he did it.

"He obtained your password by running a program on his laptop during
class that picks up keystrokes on linked computers," the letter said.  
"He linked his laptop to yours wirelessly and undetected during class
and obtained your password while you were typing it."

The letter also said Simpson, who was arrested last year, used a
wireless network in the 100 block of Main St.

Police said Simpson took a laptop to a restaurant and used a wireless
network belonging to residents living above the business. This made it
harder to trace the hacking, police said.

The case occurred during what computer experts call the worst year
ever for known computer-security breaches. At least 130 were reported,
exposing more than 55 million Americans to potential identity theft.

It is difficult to measure the actual number of break-ins, however,
since many companies are unaware they were hacked. Those that
disclosed breaches include Marriott International, Ford Motor Co. and
Sam's Club.

USA Today contributed to this article.
Copyright  2006, The News Journal.

InfoSec News v2.0 - Coming Soon! 

This archive was generated by hypermail 2.1.3 : Mon Jan 09 2006 - 22:46:22 PST