http://www.delawareonline.com/apps/pbcs.dll/article?AID=/20060109/NEWS/601090322/-1/NEWS01 By ESTEBAN PARRA The News Journal 01/09/2006 A former University of Delaware student could face up to 36 years in prison on charges of hacking into a professor's computer to try to change an exam date. Marc J. Simpson, of Toms River, N.J., is accused of using a software program that could spy on other computers via a wireless connection. The software, court documents said, gave Simpson the ability to gain his professor's password as the instructor typed it during a class. But in the end, UD police said, the 20-year-old's scheme was undone by an anonymous tip delivered the old-fashioned way -- on a piece of paper. Simpson, who had been a computer engineering student, is charged with two counts each of identity theft, unauthorized access of a computer and misuse of computer system information. Simpson could not be reached, but his attorney, Mark D. Sisk, said his client is not guilty. UD spokesman Martin Mbugua said the school would not comment. The case is pending in Superior Court. According to court records, several of associate professor Michael Shay's students complained after he scheduled a physics exam for Oct. 7, the same date as an exam another professor was giving. They asked Shay to reschedule his exam, but he refused. A day before the test, however, students in the class received an e-mail from Shay's account telling them the exam had been rescheduled. Later that day, Shay found out what had happened. He tried to log on to his e-mail server three times, but discovered his password had been changed. He also saw that the class Web page had been accessed and edited to indicate the exam was rescheduled. With the help of the department's computer technician, Shay gained access to his account. But when he tried to correct the Web page, he found a code had been installed that changed it back to the altered version. The code eventually was disabled. Shay contacted the students, told them what happened and said the exam still would be Oct. 7. He also contacted university police, who determined Shay's account was accessed from a Comcast account in the 100 block of Main St. Then, on Oct. 19, Shay told police he received an anonymous letter that identified Simpson as the hacker and explained how he did it. "He obtained your password by running a program on his laptop during class that picks up keystrokes on linked computers," the letter said. "He linked his laptop to yours wirelessly and undetected during class and obtained your password while you were typing it." The letter also said Simpson, who was arrested last year, used a wireless network in the 100 block of Main St. Police said Simpson took a laptop to a restaurant and used a wireless network belonging to residents living above the business. This made it harder to trace the hacking, police said. The case occurred during what computer experts call the worst year ever for known computer-security breaches. At least 130 were reported, exposing more than 55 million Americans to potential identity theft. It is difficult to measure the actual number of break-ins, however, since many companies are unaware they were hacked. Those that disclosed breaches include Marriott International, Ford Motor Co. and Sam's Club. USA Today contributed to this article. Copyright © 2006, The News Journal. _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Jan 09 2006 - 22:46:22 PST