http://www.nctimes.com/articles/2006/03/14/news/sandiego/19_49_343_13_06.txt By: North County Times News Service March 13, 2006 SAN DIEGO - A young man who was 17 when he hacked into the computer network at San Diego State University and compromised operations pleaded guilty Monday to federal charges. The defendant, who was not identified because he was a juvenile at the time of the offense, was immediately sentenced by U.S. District Judge Napoleon Jones Jr. to three years probation and ordered to pay $20,735 in restitution. "This young man has now learned the hard way that the Internet does not give anyone immunity from criminal prosecution and conviction," said U.S. Attorney Carol Lam. The defendant admitted knowingly and intentionally accessing various legally protected computers in the SDSU network and recklessly causing damage to those computers. Assistant U.S. Attorney Mitch Dembin said the defendant admitted that on Dec. 24, 2003, he scanned the university network looking for vulnerable computers and happened upon one in the Drama Department. He uploaded a variety of software tools and utilities to that computer for use in ferreting out other vulnerable computers within the SDSU network, cracking passwords and obtaining administrative privileges, Dembin said. Over the next several hours, the defendant located and compromised at least seven additional computers, including the Financial Services and Housing Department systems, according to Dembin. In mid-January 2004, the defendant uploaded a program to the Financial Services and Housing Department computers that would allow him to store, share and distribute music and software, including pirated video games, Dembin said. He said the computer breach was discovered on Feb. 24, 2004, when complaints were received from individuals who were getting unsolicited electronic mail originating from the Financial Services computer. That led to a full investigation by SDSU that revealed the larger scope of the hacker's work, according to Dembin. He said SDSU spent more than $20,000 investigating the extent of the compromise and repairing and restoring the damaged computers. The university also had to notify individuals whose personal information was located on the Financial Services computer that their data may have been accessed. The prosecutor said there is no evidence, however, that any data stored on the Financial Services computer was downloaded or used for identity theft. Steve Harshaw, an SDSU police detective, was involved in the case. "Without the assistance from San Diego State's Information Security Office, it would have been extremely difficult to track down this criminal," he said. "We're very happy that an arrest was made, especially in light of how difficult investigations into this type of crime can be." _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Mar 15 2006 - 00:45:13 PST