[ISN] San Diego hacker sentenced to 6 months of home detention

From: InfoSec News (alerts@private)
Date: Thu Dec 21 2006 - 22:10:35 PST


By Matt Krasnowski
December 21, 2006

LOS ANGELES - A San Diego man was sentenced to six months home detention 
under electronic monitoring Thursday for hacking into the University of 
Southern California's application system.

Calling 25-year-old Eric McCarty's actions reckless, U.S. District Judge 
Percy Anderson imposed the sentence as part of a three-year probation 
term. McCarty, who lost his job in September as a computer analyst after 
he pleaded guilty to accessing a protected computer, was also ordered to 
pay USC $36,761 in restitution.

The June 2005 breach of USC's online student application system caused 
the university to shut down the site for 10 days.

After his sentencing, McCarty's lawyers said he hacked the system to 
draw attention to flaws in USC's security and boasted about it to gain 
street cred among people interested in computer security.

McCarty gained nothing financially, but his actions forced USC to 
improve its computer security, which was so flimsy a 9-year-old with an 
Internet search engine could access it, said lawyer Valerio Romano.

Assistant U.S. Attorney Michael Zweiback likened McCarty's defense to a 
home burglar blaming a faulty door lock for his break-in. He noted that 
in court it was revealed that McCarty was involved in other hacking 

McCarty is just a glory hacker, Zweiback said. He was looking to 
infiltrate the university's system and then bragged about it to every 
person he could find.

Prosecutors said that the USC database contained information such as 
birth dates and Social Security numbers of roughly 275,000 applicants 
dating back to 1997. Information obtained on McCarty's home computer 
indicated he accessed information on just seven people.

Using a pseudonym, McCarty reported hacking the USC system to 
Securityfocus.com, a Web site forum for computer security news.

He also posted a comment on a Web log that stated, USC Got Hacked, I was 
involved, I'm sorry, my bad, so all the hot USC girls, I got your phone 
number ladies, if your name is Amanda, Allison, Amy or Anita, expect a 
call any day now.

Earlier this month, it was revealed that the University of California at 
Los Angeles' central database, containing information on 800,000 people, 
had been hacked in October 2005 and in November.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Thu Dec 21 2006 - 22:25:35 PST