http://www.signonsandiego.com/news/metro/20061221-1738-cnshacker.html By Matt Krasnowski COPLEY NEWS SERVICE December 21, 2006 LOS ANGELES - A San Diego man was sentenced to six months home detention under electronic monitoring Thursday for hacking into the University of Southern California's application system. Calling 25-year-old Eric McCarty's actions reckless, U.S. District Judge Percy Anderson imposed the sentence as part of a three-year probation term. McCarty, who lost his job in September as a computer analyst after he pleaded guilty to accessing a protected computer, was also ordered to pay USC $36,761 in restitution. The June 2005 breach of USC's online student application system caused the university to shut down the site for 10 days. After his sentencing, McCarty's lawyers said he hacked the system to draw attention to flaws in USC's security and boasted about it to gain street cred among people interested in computer security. McCarty gained nothing financially, but his actions forced USC to improve its computer security, which was so flimsy a 9-year-old with an Internet search engine could access it, said lawyer Valerio Romano. Assistant U.S. Attorney Michael Zweiback likened McCarty's defense to a home burglar blaming a faulty door lock for his break-in. He noted that in court it was revealed that McCarty was involved in other hacking incidents. McCarty is just a glory hacker, Zweiback said. He was looking to infiltrate the university's system and then bragged about it to every person he could find. Prosecutors said that the USC database contained information such as birth dates and Social Security numbers of roughly 275,000 applicants dating back to 1997. Information obtained on McCarty's home computer indicated he accessed information on just seven people. Using a pseudonym, McCarty reported hacking the USC system to Securityfocus.com, a Web site forum for computer security news. He also posted a comment on a Web log that stated, USC Got Hacked, I was involved, I'm sorry, my bad, so all the hot USC girls, I got your phone number ladies, if your name is Amanda, Allison, Amy or Anita, expect a call any day now. Earlier this month, it was revealed that the University of California at Los Angeles' central database, containing information on 800,000 people, had been hacked in October 2005 and in November. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Dec 21 2006 - 22:25:35 PST