From Spam Daily News
A young man who was 17 when he hacked into the computer network at San
Diego State University and compromised operations pleaded guilty
Monday to federal charges and was immediately sentenced by
U.S. District Judge Napoleon Jones Jr. to three years federal
probation and ordered to pay $20,735 in restitution.
"This young man has now learned the hard way that the Internet does
not give anyone immunity from criminal prosecution and conviction,"
said U.S. Attorney Carol Lam.
The defendant, who was not identified because he was a juvenile at the
time of the offense, admitted knowingly and intentionally accessing
various legally protected computers in the SDSU network and recklessly
causing damage to those computers.
Assistant U.S. Attorney Mitch Dembin said the defendant admitted that
on Dec. 24, 2003, he scanned the University network looking for
vulnerable computers and happened upon one in the Drama Department.
He uploaded a variety of software tools and utilities to that computer
for use in ferreting out other vulnerable computers within the SDSU
network, cracking passwords and obtaining administrative privileges,
Dembin said.
Over the next several hours, the defendant located and compromised at
least seven additional computers, including the Financial Services and
Housing Department systems, according to Dembin.
In mid-January 2004, the defendant uploaded a program to the Financial
Services and Housing Department computers that would allow him to
store, share and distribute music and software, including pirated
video games, Dembin said.
He said the computer breach was discovered on Feb. 24, 2004, when
complaints were received from individuals who were getting unsolicited
electronic mail originating from the Financial Services computer.
That led to a full investigation by SDSU that revealed the larger
scope of the hacker's work, according to Dembin.
The hacker circumvented University computer security to access a
server in the Office of Financial Aid and Scholarships. The
compromised server contained names and Social Security numbers, but
the intruder did not has access to aid application or award data.
The server contained information on current, former and prospective
students who sent in aid applications or related material, as well as
many current and former employees. The vast majority of individuals
being notified are ones that provided this information since fall
1998.
SDSU notified more than 178,000 individuals to be on alert, stated a
March 16 press release from SDSU Marketing and Communications.
Dembin said SDSU spent more than $20,000 investigating the extent of
the compromise and repairing and restoring the damaged computers.
The prosecutor said there is no evidence, however, that any data
stored on the Financial Services computer was downloaded or used for
identity theft.
San Diego State University is the oldest and largest institution of
higher education in the San Diego region. Founded in 1897, SDSU offers
bachelor's degrees in 79 areas, master's degrees in 67 and doctorates
in 14. SDSU's nearly 34,000 students participate in academic
curricula distinguished by direct contact with faculty and an
increasing international emphasis.
SOURCE: Fox News; San Diego State University