By Matt Krasnowski
COPLEY NEWS SERVICE
December 21, 2006
LOS ANGELES - A San Diego man was sentenced to six months home detention
under electronic monitoring Thursday for hacking into the University of
Southern California's application system.
Calling 25-year-old Eric McCarty's actions reckless, U.S. District Judge
Percy Anderson imposed the sentence as part of a three-year probation
term. McCarty, who lost his job in September as a computer analyst after
he pleaded guilty to accessing a protected computer, was also ordered to
pay USC $36,761 in restitution.
The June 2005 breach of USC's online student application system caused
the university to shut down the site for 10 days.
After his sentencing, McCarty's lawyers said he hacked the system to
draw attention to flaws in USC's security and boasted about it to gain
street cred among people interested in computer security.
McCarty gained nothing financially, but his actions forced USC to
improve its computer security, which was so flimsy a 9-year-old with an
Internet search engine could access it, said lawyer Valerio Romano.
Assistant U.S. Attorney Michael Zweiback likened McCarty's defense to a
home burglar blaming a faulty door lock for his break-in. He noted that
in court it was revealed that McCarty was involved in other hacking
McCarty is just a glory hacker, Zweiback said. He was looking to
infiltrate the university's system and then bragged about it to every
person he could find.
Prosecutors said that the USC database contained information such as
birth dates and Social Security numbers of roughly 275,000 applicants
dating back to 1997. Information obtained on McCarty's home computer
indicated he accessed information on just seven people.
Using a pseudonym, McCarty reported hacking the USC system to
Securityfocus.com, a Web site forum for computer security news.
He also posted a comment on a Web log that stated, USC Got Hacked, I was
involved, I'm sorry, my bad, so all the hot USC girls, I got your phone
number ladies, if your name is Amanda, Allison, Amy or Anita, expect a
call any day now.
Earlier this month, it was revealed that the University of California at
Los Angeles' central database, containing information on 800,000 people,
had been hacked in October 2005 and in November.
Subscribe to InfoSec News