April 20, 2006 4:52 PM PDT

Man charged with hacking USC database

A 25-year-old San Diego man has been charged with hacking into the University of Southern California's online application system and nabbing personal data from prospective students.

On Monday, the U.S. Attorney's Office in Los Angeles filed a criminal complaint against Eric McCarty, a network administrator, for allegedly exploiting a vulnerability in a USC database that hosts and stores student applications. Officially, he's charged with "intentionally transmitting a code or command to cause damage to the USC online application system," according to the U.S. Attorney's office.

Michael Zweiback, an assistant U.S. attorney in the cybercrimes and intellectual property unit, said that the case reflects a growing trend among hackers.

"Universities are becoming bigger and bigger targets to the hacker community because they are large institutions...and hackers always want to see if they can beat the technical people on the other side," Zweiback said.

According to the complaint, McCarty allegedly used his home computer on June 17 last year to hack into a password-protected USC database. It contained data on more than 275,000 applicants from 1997 through that time, including Social Security numbers and birthdates. USC shut down the Web site on June 21 after learning about the hack from SecurityFocus. The site was offline for two weeks.

The FBI, which investigated the breach, found McCarty through the Internet Protocol number on his home computer.

McCarty faces up to 10 years in federal prison if convicted of computer hacking. He is scheduled to appear in Los Angeles District Court on April 28.

See more CNET content tagged:
hacking, attorney, San Diego, intellectual property, Los Angeles

23 comments

Join the conversation!
Add your comment
No Damage Done
IMHO, The school should thank him for showing them the vulnerability of their database and hire him as a security tech.
Posted by yrrahxob (77 comments )
Reply Link Flag
Boy, if that isn't trolling...
Now there's a subject that's bound to excite folks. How do you know there was no harm done? I'd be concerned if I'd applied to that school within the time frame mentioned. And what was the intent of the guy?

He broke the law, which was enacted for this reason. Suppose he'd hacked into your PC; he could have stolen personal data, and you'd never know it until the credit card statements came...

I doubt many wanted to put Willie Sutton in charge of the Federal Reserve, either!
Posted by TransplantGuy (249 comments )
Link Flag
hire him because he broke into the system???
this logic doesn't make sense. so if you need a job, you should
hack into some institution's system, get caught, so that they'll hire
you to help them plug the holes?

another example: a burglar breaks into your home and steals and
damage your property, and he's caught, so you would hire him as a
security consultant to protect your home?
Posted by teeger (12 comments )
Link Flag
hire him because he broke into the system???
this logic doesn't make sense. so if you need a job, you should
hack into some institution's system, get caught, so that they'll
hire you to help them plug the holes?

another example: a burglar breaks into your home and steals
and damage your property, and he's caught, you thank him for
showing you the vulnerability of your home and you hire him as
a security consultant to protect your home. no one in their right
mind is going to do this. instead they would hire a legitimate
security consultant to identify security holes. perhaps the school
already has such a consultant, but the hacker beat the
consultant in identifying the security hole. who knows.
Posted by teeger (12 comments )
Link Flag
No Damage Done
IMHO, The school should thank him for showing them the vulnerability of their database and hire him as a security tech.
Posted by yrrahxob (77 comments )
Reply Link Flag
Boy, if that isn't trolling...
Now there's a subject that's bound to excite folks. How do you know there was no harm done? I'd be concerned if I'd applied to that school within the time frame mentioned. And what was the intent of the guy?

He broke the law, which was enacted for this reason. Suppose he'd hacked into your PC; he could have stolen personal data, and you'd never know it until the credit card statements came...

I doubt many wanted to put Willie Sutton in charge of the Federal Reserve, either!
Posted by TransplantGuy (249 comments )
Link Flag
hire him because he broke into the system???
this logic doesn't make sense. so if you need a job, you should
hack into some institution's system, get caught, so that they'll hire
you to help them plug the holes?

another example: a burglar breaks into your home and steals and
damage your property, and he's caught, so you would hire him as a
security consultant to protect your home?
Posted by teeger (12 comments )
Link Flag
hire him because he broke into the system???
this logic doesn't make sense. so if you need a job, you should
hack into some institution's system, get caught, so that they'll
hire you to help them plug the holes?

another example: a burglar breaks into your home and steals
and damage your property, and he's caught, you thank him for
showing you the vulnerability of your home and you hire him as
a security consultant to protect your home. no one in their right
mind is going to do this. instead they would hire a legitimate
security consultant to identify security holes. perhaps the school
already has such a consultant, but the hacker beat the
consultant in identifying the security hole. who knows.
Posted by teeger (12 comments )
Link Flag
One Word
www.qualys.com
Posted by JoeCrow (83 comments )
Reply Link Flag
One Word
www.qualys.com
Posted by JoeCrow (83 comments )
Reply Link Flag
Computer Hacking??!!
I didn't realize hacking was a crime!!! If that's
the case, we should shut down the entire computer
industry as hacking is the only way to solve a
problem sometimes. Did you mean cracking or
computer theft, perhaps even malicious computer
hacking? The entire Windows networking stack is
considered a hack. That is not a complement.
Posted by Johnny Mnemonic (374 comments )
Reply Link Flag
Head out of ass
Indeed, the media needs to get their head out of their ***** and start using the corrent terms. The crackheads who write these articles probably dont know the differences.
Posted by booboo1243 (328 comments )
Link Flag
Computer Hacking??!!
I didn't realize hacking was a crime!!! If that's
the case, we should shut down the entire computer
industry as hacking is the only way to solve a
problem sometimes. Did you mean cracking or
computer theft, perhaps even malicious computer
hacking? The entire Windows networking stack is
considered a hack. That is not a complement.
Posted by Johnny Mnemonic (374 comments )
Reply Link Flag
Head out of ass
Indeed, the media needs to get their head out of their ***** and start using the corrent terms. The crackheads who write these articles probably dont know the differences.
Posted by booboo1243 (328 comments )
Link Flag
colleges need to think like a business
Universities need to start thinking like savvy businesses today, and institute smarter security practices. There are too many news incidents involving breaches and hacks into collegiate databases and email. All those security statistics out there apply - educational institutions need to be equally aware. <a class="jive-link-external" href="http://www.essentialsecurity.com/educationalfacts.htm" target="_newWindow">http://www.essentialsecurity.com/educationalfacts.htm</a>
Posted by 209979377489953107664053243186 (71 comments )
Reply Link Flag
colleges need to think like a business
Universities need to start thinking like savvy businesses today, and institute smarter security practices. There are too many news incidents involving breaches and hacks into collegiate databases and email. All those security statistics out there apply - educational institutions need to be equally aware. <a class="jive-link-external" href="http://www.essentialsecurity.com/educationalfacts.htm" target="_newWindow">http://www.essentialsecurity.com/educationalfacts.htm</a>
Posted by 209979377489953107664053243186 (71 comments )
Reply Link Flag
FOR THE LAST TIME!
A "Computer Hack" is a quickie solution to a
particular problem that has not gone through the
traditional requirements-design-code-test cycle
that is traditionally considered proper software
engineering. A "Hack" can be good or bad depending
on your perspective. Malicious computer hacks are
simply quickly coded software to break into a system
or even cause damage. There are professionally
designed tools that are used in computer intrusion
attempts like "nmap" which are not "hacks". A
hack and hacker's are simply a way to describe
quickie solutions or conversely problem solvers
that by a media misrepresentation is associated
with malicious computer activity. Conversely, a
professionally-designed software application sole
purpose could be malicious and in this case it
is not a "hack", rather it is considered malware
or virus, etc. Many applications and even operating
systems start off as hacks and evolve into well
designed software applications.
Posted by Johnny Mnemonic (374 comments )
Reply Link Flag
Hacking
You are right, the words "hack" and "hacker" do not have universally accepted meanings. Personally I prefer hacker==neutral and cracker==bad, but I am biased though as I am a software developer and to me "Crackers" make "Cracks" and are thus the enemy! Others prefer the whole White/Grey/Black hat thing. If you look at...

<a class="jive-link-external" href="http://en.wikipedia.org/wiki/Talk:Hacker" target="_newWindow">http://en.wikipedia.org/wiki/Talk:Hacker</a>

...you will see a good example of the lack of agreement. Even so, I wish CNET, and most news sites, would not use the term "hacker" without clarification.
Posted by Andrew J Glina (1673 comments )
Link Flag
FOR THE LAST TIME!
A "Computer Hack" is a quickie solution to a
particular problem that has not gone through the
traditional requirements-design-code-test cycle
that is traditionally considered proper software
engineering. A "Hack" can be good or bad depending
on your perspective. Malicious computer hacks are
simply quickly coded software to break into a system
or even cause damage. There are professionally
designed tools that are used in computer intrusion
attempts like "nmap" which are not "hacks". A
hack and hacker's are simply a way to describe
quickie solutions or conversely problem solvers
that by a media misrepresentation is associated
with malicious computer activity. Conversely, a
professionally-designed software application sole
purpose could be malicious and in this case it
is not a "hack", rather it is considered malware
or virus, etc. Many applications and even operating
systems start off as hacks and evolve into well
designed software applications.
Posted by Johnny Mnemonic (374 comments )
Reply Link Flag
Hacking
You are right, the words "hack" and "hacker" do not have universally accepted meanings. Personally I prefer hacker==neutral and cracker==bad, but I am biased though as I am a software developer and to me "Crackers" make "Cracks" and are thus the enemy! Others prefer the whole White/Grey/Black hat thing. If you look at...

<a class="jive-link-external" href="http://en.wikipedia.org/wiki/Talk:Hacker" target="_newWindow">http://en.wikipedia.org/wiki/Talk:Hacker</a>

...you will see a good example of the lack of agreement. Even so, I wish CNET, and most news sites, would not use the term "hacker" without clarification.
Posted by Andrew J Glina (1673 comments )
Link Flag
it really annoys me sometimes when i read stuff like this.
why are you coders so hung up on the word hacker.
does it really matter cracker/hacker?
because you all like to be able to say when someone asks you what you do and you say i am a HACKER but you dont cos of the criminal link to that word.
grow up and get your ego's in check!!

another thing, i hear stuff like oh cracking is illegal blah, blah blah.
so lock them up and throw away the key.
but when a police officer hits someone, oh the guy was a scum bag and the copper was doing his job.
your missing the god damn point. ITS AGAINST THE LAW.
are you all saying that one can choose when and where to break the law but paradoxically speaking its not breaking the law.
its ok for the royal family to kill lady di. you all turn a blind eye to that. cos they are rich and powerful
i could go on and on and on

like the mentor said
We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

sought it out and get your heads from out of your *****.
please your attitudes are out dated and stop being lambs and start becoming self thinking human beings and be more aware of the world and how its changing.
btw, its the rich and powerful that are gonna put us one day on the brink of ww3. near AnnihilatioN of humans yet we are the criminals
you lot make me sick
Posted by blah0 (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.