Man charged with hacking USC database

A 25-year-old San Diego man has been charged with hacking into the University of Southern California's online application system and nabbing personal data from prospective students.

On Monday, the U.S. Attorney's Office in Los Angeles filed a criminal complaint against Eric McCarty, a network administrator, for allegedly exploiting a vulnerability in a USC database that hosts and stores student applications. Officially, he's charged with "intentionally transmitting a code or command to cause damage to the USC online application system," according to the U.S. Attorney's office.

Michael Zweiback, an assistant U.S. attorney in the cybercrimes and intellectual property unit, said that the case reflects a growing trend among hackers.

"Universities are becoming bigger and bigger targets to the hacker community because they are large institutions...and hackers always want to see if they can beat the technical people on the other side," Zweiback said.

According to the complaint, McCarty allegedly used his home computer on June 17 last year to hack into a password-protected USC database. It contained data on more than 275,000 applicants from 1997 through that time, including Social Security numbers and birthdates. USC shut down the Web site on June 21 after learning about the hack from SecurityFocus. The site was offline for two weeks.

The FBI, which investigated the breach, found McCarty through the Internet Protocol number on his home computer.

McCarty faces up to 10 years in federal prison if convicted of computer hacking. He is scheduled to appear in Los Angeles District Court on April 28.

[yrrahxob]

No Damage Done

IMHO, The school should thank him for showing them the vulnerability of their database and hire him as a security tech.

[TransplantGuy]

Boy, if that isn't trolling...

Now there's a subject that's bound to excite folks. How do you know there was no harm done? I'd be concerned if I'd applied to that school within the time frame mentioned. And what was the intent of the guy?<br /><br />He broke the law, which was enacted for this reason. Suppose he'd hacked into your PC; he could have stolen personal data, and you'd never know it until the credit card statements came...<br /><br />I doubt many wanted to put Willie Sutton in charge of the Federal Reserve, either!

[teeger]

hire him because he broke into the system???

this logic doesn't make sense. so if you need a job, you should <br />hack into some institution's system, get caught, so that they'll hire <br />you to help them plug the holes?<br /><br />another example: a burglar breaks into your home and steals and <br />damage your property, and he's caught, so you would hire him as a <br />security consultant to protect your home?

[teeger]

hire him because he broke into the system???

this logic doesn't make sense. so if you need a job, you should <br />hack into some institution's system, get caught, so that they'll <br />hire you to help them plug the holes?<br /><br />another example: a burglar breaks into your home and steals <br />and damage your property, and he's caught, you thank him for <br />showing you the vulnerability of your home and you hire him as <br />a security consultant to protect your home. no one in their right <br />mind is going to do this. instead they would hire a legitimate <br />security consultant to identify security holes. perhaps the school <br />already has such a consultant, but the hacker beat the <br />consultant in identifying the security hole. who knows.

[yrrahxob]

No Damage Done

IMHO, The school should thank him for showing them the vulnerability of their database and hire him as a security tech.

[TransplantGuy]

Boy, if that isn't trolling...

Now there's a subject that's bound to excite folks. How do you know there was no harm done? I'd be concerned if I'd applied to that school within the time frame mentioned. And what was the intent of the guy?<br /><br />He broke the law, which was enacted for this reason. Suppose he'd hacked into your PC; he could have stolen personal data, and you'd never know it until the credit card statements came...<br /><br />I doubt many wanted to put Willie Sutton in charge of the Federal Reserve, either!

[teeger]

hire him because he broke into the system???

this logic doesn't make sense. so if you need a job, you should <br />hack into some institution's system, get caught, so that they'll hire <br />you to help them plug the holes?<br /><br />another example: a burglar breaks into your home and steals and <br />damage your property, and he's caught, so you would hire him as a <br />security consultant to protect your home?

[teeger]

hire him because he broke into the system???

this logic doesn't make sense. so if you need a job, you should <br />hack into some institution's system, get caught, so that they'll <br />hire you to help them plug the holes?<br /><br />another example: a burglar breaks into your home and steals <br />and damage your property, and he's caught, you thank him for <br />showing you the vulnerability of your home and you hire him as <br />a security consultant to protect your home. no one in their right <br />mind is going to do this. instead they would hire a legitimate <br />security consultant to identify security holes. perhaps the school <br />already has such a consultant, but the hacker beat the <br />consultant in identifying the security hole. who knows.

[JoeCrow]

One Word

www.qualys.com

[JoeCrow]

One Word

www.qualys.com

[Johnny Mnemonic]

Computer Hacking??!!

I didn't realize hacking was a crime!!! If that's <br />the case, we should shut down the entire computer<br />industry as hacking is the only way to solve a<br />problem sometimes. Did you mean cracking or <br />computer theft, perhaps even malicious computer<br />hacking? The entire Windows networking stack is<br />considered a hack. That is not a complement.

[booboo1243]

Head out of ass

Indeed, the media needs to get their head out of their ***** and start using the corrent terms. The crackheads who write these articles probably dont know the differences.

[Johnny Mnemonic]

Computer Hacking??!!

I didn't realize hacking was a crime!!! If that's <br />the case, we should shut down the entire computer<br />industry as hacking is the only way to solve a<br />problem sometimes. Did you mean cracking or <br />computer theft, perhaps even malicious computer<br />hacking? The entire Windows networking stack is<br />considered a hack. That is not a complement.

[booboo1243]

Head out of ass

Indeed, the media needs to get their head out of their ***** and start using the corrent terms. The crackheads who write these articles probably dont know the differences.

[209979377489953107664053243186]

colleges need to think like a business

Universities need to start thinking like savvy businesses today, and institute smarter security practices. There are too many news incidents involving breaches and hacks into collegiate databases and email. All those security statistics out there apply - educational institutions need to be equally aware. <a class="jive-link-external" href="http://www.essentialsecurity.com/educationalfacts.htm" target="_newWindow">http://www.essentialsecurity.com/educationalfacts.htm</a>

[209979377489953107664053243186]

colleges need to think like a business

Universities need to start thinking like savvy businesses today, and institute smarter security practices. There are too many news incidents involving breaches and hacks into collegiate databases and email. All those security statistics out there apply - educational institutions need to be equally aware. <a class="jive-link-external" href="http://www.essentialsecurity.com/educationalfacts.htm" target="_newWindow">http://www.essentialsecurity.com/educationalfacts.htm</a>

[Johnny Mnemonic]

FOR THE LAST TIME!

A "Computer Hack" is a quickie solution to a<br />particular problem that has not gone through the<br />traditional requirements-design-code-test cycle<br />that is traditionally considered proper software<br />engineering. A "Hack" can be good or bad depending<br />on your perspective. Malicious computer hacks are<br />simply quickly coded software to break into a system<br />or even cause damage. There are professionally<br />designed tools that are used in computer intrusion<br />attempts like "nmap" which are not "hacks". A<br />hack and hacker's are simply a way to describe<br />quickie solutions or conversely problem solvers<br />that by a media misrepresentation is associated<br />with malicious computer activity. Conversely, a<br />professionally-designed software application sole<br />purpose could be malicious and in this case it<br />is not a "hack", rather it is considered malware<br />or virus, etc. Many applications and even operating<br />systems start off as hacks and evolve into well<br />designed software applications.

[Andrew J Glina]

Hacking

You are right, the words "hack" and "hacker" do not have universally accepted meanings. Personally I prefer hacker==neutral and cracker==bad, but I am biased though as I am a software developer and to me "Crackers" make "Cracks" and are thus the enemy! Others prefer the whole White/Grey/Black hat thing. If you look at...<br /><br /><a class="jive-link-external" href="http://en.wikipedia.org/wiki/Talk:Hacker" target="_newWindow">http://en.wikipedia.org/wiki/Talk:Hacker</a><br /><br />...you will see a good example of the lack of agreement. Even so, I wish CNET, and most news sites, would not use the term "hacker" without clarification.

[Johnny Mnemonic]

FOR THE LAST TIME!

A "Computer Hack" is a quickie solution to a<br />particular problem that has not gone through the<br />traditional requirements-design-code-test cycle<br />that is traditionally considered proper software<br />engineering. A "Hack" can be good or bad depending<br />on your perspective. Malicious computer hacks are<br />simply quickly coded software to break into a system<br />or even cause damage. There are professionally<br />designed tools that are used in computer intrusion<br />attempts like "nmap" which are not "hacks". A<br />hack and hacker's are simply a way to describe<br />quickie solutions or conversely problem solvers<br />that by a media misrepresentation is associated<br />with malicious computer activity. Conversely, a<br />professionally-designed software application sole<br />purpose could be malicious and in this case it<br />is not a "hack", rather it is considered malware<br />or virus, etc. Many applications and even operating<br />systems start off as hacks and evolve into well<br />designed software applications.

[Andrew J Glina]

Hacking

You are right, the words "hack" and "hacker" do not have universally accepted meanings. Personally I prefer hacker==neutral and cracker==bad, but I am biased though as I am a software developer and to me "Crackers" make "Cracks" and are thus the enemy! Others prefer the whole White/Grey/Black hat thing. If you look at...<br /><br /><a class="jive-link-external" href="http://en.wikipedia.org/wiki/Talk:Hacker" target="_newWindow">http://en.wikipedia.org/wiki/Talk:Hacker</a><br /><br />...you will see a good example of the lack of agreement. Even so, I wish CNET, and most news sites, would not use the term "hacker" without clarification.

[blah0]

it really annoys me sometimes when i read stuff like this.<br />why are you coders so hung up on the word hacker.<br />does it really matter cracker/hacker?<br />because you all like to be able to say when someone asks you what you do and you say i am a HACKER but you dont cos of the criminal link to that word.<br />grow up and get your ego's in check!!<br /><br />another thing, i hear stuff like oh cracking is illegal blah, blah blah.<br />so lock them up and throw away the key.<br />but when a police officer hits someone, oh the guy was a scum bag and the copper was doing his job.<br />your missing the god damn point. ITS AGAINST THE LAW.<br />are you all saying that one can choose when and where to break the law but paradoxically speaking its not breaking the law.<br />its ok for the royal family to kill lady di. you all turn a blind eye to that. cos they are rich and powerful<br />i could go on and on and on<br /><br />like the mentor said<br />We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.<br /><br />sought it out and get your heads from out of your *****.<br />please your attitudes are out dated and stop being lambs and start becoming self thinking human beings and be more aware of the world and how its changing.<br />btw, its the rich and powerful that are gonna put us one day on the brink of ww3. near AnnihilatioN of humans yet we are the criminals<br />you lot make me sick