BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Uni president targeted in brazen attack

From: security curmudgeon <jericho () attrition org>
Date: Wed, 22 Jun 2011 23:57:55 -0500 (CDT)

http://www.theregister.co.uk/2011/06/23/computer_hacking_guilty_plea/

Uni president targeted in brazen attack
By Dan Goodin in San Francisco
Posted in Malware, 23rd June 2011

A former college student has admitted taking part in a criminal scheme 
that used malware to steal and sell large databases of faculty and alumni, 
change grades, and siphon funds from other students' accounts.

Daniel J. Fowler, 21, of Kansas City, Missouri, pleaded guilty in federal 
court there to computer hacking conspiracy and computer intrusion, 
according to prosecutors. Charges against Fowler's alleged accomplice, 
27-year-old Joseph A. Camp, are pending, according to court documents, 
which indicate his trial is scheduled for October 24. Camp has pleaded not 
guilty to the charges.

According to an indictment filed in November, Fowler and Camp developed 
malware and installed it on the computers of students, faculty and staff 
at the University of Central Missouri using a variety of strategies. Ruses 
included the offer to show vacation photos contained on a thumb drive and 
manually installing it on public PCs. The malware contained a backdoor 
that allowed them to capture passwords used to access restricted parts of 
the university network and to spy on computer users through their webcams.

Prosecutors said the duo managed to install the malware on at least one 
university administrator's computer and also succeeded in stealing the 
login credentials of a residence hall director. Eventually, they used 
their unauthorized access to conduct fraudulent financial transactions in 
which they transferred funds into accounts they controlled. They also 
attempted to sell a database of personal information they stole, according 
to court documents.

[..]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: