LAWFUEL – Computer Law News – A San Diego man pleaded guilty this afternoon to hacking into a computer system at the University of Southern California and accessing confidential information submitted by students applying to the school.
Eric McCarty, 24, pleaded guilty to the felony count in United States District Court in Los Angeles. By pleading guilty, McCarty admitted that he intentionally accessed, without authorization, the protected computer system maintained by USC, and as a result recklessly caused damage to USC’s on-line application system.
According to the plea agreement, McCarty admitted that in June 2005, he bypassed the login authentication to the on-line application system using a “SQL injection attack.” After hacking into the system, he accessed and downloaded applicants’ records, which included names, addresses, dates of birth, social security numbers and applicant website passwords. A forensic examination of McCarty’s computers seized from his residence pursuant to a federal search warrant revealed among other things, files containing SQL injection attack codes and the user names, passwords and social security numbers from seven individuals in the USC applicant database.
McCarty admitted that, following the intrusion, he created a new Google gmail account in an alias name at “[email protected]” which he used to send email messages to a reporter at securityfocus.com, describing the hack and attaching to that message a copy of some of the records he had obtained from the database.
Shortly after the intrusion, defendant posted a comment on his “blog page” entitled “USC GOT HACKED,” where he admitted that “USC Got Hacked, I was involved, I’m sorry, my bad, so all the hot USC Girls, I got your phone number ladies, if your name is Amanda, Allison, Amy or Anita, expect a call any day now…” According to court documents, defendant indicated that he was unhappy with USC for not admitting him to the university.
As a result of the intrusion, the USC applicant website and SQL database were shut down and remained off-line for over ten days in order to allow for investigation of the intrusion which resulted in USC incurring considerable expense along with disruption to applicants. Moreover in compliance with California law, USC had to notify by letter all individuals whose data was contained on the admissions database.
McCarty pleaded guilty today before United States District Judge Percy Anderson, who is scheduled to sentence him on December 4, 2006, at 8:30 a.m. The case against McCarty is the result of an investigation by the Federal Bureau of Investigation.
CONTACT: Assistant United States Attorney Michael C. Zweiback
Cyber and Intellectual Property Crimes Section