From Spam Daily News
A young man who was 17 when he hacked into the computer network at San Diego State University and compromised operations pleaded guilty Monday to federal charges and was immediately sentenced by U.S. District Judge Napoleon Jones Jr. to three years federal probation and ordered to pay $20,735 in restitution.
"This young man has now learned the hard way that the Internet does not give anyone immunity from criminal prosecution and conviction," said U.S. Attorney Carol Lam.
The defendant, who was not identified because he was a juvenile at the time of the offense, admitted knowingly and intentionally accessing various legally protected computers in the SDSU network and recklessly causing damage to those computers.
Assistant U.S. Attorney Mitch Dembin said the defendant admitted that on Dec. 24, 2003, he scanned the University network looking for vulnerable computers and happened upon one in the Drama Department.
He uploaded a variety of software tools and utilities to that computer for use in ferreting out other vulnerable computers within the SDSU network, cracking passwords and obtaining administrative privileges, Dembin said.
Over the next several hours, the defendant located and compromised at least seven additional computers, including the Financial Services and Housing Department systems, according to Dembin.
In mid-January 2004, the defendant uploaded a program to the Financial Services and Housing Department computers that would allow him to store, share and distribute music and software, including pirated video games, Dembin said.
He said the computer breach was discovered on Feb. 24, 2004, when complaints were received from individuals who were getting unsolicited electronic mail originating from the Financial Services computer.
That led to a full investigation by SDSU that revealed the larger scope of the hacker's work, according to Dembin.
The hacker circumvented University computer security to access a server in the Office of Financial Aid and Scholarships. The compromised server contained names and Social Security numbers, but the intruder did not has access to aid application or award data.
The server contained information on current, former and prospective students who sent in aid applications or related material, as well as many current and former employees. The vast majority of individuals being notified are ones that provided this information since fall
1998.SDSU notified more than 178,000 individuals to be on alert, stated a March 16 press release from SDSU Marketing and Communications.
Dembin said SDSU spent more than $20,000 investigating the extent of the compromise and repairing and restoring the damaged computers.
The prosecutor said there is no evidence, however, that any data stored on the Financial Services computer was downloaded or used for identity theft.
San Diego State University is the oldest and largest institution of higher education in the San Diego region. Founded in 1897, SDSU offers bachelor's degrees in 79 areas, master's degrees in 67 and doctorates in 14. SDSU's nearly 34,000 students participate in academic curricula distinguished by direct contact with faculty and an increasing international emphasis.
SOURCE: Fox News; San Diego State University