In the fall of 2009, University of Central Missouri students Joseph
Camp and Daniel Fowler were busy trying to improve their grades — not
through cramming for finals, but by hacking into the university’s
computer systems. In addition to bumping up their GPAs, they planned
to tap into university bank accounts and to harvest information about
faculty, staff and alumni in order to sell their identities to
interested buyers.
They may not have cracked books that semester, but they did crack into
the university’s databases fairly easily. According to an indictment
(via Courthouse News Service), the two co-ed hackers developed a virus
to infect the computers of fellow students and administrators. They
spread it by putting it on computers at public computer labs and in
the library, sending it out in emails, and putting it on thumb drives.
(In one case, an administrator let them plug their thumb drive into
his computer to share vacation photos.) The virus installed Spector
Pro and Poison Ivy keystroke software and gave Camp and Fowler remote
control over infected computers so that they could monitor people’s
activity, turn on webcams, read emails, and collect user names and
passwords from administrators that they were able to use to get into
relevant databases.
Unclear whether these skills came out of classes the two were taking
at UCM. The indictment doesn’t mention their majors at the university.
Soon Camp was transferring thousands of dollars, in small amounts,
from the university bank account into his own, and into the account of
another lucky/unlucky student who Camp hoped to frame for the crime.
He did it over Thanksgiving break of 2009, hoping that people wouldn’t
be paying attention. They were. Police arrested him on November 25th.
But that didn’t stop Fowler and Camp…
Despite their being savvy in the ways of surveillance and electronic
monitoring, Camp decided to post away on his Facebook page about the
charges. In December, Fowler and Camp tapped back into the network to
get a copy of the affidavit for a search warrant of Camp’s apartment
and to download databases with faculty, staff, alumni, and student
information.
Camp then posted portions of the affidavit to his Facebook page to try
to intimidate those who ratted him out, writing, ““I am very concerned
about anyone who lies to the police! Think I don’t know? I have the
papers now! I KNOW WHOs THE SNITCH!” and “I am not a fan of people who
lie to the police to get other innocent people in trouble. I will make
it a point to post anything that I find out here on facebook so that
you feel ashamed about l[y]ing to the police. I wont reda[ct]
anything. I will MAKE SURE that your name is posted with the lies you
told!”
After a little public witness intimidation on Facebook, Camp contacted
a potential buyer in New York for the University of Central Missouri
identities, not realizing that the purported identity thief was
actually an undercover agent. According to the indictment, Camp told
the agent that the university wouldn’t do anything about the
Thanksgiving hack, because it would embarrass the institution.
“The cops were dumb to bust us so quick,” said Camp, according to the
complaint. “If they knew the scope of this, they would have involved
the feds.”
No comments:
Post a Comment