Two former University of Central Missouri students have been charged with hacking university databases, stealing and trying to profit from the sale of confidential information.

Joseph Camp and Daniel Fowler were both indicted by a federal grand jury. The pair allegedly developed a computer virus and distributed it through email attachments and USB flash drives.
The Hacker News
In all, they breached the personal data of about 90,000 UCM students, faculty, staff and alumni. Camp and Fowler then tried to sell the information for $35,000.

The seven-count indictment also charges them with trying to steal university funds and using Facebook accounts to threaten potential witnesses. The charges carry possible prison sentences of between two and 10 years.

"The duo used Fowler's room as their base and over a three-month period between October and December 2009 broke into numerous university databases and computers - including one belonging to a university administrator," according to a Computerworld report. Both were enrolled in the school at the time of the attacks.

For companies and organizations, the case highlights the need for data-leak prevention measures, such as tight email security that includes an anti-spam filter to help protect against a malware infection.

According to the Kansas City Star, U.S. Attorney Beth Phillips has praised the university's data-leak prevention measures that allowed it to "thwart" the pair from profiting from the scheme.

Camp and Fowler monitored systems infected with their virus, recorded keystrokes, stole data and could even control a computer's webcam.

In one instance, they reportedly hacked a residence hall director's credentials to transfer university funds into their student accounts, according to Computerworld. They did this on 30 occasions with transfer amounts ranging from $50 to $4,300, according to the federal indictment.

Many of the pair's hacks were perpetrated over the 2009 Thanksgiving holiday break in an attempt to avoid detection.

Authorities arrested Camp in New York after recording conversations he had with someone identified only as T.S., the person the pair were trying to sell the stolen information to. When he was arrested, Camp had four Excel spreadsheets that contained the breached information.

Companies and organizations have to constantly be on the lookout for sophisticated attacks, such as the one in the UCM case that combined thumb drives and email attacks. According to a recent data protection trends report, an email solutions vendor predicts such blended attacks will be more common in 2011.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.