Two former University of Central Missouri students have been charged with hacking university databases, stealing confidential information, and attempting to sell it for profit.
Joseph Camp and Daniel Fowler were indicted by a federal grand jury. They allegedly created a computer virus and spread it through email attachments and USB flash drives.
They breached the personal data of about 90,000 UCM students, faculty, staff, and alumni. Camp and Fowler then tried to sell the information for $35,000.
The seven-count indictment also charges them with attempting to steal university funds and using Facebook accounts to threaten potential witnesses. The charges could result in prison sentences of between two and ten years.
According to a Computerworld report, "The duo used Fowler's room as their base and, over a three-month period between October and December 2009, broke into numerous university databases and computers, including one belonging to a university administrator." Both were enrolled in the school at the time of the attacks.
This case highlights the need for data-leak prevention measures, such as tight email security with anti-spam filters to protect against malware infections.
U.S. Attorney Beth Phillips praised the university's data-leak prevention measures that allowed it to "thwart" the pair from profiting from the scheme, according to the Kansas City Star.
Camp and Fowler monitored systems infected with their virus, recorded keystrokes, stole data, and could even control a computer's webcam.
In one instance, they reportedly hacked a residence hall director's credentials to transfer university funds into their student accounts. They did this on 30 occasions, with transfer amounts ranging from $50 to $4,300, according to the federal indictment.
Many of the pair's hacks occurred over the 2009 Thanksgiving holiday break in an attempt to avoid detection.
Authorities arrested Camp in New York after recording conversations he had with someone identified only as T.S., the person to whom the pair was trying to sell the stolen information. When arrested, Camp had four Excel spreadsheets containing the breached information.
Companies and organizations must constantly be vigilant against sophisticated attacks, such as the one in the UCM case, which combined thumb drives and email attacks. According to a recent data protection trends report, an email solutions vendor predicts such blended attacks will become more common in 2011.