Two former students of the University of Central Missouri have been indicted for hacking into university databases, unlawfully accessing confidential information, and attempting to monetize the data. The individuals, identified as Joseph Camp and Daniel Fowler, are facing significant legal repercussions following actions that allegedly compromised the personal information of approximately 90,000 individuals associated with the university, including students, staff, and alumni.
A federal grand jury issued the indictment against Camp and Fowler, who reportedly developed a computer virus and disseminated it via email attachments and USB drives. Their activities not only involved the exfiltration of sensitive information but also extended to efforts in selling this data for $35,000. In addition to data theft charges, the indictment includes allegations of attempted theft of university funds and using social media to intimidate potential witnesses.
According to a report from Computerworld, the pair utilized Fowler’s dormitory room as a base of operations. Over a troubling three-month period from October to December 2009, they executed unauthorized access to various databases and systems, even compromising an account belonging to a university administrator. Notably, both individuals were enrolled at the university during the execution of these attacks.
This incident underscores the urgent necessity for robust data-leak prevention strategies. Enhanced measures, such as comprehensive email security protocols with anti-spam filters, are crucial for mitigating risks from malware and other cyber threats. U.S. Attorney Beth Phillips emphasized the effectiveness of the university’s preventative measures in thwarting the hackers’ attempts to profit from their scheme, as reported by the Kansas City Star.
Throughout their hacking spree, Camp and Fowler monitored the systems compromised by their virus, which enabled them to record keystrokes, extract sensitive data, and even gain control over victims’ webcams. A particularly alarming aspect of their operation involved the unauthorized access to a residence hall director’s credentials, through which they allegedly executed multiple unauthorized transfers of university funds into their own accounts, totaling significant amounts over several occasions, with transactions ranging from $50 to $4,300.
Much of the illicit activity is reported to have occurred during the 2009 Thanksgiving holiday break, suggesting a calculated effort to evade detection. The situation escalated when authorities apprehended Camp in New York while he was engaged in discussions aimed at selling the stolen information. At the time of his arrest, law enforcement officials discovered four Excel spreadsheets containing the compromised data.
These developments serve as a critical reminder for organizations to remain vigilant against complex cyber threats, which increasingly manifest through sophisticated techniques, including the combination of physical devices like USB drives and digital tactics such as phishing. A recent data protection survey indicates that blended attacks of this nature are predicted to rise, underscoring the importance of continuous vigilance in cybersecurity approaches.