Suspected hacker faces four counts of fraud
The former University of Texas (UT) student charged with stealing 55,200 UT students' and employees' personal information was indicted Wednesday on four counts of fraud. Christopher Andrew Phillips waited more than a year for federal prosecutors to secure the indictment. He is accused of hacking into a UT database in spring 2003, downloading names and Social Security numbers and crippling UT Web functions. One official had characterized it as the University's worst online information theft to date. The University paid $122,000 to respond to the security breach and assess damages, according to the indictment. It spent $45,000 to identify and inform those whose information was stolen. While the fraud counts concern this well-publicized breach, the indictment also blames Phillips for other intrusions: In January, February and April of 2002, he tried to hack in and was stopped by UT Information Technology Services. Each time, ITS warned him not to try again. The indictment also claims Phillips downloaded biographical data from a genealogical Web site in the fall of 2002. The next January, it claims, he built the program that eventually would breach the UT database called TXClass. The database records UT employees' training. The indictment also states that Phillips' computer contained others' bank account, financial aid and credit card information. Phillips is charged with one count of fraud with computers, one count with "identification documents, authentication features and information," and two counts with access devices. Each of these can be punished through fines or prison time. A federal judge ordered in October that an indictment had to be returned this week. The case had been assigned to three different prosecutors and three different judges. Phillips hasn't entered a plea - both sides were involved in plea negotiations in October - but he turned himself into authorities in March of 2003. UT officials said last fall they had mailed letters to 45,000 of 55,200 people who were affected. Neither Phillips' lawyer nor the vice president for ITS could be reached Wednesday afternoon. Phillips' UT directory information is restricted, but the indictment says he was enrolled from fall 2001 through spring 2003. The U.S. Attorney's office, which is prosecuting the case, generally does not comment on indictments, a spokeswoman said. Indictment's timeline * Jan. 30, 2002: Christopher Andrew Phillips tries to break into a UT computer system. Information Technology Services finds out and warns him not to try again. * Feb. 15, 2002: Phillips makes another attempt, is warned again. * April 8, 2002: Phillips tries to break in a third time, receives another warning. * March 3, 2003: Phillips has downloaded 55,200 individuals' names and Social Security numbers from a UT database. * March 5, 2003: Secret Service agents attempt to arrest Phillips. He turns himself in.
Reproduced from an article published by Daily Texan
© Daily Texan
The original article can be viewed here:
http://www.dailytexanonline.com/news/2004/11/04/TopStories/Suspected.Hacker...
Permalink Bookmark Digg this story
