Computer Science Grad Convicted Of Hacking Into Texas A&M

The alumnus faces five years for embedding malware in the university's system that stole data on 133,000 students and employees.
An alumnus of Texas A&M University was convicted of hacking into the school's computer system and stealing 133,000 Net ID's and passwords from students and employees.

Luis Castillo, 23, admitted to breaking into the system and embedding malicious code that gathered and transferred the information to a file where he could easily retrieve it. He was found guilty of recklessly gaining unauthorized access and causing damage to the Texas A&M domain controller.

The man, who graduated with a bachelor's degree in computer science in December 2006, faces a maximum of five years imprisonment and a $250,000 fine. He is set to be sentenced on Dec. 10.

"We appreciate the FBI's commitment to investigating this type of crime," said Dr. Pierce Cantrell, VP and associate provost for information technology at Texas A&M University, in a written statement. "Such action and results should certainly serve as a deterrent to anyone else who might be contemplating such activities."

The FBI reported that on Feb. 28, Texas A&M technicians discovered that the domain controller of its virtual private network -- code named Ajax -- had suffered multiple unauthorized computer intrusion incidents. The school called in the FBI to investigate the breach.

Agents discovered that in mid-February, Castillo logged onto the university's VPN using his own ID and password from a wireless account located at an apartment in Oregon where he was living, according to an FBI advisory. After that, Castillo continued to try to breach a core part of the system until he successfully accessed the Ajax machine on Feb. 24. Once in, the FBI said, he embedded malware into the university's computer system that would gather and move the Net IDs and passwords into a temporary file that he could easily access.

The FBI noted that he stole data on 133,000 people.

Texas A&M reported to the court that the school spent $67,000 in its efforts to protect students and employees from the illegal or fraudulent use of their stolen information.

Editor's Choice
John Edwards, Technology Journalist & Author
Carrie Pallardy, Contributing Reporter
Alan Brill, Senior Managing Director, Cyber Risk, Kroll
John Bennett, Global Head of Government Affairs, Cyber Risk, Kroll
Sponsored by Lookout, Sundaram Lakshmanan, Chief Technology Officer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Richard Pallardy, Freelance Writer
Sponsored by Lookout, Sundaram Lakshmanan, Chief Technology Officer
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing