0 Members and 1 Guest are viewing this topic.
A whitehat hacker from the Baltimore suburbs went too far in his effort to drive home a point about a security vulnerability he reported to a client. Now he’s unemployed and telling all on reddit.David Helkowski was working for Canton Group, a Baltimore-based software consulting firm on a project for the University of Maryland (UMD), when he claims he found malware on the university’s servers that could be used to gain access to personal data of students and faculty. But he says his employer and the university failed to take action on the report, and the vulnerability remained in place even after a data breach exposed more than 300,000 students’ and former students’ Social Security numbers.As Helkowski said to a co-worker in Steam chat, “I got tired of being ignored, so I forced their hand.” He penetrated the university’s network from home, working over multiple VPNs, and downloaded the personal data of members of the university’s security task force. He then posted the data to Pastebin and e-mailed the members of the task force anonymously on March 15.,,...In a March 20 staff memo published by the University of Maryland from Ann G. Wiley, UMD’s interim vice president and chief information officer, Wiley wrote, “The FBI has informed the University that the intrusion resulted in no public release of any information and no damage to the institution, except for the release of personal data of one senior University official, who has been notified. We are unable to comment further on the intrusion at this time."