4

Carleton hacker charged

Carleton student charged for allegedly hacking passwords, personal data


 

A 20-year-old Carleton University student was arrested and charged Thursday for allegedly hacking student passwords and personal data.

Ottawa police allege Mansour Moufid used software that covertly records a user’s keystrokes and another program that reads information from magnetic stripe cards.

With that software he allegedly revealed the passwords of 32 students, and retrieved data from student cards used to buy food and other items and to access campus residences.

Moufid is allegedly sent a 16-page document to university staff explaining what he did and how the school should upgrade its security, and then forwarded it to 37 other students days later.

Moufid is charged with mischief to data and unauthorized use of a computer.

He was released on bail and is scheduled to appear in court on Oct. 15.

– The Canadian Press


 

Carleton hacker charged

  1. I hope details on this issue from the Canadian Press will be forthcoming in the next few days. Vulnerability disclosure is a huge issue in the computer security community right now, with several prominent cases, such as the recent DNS issue (http://www.themanitoban.com/science-technology/patching-internet) and Boston MTA/Defon talk (http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=210002185) taking the forefront.

    Too often, it is the case that well-meaning techie-users attempt to point out vulnerabilities in public systems (ie so they can be fixed) only to be mercilessly prosecuted by offended system administrators and ignorant judges.

    In this case, and based on the limited details, it would seem that the student made two mistakes. He 1) obtained private information of students without their permission and 2) his ‘public disclosure’ consisted of notifying 37 specific individuals (and just fellow students, no less) mere days after alerting the school of the vulnerabilities. Moufid may have had the best of intentions, but his modus operandi is seriously at fault. A just war can be fought unjustly.

  2. Detective Michel Villeneuve said Mr. Moufid’s claims to the weakness of Carleton’s electronic security appeared to be genuine. “He was easily able to hack the network. His intent was only to bring out the flaws [of the system] .”

  3. Pingback: Ryerson admits privacy breach : Macleans OnCampus

Sign in to comment.