Federal prosecutors are accusing Eric McCarty of orchestrating an attack in June 2005 that shut down the site for nearly two weeks. The 25-year-old network administrator faces up to ten years in jail for the alleged crime.
The FBI was tipped off about the crime when it was contacted last year by a SecurityFocus.com reporter who received an anonymous e-mail about the breach. Law enforcement tracked McCarty down through his IP address, and later found evidence on his computer showing he brought attention to his deed by e-mailing SecurityFocus staff through an anonymous e-mail account: firstname.lastname@example.org.
The DOJ said in a statement yesterday that McCarty exploited a vulnerability in the admissions structured query language (SQL) database to bypass authentication. He staged a SQL injection with the same Gmail account, and accessed and copied several applicant records.
Though he only accessed a small number of records, the breach compromised more than 270,000 records housed in the database.
McCarty's first appearance before the Los Angeles District Court is scheduled for April 28.