http://arstechnica.com/information-technology/2014/05/why-he-hacked-university-of-maryland-contractor-turned-hacker-tells-all/
By Sean Gallagher
Ars Technica
May 6, 2014
David Helkowski stood waiting outside a restaurant in Towson, Maryland,
fresh from a visit to the unemployment office. Recently let go from his
computer consulting job after engaging in some “freelance hacking” of a
client’s network, Helkowski was still insistent on one point: his hack,
designed to draw attention to security flaws, had been a noble act.
The FBI had a slightly different take on what happened, raiding
Helkowski’s home and seizing his gear. Helkowski described the event on
reddit in a thread he titled, “IamA Hacker who was Raided by the FBI and
Secret Service AMAA!” Recently Ars sat down with him, hoping to get a
better understanding of how this whitehat entered a world of gray.
Helkowski was willing to tell practically everything—even in the middle of
an ongoing investigation.
Until recently, Helkowski worked for The Canton Group, a Baltimore-based
computer consulting firm serving, among other clients, the University of
Maryland. Helkowski’s job title at The Canton Group was “team lead of open
source solutions,” but he began to shift his concerns toward security
after identifying problems on a University of Maryland server.
That transformation from developer to hacker came to a head when Helkowski
decided that the vulnerabilities had gone unfixed for too long. He set out
to prove a point about computer security both to the University of
Maryland and to his employers. In early March 2014, working from a
computer in his Parkville, Maryland home, Helkowski said that he exploited
a misconfigured Web server and some poor database security in order to
duplicate the results of a recent data breach that exposed the Social
Security numbers and personal information for more than 300,000 current
and former University of Maryland students and staff.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
