DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Follow-up: How did a hacker get into UGA system?

Posted on April 29, 2013 by Dissent

Joe Johnson reports some of the follow-up on University of Georgia hack disclosed last year:

University of Georgia officials thought they may have been under attack from multiple hackers when the identities of thousands of employees and students went missing last fall.

But it turned out to be the work of a single person, a former UGA student, who used a proxy server that disguised the Internet Protocol address of his computer.

According to documents recently filed in Clarke County Superior Court, 26-year-old Charles Stapler Stell used a London-based website, Hidemyass.com, when breaking into UGA’s Identity Management System.

Read more on Augusta Chronicle.

Category: Breach IncidentsEducation SectorHackInsider

Post navigation

← Why LivingSocial’s 50-million password breach is graver than you may think
Hope Hospice notifies patients after email with PHI sent insecurely on two occasions →

2 thoughts on “Follow-up: How did a hacker get into UGA system?”

  1. IA Eng says:
    April 29, 2013 at 12:08 pm

    Hide nothing. This is proof positive that people who feel comfortable about using proxy style services better prepare themselves to have their pants around thy ankles if they think they have a rock solid scheme to hide one’s IP.

    People who use these services don’t realize, or care that these services tend to act as a man in the middle to their surfing habits. Can these sites watch your browsing habits? Can these sites capture your keystrokes? If the act as a MITM (man in the middle), your connection to them is ripe for the picking.

    So you spoof your address, but the ability for you to get into the site is limited by the knowledge you have visited in the past. To ensure the path works, I bet it was first tested to see that entry could be gained. Then, he tries it behind a proxy and well, add two plus two, its not hard to retrace steps with the right forensic team and the audit trail. This is hypethetical, but more than likely they found the intrusion and prior navigation by the same individual.

    I am sure the website didn’t hide him at all when the website was offered a dilemna from the feds. People don’t understand that any communication whatsoever can be backtracked through devices if they are done within a certain timeframe. Its a long story, but eventually, that session was tracked back to the site. I haven’t been to the site, so I am unsure how they got his name, but they surely could have got his original IP. With that and a warrant, they forensically search his computer and well the rest is displayed here.

    Again, nothing is totally fool proof when it comes to disguising one self. It all depends on how far the breached organization wants to go. Here, they pushed all in and got an end result. Who knows what other material they pulled from evidence.

    Good, I hope he gets a fair trial and if found guilty sits in his cell for the primetime of his life, and headslaps himself for being so “ego-testical”.

    1. Steve says:
      May 4, 2013 at 8:42 pm

      Unfortunately, you can use someone’s open wifi then a proxy server.
      Harder to catch unless you are silly enough to use your neighbours.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.