San Diego man pleads guilty to USC computer hack

A 24-year-old San Diego, Calif. computer network administrator is awaiting sentencing after pleading guilty Tuesday to federal charges of illegally accessing the computer network at the University of Southern California (USC) last year. The incident occurred after he was denied admission to the school.

Eric McCarty pleaded guilty in U.S. District Court in Los Angeles in connection with his infiltration of USC's online student application system in June 2005, according to a criminal affidavit filed in the case. McCarty was accused of accessing confidential information submitted by students applying to the school and causing damage to the IT system by using a "SQL injection attack" to bypass the login authentication process of the school's online application system.

McCarty could not be reached for comment by telephone at his home this afternoon.

The case was investigated by a special agent of the FBI's cybercrimes squad in Los Angeles.

The USC student database accessed by McCarty contained the names, Social Security numbers, addresses and other personal information of about 275,000 students since 1997, according to the affidavit. Each user account was protected with a unique user name and password, but McCarty's use of certain SQL database commands allowed him to take advantage of a software vulnerability that provided access to the confidential data, according to the affidavit.

"A forensic examination of McCarty's computers seized from his residence pursuant to a federal search warrant revealed, among other things, files containing SQL injection attack codes and the user names, passwords and Social Security numbers from seven individuals in the USC applicant database," the affidavit said.