29-year-old Joseph Camp, a former student of the University of Central Missouri, was sentenced to three years in federal prison without parole in federal court today for his role in a computer hacking conspiracy. He was also ordered to pay $61,500 in restitution.
On April 12, 2013, Camp pleaded guilty to an unlawful computer hacking scheme at UCM from March 2009 to March 2010. Camp, who had been a student at UCM in the fall semester of 2009, conspired with Daniel J. Fowler, 23, of Kansas City, a student and community advisor at UCM.
Fowler pleaded guilty to his role in the conspiracy on June 22, 2011 and awaits sentencing. In addition to the computer hacking conspiracy, Fowler also pleaded guilty to one count of computer intrusion causing damage (computer hacking).
Camp and Fowler gained unlawful and unauthorized access to the UCM computer network, which allowed them to view and download large databases of faculty, staff, alumni and student information. They were also able to transfer money to their student accounts and attempted to change grades.
They developed a computer virus, which they used to infect UCM computers B including an attempt to infect the computer used by the university’s president. They used several strategies to infect computers, such as offering to show vacation photographs on a thumb drive that contained the virus.
They successfully distracted and misled at least one UCM administrator and were able to use a thumb drive to download their virus onto his UCM computer. They monitored the administrator’s computer activity and captured his username and password. They used their remote access of this administrator’s computer to remotely turn on the webcam to watch and photograph the administrator sitting at his desk in his office and to download his e-mails.
They also obtained the username and password of a residence hall director and used that information to exploit the university’s computer system to conduct financial transactions in an attempt to unlawfully credit their student accounts with UCM funds.
Camp and Fowler successfully used the identities of fellow students, along with their university computer network permissions, to gain access to various portions of the computer network to which they would otherwise not have access. This also enabled them to mask their activities and mislead university authorities as to the identities of those conducting the attacks on the computer network.
They manually installed the virus on several UCM computers in public areas, such as computer labs and the library. Once the virus was successfully installed on a computer, they could obtain remote access to the computer, capture a user’s keystrokes, download any of the user’s files and remotely turn on the user’s webcam to watch and photograph the user of the infected computer.
Camp also admitted that he and Fowler obtained access to the affidavit used in support of a search warrant on Camp’s room. Camp used the information in that affidavit to make posts on Facebook.com to communicate threats and harass potential witnesses against them.
Camp was arrested when he traveled to New York in December 2009. Federal charges are still pending in the Western District of New York.
After learning about Camp’s arrest, Fowler encrypted and destroyed computer evidence that he thought could be used against him.