How did a hacker get into UGA system?


By Joe Johnson


Morris News Service

ATHENS, Ga. — University of Georgia officials thought they might have been under attack from hackers when the identities of thousands of employees and students went missing last fall.

It turned out, however, to be the work of a single person, a former UGA student, who used a proxy server that disguised the Internet Protocol address of his computer. He later committed suicide.

According to documents recently filed in Clarke County Superior Court, Charles Stapler Stell, 26, used a London-based Web site when breaking into UGA’s Identity Management System.

The court documents filed last week include the affidavits of a UGA police detective who investigated the computer intrusion.

The Web site used by Stell states, “Our free web proxy is a secure service that allows you to surf anonymously online in complete privacy,” and that more advanced features “adds increased security and anonymity on to your existing Internet connection.”

Beginning about 8 p.m. Sept. 28, Stell logged into UGA computer servers several times over a seven-hour period, stealing Social Security numbers, dates of birth and other personal information belonging to more than 8,500 people, according to UGA police.

He logged on to the servers using computers with different IP addresses, one that came back to a data center in Atlanta, Ubiquity Server Solutions, according to court documents.

The personal information appeared to have been accessed and stolen through accounts belonging to the director of Enterprise Information Technology Services, the central information technology organization at UGA, according to court records.

“The use of (the director’s) accounts is supported by the fact that her UGA MyID account information was recently compromised with her passwords being changed without her consent,” the UGA detective wrote in an affidavit.

Authorities later determined that the IP address had been rented by a company in London, Privax LTD, the company which operates, according to court records.

That avenue of investigation was a dead end.

But the IP addresses of another computer used in the UGA hack returned to Charles Stell at an address on South Milledge Avenue, and an additional IP address was assigned to his father in Winder, according to court records.

UGA police obtained a warrant giving them permission to search the South Milledge Avenue location, a business office used by Stell, and on Nov. 5, investigators seized computers, computer equipment and a cellphone from the office.

Two days later, while investigating a suicide at an apartment complex on Barnett Shoals Road, Athens-Clarke police found a copy of the search warrant for Stell’s office and notified their UGA counterparts, according to court records.

The suicide victim was Stell, who left a note for his family, “informing them about taking his own life and not being able to face the consequences for mistakes that he had made,” according to court records.

The documents filed in court last week also included an affidavit supporting the search of a laptop computer and Blackberry that Athens-Clarke police took into evidence while investigating Stell’s death.

Stell, 26, attended classes at UGA from 2005 to 2007.

The Winder-Barrow High School graduate served in the National Guard for several years, then owned Stapler Services, the business on South Milledge Avenue, according to his obituary.

UGA Police Chief Jimmy Williamson said the investigation found no evidence that Stell had used the stolen identities to commit other crimes, and everything pointed to him acting alone.

“This was investigated by trained forensic people, and I feel, based on what we looked at and found, fairly confident the compromised data wasn’t used in any criminal activity,” such as opening credit accounts with other people’s identities, Williamson said.

He did not know how Stell planned to use the stolen UGA identities because his suicide precluded any interviews with investigators.

“There’s a number of people out there that are just intrigued by seeing if they can break down firewalls and get into (computer) systems,” Williamson said.

“This case has been closed based on the fact it was apparent to us (Stell) was the offender,” he said. “It doesn’t look like he ever disseminated any of the compromised data, and was acting alone.”

UGA hacker suspect kills self
After security breach, UGA sends letters to nearly 8,000 workers
Hacker accesses 8,500 UGA accounts


Thu, 11/23/2017 - 17:28

Rants and raves