Ex-contractor says he hacked into U-Md. databases to show security flaws' seriousness
In March, there was a security breach at the University of Maryland that involved accessing student grade-point averages, student and employee Social Security numbers and contact information, as well as exposing the Social Security and cell phone numbers of university President Wallace D. Loh. The person linked to this breach was a former contract worker for the university by the name of David Helkowski, age 32. Helkowski said that he hacked into the scores of the databases in the school's computer system to draw attention to security problems. In February, just a month prior to Helkowski's breach, there was a larger security breach of roughly 300,000 sensitive records of names, Social Security numbers and birth dates of students, staff, and faculty members. Helkowski was not accused of any involvement. As for the March breach, Helkowski said he was able to “replicate” February’s major data breach and posted Loh’s information online as proof of the university’s “incompetence” in securing its sensitive data. When asked why hack the system, Helkowski stated that it was because he “wanted to prove that the security at UMD is still terrible. I have done so. That was and is my goal.” Many U-Md. alumni, students, faculty, staff and others connected with College Park were deeply concerned about February’s data breach, which led the university to offer five years of free credit protection to those who were affected.
Was it ethically wrong what Helkowski did by exposing the university's president's information for the public to see? Or was it for the good of the people to expose such information to bring about awareness? I personally believe that it was completely necessary for Helkowski to take action in order to get everyone to know the seriousness of the problem. In his eyes, he views himself simply as a "whistleblower." The FBI and law enforcement would agree. Since the accusation, Helkowski has been cooperating with law enforcement and conducting an internal investigation.
By: Michael Hajec
There are no comments to this post(Back to hajecm blog | Write a Comment | Subscribe)
facebook | del.icio.us | digg | stumbleupon | RSS | slashdot | twitter