A former University of Central Missouri student has admitted to participating in an unlawful computer hacking scheme. Joseph Camp, 28, pleaded guilty Friday to gaining unlawful access to the UCM computer network and attempting to spread a computer virus throughout the campus. Camp and another student were able to successfully infect one professor’s computer, and gained the ability to use the webcam remotely.
According to the terms of his plea deal, Camp will spend three years in federal prison without parole and pay $61,500 in restitution. His accomplice, Daniel Fowler, 23, admitted to his part in the conspiracy in June of 2011 and awaits sentencing.
Press Release from the U.S. Attorney’s Office
KANSAS CITY, Mo. Tammy Dickinson, United States Attorney for the Western District of Missouri, announced that a former student of the University of Central Missouri pleaded guilty in federal court today to his role in a computer hacking conspiracy.
Joseph A. Camp, 28, of Kansas City, Mo., pleaded guilty before U.S. District Judge Brian C. Wimes to the charge contained in a Nov. 18, 2010 federal indictment. Camp has been in state or federal custody since his prior arrest in a New York investigation in December 2009. Federal charges are still pending in the Western District of New York.
By pleading guilty today, Camp admitted that he participated in an unlawful computer hacking scheme at UCM from March 2009 to March 2010. Camp, who had been a student at UCM in the fall semester of 2009, conspired with Daniel J. Fowler, 23, of Kansas City, Mo., a student and community advisor at UCM. Fowler pleaded guilty to his role in the conspiracy on June 22, 2011 and awaits sentencing. In addition to the computer hacking conspiracy, Fowler also pleaded guilty to one count of computer intrusion causing damage (computer hacking).
Camp and Fowler gained unlawful and unauthorized access to the UCM computer network, which allowed them to view and download large databases of faculty, staff, alumni and student information. They were also able to transfer money to their student accounts and attempted to change grades.
Camp and Fowler developed a computer virus, which they used to infect UCM computers including an attempt to infect the computer used by the university’s president. They used several strategies to infect computers, such as offering to show vacation photographs on a thumb drive that contained the virus. They successfully distracted and misled at least one UCM administrator and were able to use a thumb drive to download their virus onto his UCM computer. They monitored the administrator’s computer activity and captured his username and password. They used their remote access of this administrator’s computer to remotely turn on the webcam to watch and photograph the administrator sitting at his desk in his office and to download his e-mails. They also obtained the username and password of a residence hall director and used that information to exploit the university’s computer system to conduct financial transactions in an attempt to unlawfully credit their student accounts with UCM funds.
Camp and Fowler successfully used the identities of fellow students, along with their university computer network permissions, to gain access to various portions of the computer network to which they would otherwise not have access. This also enabled them to mask their activities and mislead university authorities as to the identities of those conducting the attacks on the computer network.
Camp and Fowler manually installed the virus on several UCM computers in public areas, such as computer labs and the library. Once the virus was successfully installed on a computer, Camp and Fowler could obtain remote access to the computer, capture a user’s keystrokes, download any of the user’s files and remotely turn on the user’s webcam to watch and photograph the user of the infected computer.
Camp also admitted that he and Fowler obtained access to the affidavit used in support of a search warrant on Camp’s room. Camp used the information in that affidavit to make posts on Facebook.com to communicate threats and harass potential witnesses against them.
Camp was arrested when he traveled to New York in December 2009 to meet another person in order to sell the lists of UCM personal information. He was transported to the Western District of Missouri after the grand jury returned the indictment on Nov. 18, 2010. According to the indictment, Camp offered to sell 90,000 identities to a person in New York for $35,000. After learning that Camp had been arrested in New York, Fowler encrypted and destroyed computer evidence that he thought could be used against him.
Under the terms of today’s plea agreement, Camp will be sentenced to three years in federal prison without parole and must pay $61,500 in restitution.
This case is being prosecuted by Assistant U.S. Attorney Matthew P. Wolesky. It was investigated by the University of Central Missouri Police Department and the FBI.