Student charged with breach of computer security

AddThis

A UT student turned himself in Monday for launching a computer attack on UT’s registration website last spring. He was arrested around 2 p.m. Monday and released on bond around 5 p.m.

According to the arrest affidavit issued Friday, undeclared junior Garret Ross Phillips has been charged with breach of computer security, a state jail felony. He is accused of launching a “denial of service” attack April 24 that overloaded the site with fabricated communication requests, preventing students from accessing the site.

UT spokesperson Cindy Posey said no personal data was compromised during the attack, but it shut down the website for more than three hours.

Posey said to prevent online security breaches, information technology services personnel monitor site traffic and direct students away from the affected site in the case of a security breach.

“That’s the only way to respond to this type of attack,” Posey said.

According to the affidavit, around midnight April 24, Phillips used BitTorrent, a file sharing service, to download a program that overloads servers with fake visitors and prevents a website’s intended users from accessing it. Around 12:15 a.m. he typed the Office of the Registrar’s information into the program and the attack was then initiated around 8:13 a.m.

Cam Beasley, UT chief information security officer, reported the attack to University of Texas police at 3:33 p.m., according to the affidavit.

The attack occurred during registration for students classified as juniors.

According to the affidavit, UT’s Information Technology Services linked the MAC address the attack was initiated from to an electronic identification number issued to Phillips. MAC numbers identify hardware connected to a network.

Police traced the IP and MAC addresses to Phillips’ residence in Dobie Center. A search warrant was issued for Phillips’ residence Sept. 27, and authorities found the program used in the attack on Phillips’ laptop during the search. The MAC address for Phillips’ laptop matched the suspected MAC address linked to the attack.

Phillips said he was the sole owner and user of the laptop and no information found on the laptop indicated the device had been hacked or controlled by an outside source during the time of the attack, according to the affidavit.

— Additional reporting by David Maly

Printed on Tuesday, October 9, 2012 as: Student charged in digital attack