A self-proclaimed “software architect/engineer” admitted on Reddit Monday night that he believes he’s one of the suspects in a cyberattack which was responsible for compromising over 300,000 University of Maryland students’ social security numbers from 1998 – today.
The alleged suspect, who goes under the alias “krage28,” told Redditors that he was working on a university website through his job. He downloaded a portion of the site to work on it and found a virus.
“krage28” alerted his bosses of the problem but alleges that the vice president and CEO of his company didn’t do anything to fix it.
“I reported it to my company, and I thought they reported it to UMD. They did not,” the alleged suspect said.
The suspect found more problems with the site but because he was accessing a portion he wasn’t supposed to be on, it led him to trouble.
“I tried to help the university increase their security and I was ignored. After being ignored repeatedly I was a bit more blunt with and scary with the information I provided about their systems,” the alleged suspect said.
The alleged suspect, who started hacking into computers when he was 10, believes the FBI and Secret Service caught him after he began to tell his friends of how easy it was to hack into UMD’s servers.
“I didn’t do anything “bad” with that information or access imo,” the alleged suspect said. “I wasn’t very careful to hide my activities, and intentionally there is a lot of evidence as to exactly what I did, for my own protection. I never had any evil intentions in any of the process.”
Some users such as “WSMassiv” don’t believe the alleged suspect is telling the truth:
You hacked a university without notifying them, just to be a nice guy and find their security flaws?
Yeah… I’m not buying it.
The alleged suspect responded saying:
The evidence speaks for itself. So -shrug-. Unfortunately I don’t have said evidence, because it was taken by the government so 😦
I did notify them multiple times during the entire process. I also called the UMD police and left my real name and phone number…
The alleged suspect also says that he knew of security vulnerabilities based on his own work with the university since November 2013 before the cyberattack took place. He says that the university’s site still has problems to this day.
“My stance is that I did nothing “morally wrong”. My attempt the entire time has been to help the university improve their security.”
Read the AMA chat for yourself here.