Texas A & M Grad Sentenced for Hacking into Computer System

HOUSTON, December 12, 2007 - A December 2006 graduate of Texas A&M University has been sentenced to a term of five months incarceration and five months house arrest for recklessly accessing and causing damage to the protected computer system of his former alma mater, United States Attorney Don DeGabrielle and FBI Houston Special Agent in Charge Andrew R. Bland III, announced today.

U.S. District Judge Kenneth Hoyt sentenced Luis Castillo, 23, Monday, Dec. 10, 2007. Castillo was sentenced to a total of 10 months - five months to be served in prison and the remaining five months to be served under house arrest, to be followed by a three-year term of supervised release. Hoyt further ordered Castillo to pay restitution to Texas A&M University in the amount of $67,401. Castillo has been permitted to remain free on bond pending the issuance of an order to surrender to a soon-to-be designated U.S. Bureau of Prisons facility where he will begin serving his prison term. Castillo, who graduated with a bachelor's degree in computer science from Texas A&M University in December 2006, was convicted in September 2007 of recklessly gaining unauthorized access to the university's domain controller, code named "Ajax," a protected computer system, and capturing 133,000 network identifications (ID) and passwords of unsuspecting students and employees of the university.

Texas A&M University officials discovered in February 2007, that the domain controller of its virtual private network (VPN), Ajax, had suffered multiple unauthorized computer intrusion incidents. Steps were taken by the university to prevent the illegal or fraudulent use of the captured information and a criminal investigation was initiated by the FBI with the assistance of the university's administration and law enforcement authorities.

Through their joint investigation, agents learned that in mid-February 2007, Castillo logged onto the university's VPN utilizing his own ID and password from a wireless account located at an apartment in Oregon where Castillo was living while working in the area. Thereafter, Castillo began logging on to the protected system from the same computer using unauthorized network IDs and passwords and ultimately accessed the university's VPN server to gain unauthorized access to the Ajax. Once access to the Ajax was established Feb. 24, 2007, Castillo injected malicious computer programs into the university's protected computer system, which operated to capture 133,000 network IDs and passwords of unsuspecting students and employees of the university. Thereafter, the program dumped the captured IDs and passwords into a temporary file on the system where Castillo could have access.

As a result of the intrusions and injection of the malicious software by Castillo, the university incurred a loss of over $67,000 in its efforts to fully protect students and faculty from the illegal or fraudulent use of private account information obtained through Castillo's unauthorized access to the university's protected computer system.

The charges against Castillo stem from the investigative efforts of the FBI with the assistance of the Texas A&M University Police Department. The case was prosecuted by Special Assistant U.S. Attorney Bret Davis.

Give us your Feedback about this story!