Registering for classes is notoriously difficult at a university as large as UT-Austin. But on one day last April, some UT students attempting to register for the next semester’s classes faced an unusual problem: a three-hour registration blackout, courtesy of one of their own.
Garret Ross Phillips, an undeclared UT junior, was arrested and charged with breaching computer security on Monday. A resident of Dobie Center, Phillips is accused of using downloaded software to overwhelm UT’s server with fake users, causing the registration website to crash for more than three hours on April 24.
Though the motivation behind the attack remains unknown, UT officials assure the campus community it wasn’t to steal Social Security or credit card numbers.
“This wasn’t an attack where any personal information was compromised,” UTPD Sergeant Charles Bonnet says. “It wasn’t a safety hazard.”
Bonnet says that lack of a safety threat is the reason the arrest happened now, more than five months after the cyberattack occurred. According to Bonnet, UT’s Information Security Office traced the breach to Phillips’ IP address over the summer.
“He was registered for classes, so we knew he’d be coming back to campus,” Bonnet says.
UTPD executed a search warrant on Sept. 27, seizing Phillips’ computer, which contained information linking it to the crime.
Since the attack, UT has revamped its protocol for dealing with this type of online breach.
“There’s very little that can be done to prevent this kind of attack,” Bonnet says. “But UT is changing its procedures a bit. They’ve established back-ups of the registration sites, so if this were to happen again, it would roll over to those if the site goes down.”
A breach of security charge is a state jail felony that carries the possibility of 180 days to two years in jail. Phillips’ bond was set at $20,000.
Photo courtesy Flickr user newfilm.dk.