Sung Dan Lee, senior in Engineering, had been expecting to take his Electrical and Computer Engineering 329 class exam Nov. 29 at 7 p.m. But when he received an unexpected email with the subject “ECE 329 Exam 3 Solutions for Sale,” he became suspicious.
The email stated: “Sales stop at 17:57 CST, and all keys are distributed at 18:02 CST. You will be refunded if some white knight snitches to the damn professors…but we can all cooperate, amrite? ;-)”
Police are charging Daniel Beckwitt, a former University student, with sending this illicit email and others in a string of hacks that became attributed to one “ECE Hacker.” University police officers arrested Beckwitt last Friday at his home in Urbana. He appeared in court Tuesday, where he was formally charged with five counts: property damage, two counts of computer fraud, tampering with documents and illegally possessing a firearm. His next court appearance is scheduled for Feb. 5.
“I thought these incidents only happen in the movies and couldn’t believe that it could actually happen in one of my classes,” Lee said. “We were like ‘Maybe this guy was too scared to take the exam,’ and that was why he did such things.”
Beckwitt was enrolled as a student in the electrical and computer engineering department last semester but did not register for classes this semester, according to University police Sgt. Tom Geis, head of the detectives of the University police.
Get The Daily Illini in your inbox!
The property damage Beckwitt has been charged with is connected to two breaking-and-entering incidents at the Coordinated Science Laboratory where several i-card readers and locks were rendered inoperable with Super Glue and metal chips in November and December.
The University Police Department teamed up with CITES to investigate the crime by using websites such as reddit.com. Police found several postings on reddit.com from the username “ECEhacker.”
During the investigation, three computer keyboards in Everitt Laboratory were discovered to be rigged to key loggers, devices that are physically connected to keyboards to capture the keystrokes of the user.
“Whoever this ECE hacker was, the reason he was able to get access to people’s accounts and emails was because he was able to capture people’s username and passwords from the keyloggers that were installed in those equipments,” Geis said.
Police found their first lead with a blog posting by a user named “Skunkworks,” who listed hacking into teaching assistants’ email accounts among his hobbies. Skunkworks also posted a photo two people, one of whom police identified as Beckwitt.
Police obtained a search warrant to search Beckwitt’s home but are still in the process of obtaining a warrant to search his electronic devices, Geis said. Super Glue and packing material believed to be used for keyloggers were found while carrying out the warrant.
“We still have loads of information to look over because not only we do search warrants on the resident, but from that, we got laptops, thumb drives, external hard drives and cell phones; now we have to go through and forensically search,” Geis said. “We are hoping to shed more light on this case as we trudge through the computer stuff … but I think we have a pretty good idea that he is the guy.”
The full extent of the hacking remains unknown, Geis said.
Mike Corn, chief information security officer for the University, said the investigation is going well.
“Our people did all of the forensic examination of blogs, digital examinations of computers, and the police did an awful lot of work of reaching out to agencies and companies off campus,” Corn said. “We would talk to them, they would talk to us, and that led us to the suspect.”
Carina can be reached at [email protected].