Breach, Data Security

Latest UMD ‘intrusion’ linked to IT worker exposing security issues, account shows

A software engineer revealed that the FBI raided his home after his attempts to expose a security issue impacting the University of Maryland's systems.

On Tuesday, David Helkowski, a former employee of Baltimore-based firm Canton Group which was contracted by UMD, shared the details surrounding the March incident on Reddit.com.

Last month, Ann Wylie, who chairs UMD's cyber security task force, announced that a “cyber intrusion” occurring on March 15 (now linked to Helkowski) had been “successfully mitigated” by law enforcement, university police and staff. She added that the only public release of information was that of one senior official at the school, and that the incident was in no way related to the massive breach striking UMD in February, where hackers accessed the names, Social Security numbers and other data of 300,000 students, alumni and staff, after planting a trojan on a university site.

According to Helkowski's account, while working on a UMD website through his contracted company, he detected malware on the school's site. After reporting the concern to coworkers and his boss, no action was taken by his firm (including telling the university).

After the UMD breach impacting 300,000 became public, he eventually communicated security issues he found via penetration testing directly to university staff, he wrote.

On Reddit.com, the software engineer also posted a copy of the search warrant used by police who entered his home last month (PDF).

As of Tuesday, he said that no charges had been filed against him, and also revealed what he turned over to police.

“During the raid, I provided my 20+ character system encryption password, my Keepass password, the location of my keyfiles, and a full description of everything,” Helkowski wrote. “I basically ‘confessed' everything to the FBI already.”

On Tuesday, Baltimore's City Paper posted an FBI agent's search warrant affidavit (PDF), which showed an email Helkowski allegedly sent to UMD's security task force on March 15.

The email apparently included the names, student ID numbers, email addresses, and title of UMD employees on the task force, as a means of demonstrating that the school was vulnerable to attack.

According to the affidavit, it appears that Helkowski also exposed the private information of University of Maryland President Wallace Loh to gain the school's attention.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.