Former Student Sentenced for Computer Hacking at University of Central Missouri

KANSAS CITY, MO—Tammy Dickinson, United States Attorney for the Western District of Missouri, announced that a former student of the University of Central Missouri was sentenced in federal court today for his role in a computer hacking conspiracy.

Joseph A. Camp, 29, of Kansas City, Missouri, was sentenced by U.S. District Judge Brian C. Wimes to three years in federal prison without parole. The court also ordered Camp to pay $61,500 in restitution.

Camp has been in state or federal custody since his prior arrest in a New York investigation in December 2009. Federal charges are still pending in the Western District of New York.

On April 12, 2013, Camp pleaded guilty to an unlawful computer hacking scheme at UCM from March 2009 to March 2010. Camp, who had been a student at UCM in the fall semester of 2009, conspired with Daniel J. Fowler, 23, of Kansas City, Missouri, a student and community adviser at UCM. Fowler pleaded guilty to his role in the conspiracy on June 22, 2011, and awaits sentencing. In addition to the computer hacking conspiracy, Fowler also pleaded guilty to one count of computer intrusion causing damage (computer hacking).

Camp and Fowler gained unlawful and unauthorized access to the UCM computer network, which allowed them to view and download large databases of faculty, staff, alumni, and student information. They were also able to transfer money to their student accounts and attempted to change grades.

Camp and Fowler developed a computer virus, which they used to infect UCM computers—including an attempt to infect the computer used by the university’s president. They used several strategies to infect computers, such as offering to show vacation photographs on a thumb drive that contained the virus. They successfully distracted and misled at least one UCM administrator and were able to use a thumb drive to download their virus onto his UCM computer. They monitored the administrator’s computer activity and captured his username and password. They used their remote access of this administrator’s computer to remotely turn on the webcam to watch and photograph the administrator sitting at his desk in his office and to download his e-mails. They also obtained the username and password of a residence hall director and used that information to exploit the university’s computer system to conduct financial transactions in an attempt to unlawfully credit their student accounts with UCM funds.

Camp and Fowler successfully used the identities of fellow students, along with their university computer network permissions, to gain access to various portions of the computer network to which they would otherwise not have access. This also enabled them to mask their activities and mislead university authorities as to the identities of those conducting the attacks on the computer network.

Camp and Fowler manually installed the virus on several UCM computers in public areas, such as computer labs and the library. Once the virus was successfully installed on a computer, Camp and Fowler could obtain remote access to the computer, capture a user’s keystrokes, download any of the user’s files, and remotely turn on the user’s webcam to watch and photograph the user of the infected computer.

Camp also admitted that he and Fowler obtained access to the affidavit used in support of a search warrant on Camp’s room. Camp used the information in that affidavit to make posts on Facebook.com to communicate threats and harass potential witnesses against them.

Camp was arrested when he traveled to New York in December 2009. After learning that Camp had been arrested in New York, Fowler encrypted and destroyed computer evidence that he thought could be used against him.

This case was prosecuted by Assistant U.S. Attorney Matthew P. Wolesky. It was investigated by the University of Central Missouri Police Department and the FBI.