‘Bored but brilliant’ former Ames student infiltrates e-mail
September 9, 1998
A former Ames resident is facing criminal charges after hacking into nearly 2,400 e-mail files at the University of Iowa over a span of seven months.
Joseph Hentzel, 19, former U of I student, infiltrated the U of I computer systems and copied the files, including some files belonging to university President Mary Sue Coleman, according to a Sept. 2 article in The Daily Iowan.
In 1996, Hentzel was charged with 2,389 counts of electronic eavesdropping, three counts of criminal mischief, three counts of criminal trespass and one count of second-degree theft. In court documents released earlier this month, Hentzel also was charged with harassment as a result of a threatening call he made to an elderly woman on July 15.
Hentzel, who received his General Equivalency Diploma from Ames High School, was described by friends as “bored but brilliant,” according to The Daily Iowan story.
After receiving his GED, he landed a job at the U of I Information Technology Services department. Hentzel’s job at ITS, U of I’s equivalent to Iowa State’s Computation Center, may have allowed him easier access to e-mail accounts.
However, George Covert, associate director of technical services at the ISU Computation Center, said the chances of a similar incident of e-mail fraud occurring at ISU are slim, but possible.
“It would be difficult to say it could not happen, but it would be very difficult [to do],” Covert said.
He said ISU employs many lines of defense in keeping its network secure, but he declined to explain in depth the security measures.
“I’d really rather not get into the specifics,” Covert said, “but we use a common mechanism called KERBEROS that provides a high level of authenticity.”
Covert said KERBEROS relies on a trusted third-party authentication, which helps keep e-mail accounts secure.
Another defensive step taken by the Computation Center includes restricting access to the actual e-mail servers and only allowing a handful of people access to the servers.
“I can’t say exactly how many people have access to the servers,” Covert said, “but we do have enough people that, if the flu rips through the office, someone can still run things.”
However, the Computation Center is always looking for new ways to secure authentication, Covert said.
“We always try to follow national trends in authentication and keep up with what is new,” he said.
But no amount of security can ensure that incidents will never happen, Covert said.
“The goal in electronic security is to sufficiently lower the risk so that it is nearly negligible,” he said. “But anybody who says that it’s impossible for something like this to happen at Iowa State is not facing the modern realities of the computing world.”