LINCOLN — The former student accused of hacking into a University of Nebraska computer system last year has been indicted on multiple charges for repeatedly accessing the system over a nearly four-week period in spring 2012.
Daniel Stratman, now 23, of Omaha, faces two felonies and 10 misdemeanors relating to his alleged intrusions, which were discovered by NU computer security officials on May 23, 2012.
The system in question is shared by NU and the Nebraska state colleges. Used to manage nearly every aspect of the student experience, from housing to grades, it contains personal information of hundreds of thousands of students and alumni. NU officials have said no instances of identity theft or financial fraud have been linked to the intrusion.
Stratman initially faced a single felony charge in the case.
His attorney, Robert Creager of Lincoln, declined to comment upon the indictment.
It is the latest development in a case that has attorneys wrestling with federal law defining computer hacking, unauthorized computer access and how to quantify damage caused by hacking.
In April U.S. Magistrate Cheryl Zwart gave Creager and Assistant U.S. Attorney Steven Russell 60 days to report back to her on the status of the case. Attorneys were debating whether the damage allegedly caused by Stratman amounted to a misdemeanor or a felony under federal law.
Federal law says that unauthorized access to a protected computer is a misdemeanor but that unauthorized access that recklessly or intentionally causes damage is a felony. It is the difference between a maximum penalty of a year in jail and $100,000 fine or a maximum of 10 years in prison and $250,000 fine.
On June 14, Creager filed a request that the charge against Stratman be dismissed, because Stratman, then a math and computer science major at the University of Nebraska-Lincoln, had authorization as a student to access the computer system in question.
Creager cited investigative reports that showed Stratman used his account on UNL's Virtual Private Network to exceed his authorized access and gain entry into databases that contained personally identifiable information of an estimated 654,000 students and alumni associated with UNL.
Creager argued that is a different crime than originally charged against Stratman. That, too, would be a misdemeanor and not a felony.
On Thursday, Russell sought a delay in acting upon Creager's request, arguing that the new indictment resolves the issue. Stratman is to make an initial appearance on the new charges July 2.
Jan Sharp, chief criminal prosecutor for the U.S. Attorney's Office, said the new charges will substitute for the original case. The indictment accuses Stratman of 12 separate offenses, the first occurring on April 30, 2012, when he is alleged to have obtained student audit reports and records from NU, to May 24, 2012, when he is accused of a felony for intentionally damaging the computer system.
In chronological order, Stratman is accused of:
» April 30, 2012 — Obtaining student audit reports and records from the NU system, exceeding his authorized access.
» May 7, 2012 — Obtaining user account information from the NU computer system, exceeding his authorized access.
» May 8, 2012 — Obtaining user account information from the NU computer system, exceeding his authorized access.
» May 9, 2012 — Obtaining user account information from the NU computer system and the state college computer system, exceeding his authorized access.
» May 18, 2012 — Obtaining user account information from the NU computer system, exceeding his authorized access.
» May 23, 2012 — Obtaining password information for three NU databases and two state college system databases, exceeding his authorized access; and intentionally causing at least $5,000 damage to the computer systems.
» May 24, 2012 — Intentionally causing at least $5,000 damage to the computer systems.
Authorities seized Stratman's computer on May 25, 2012.