washingtonpost.com  > Technology > Tech Policy > Security

Page 2 of 2  < Back  

MBA Applicants Pay Price for Unauthorized Site Searches

Meanwhile, ApplyYourself Inc., the Fairfax company whose online software was compromised that night, says it is contemplating legal action against the applicants for breaking a federal anti-hacking law.

"We consider it a serious violation of the law, and we are investigating our legal rights," said chief executive Leonard A. Metheny Jr. He said his company immediately repaired the security breach after an applicant disclosed the vulnerability in an e-mail to the technical support staff. "The fact is, they gained unauthorized access using a procedure that was not intended to be used on the system," he said.

Critics Question Impartiality of Panel Studying Privacy Rights (The Washington Post, Mar 11, 2005)
Hackers Target U.S. Power Grid (The Washington Post, Mar 11, 2005)
Data Under Siege (The Washington Post, Mar 10, 2005)
More Security News

Some experts in business ethics said the students were not the only ones at fault.

"What they would have done in an ideal world was wait to get their results, but that curiosity got the better of them does not make them bad people," said Edwin Hartman, director of the Prudential Business Ethics Center at Rutgers University. "If this were the worst thing businesspeople ever did, we'd be living in Utopia. I think the punishment was a bit harsh."

Marjorie Kelly, editor and co-founder of the Minneapolis-based magazine Business Ethics, said the students were unlucky "to have been in the wrong place at the wrong time," when that message popped up on their screens.

"The real breach was one of flawed security by the schools or the company that designed the software," she said.

Computer-security specialists said the breach required only a minimal tech savvy. "Hacking implies a certain level of ability. These folks were doing something extremely simple," said Adelle McIlroy, of International Network Services, which helps firms find vulnerabilities in their computer systems. "There was a wide-open door, and it might have been better for the school or the software company to have closed it."

Already at least one potentially gray area has emerged. The schools know which files were accessed because users had to log in. One Harvard applicant's fiancee said she checked his application status without his knowledge. Another applicant, currently a student in Los Angeles, said his sister checked his application when she saw "brookbond's" invitation. He had an admission interview scheduled at Harvard, but it was rescinded today, he said.

"That is a tricky case, and we are certainly willing to listen to people's circumstances. We're not unreasonable people," said MIT's Sloan School Dean Richard Schmalensee. "Look, we're not saying this is the crime of the century here. But it did show ethical insensitivity. The analogy I use is, if someone gives you a key to the office and says you can go in there and look at your file, and you do it, did you do something wrong? Yes."

< Back  1 2

© 2005 The Washington Post Company