The 23-year-old former student indicted in connection to a computer security breach at the University of Nebraska-Lincoln last year pleaded guilty Tuesday.
Daniel Stratman, who lives in Omaha now and works for an IT company, had faced a dozen counts in an indictment filed this summer.
But, in a deal with prosecutors, he agreed to plead guilty to a single count of fraud in connection with computers. Stratman also agreed to pay restitution for the resulting loss, though that may end up being a matter for the judge to determine.
In exchange, the U.S. Attorney's Office agreed to recommend a sentence at the low end of the guideline range, and not more than two years incarceration, on a charge that otherwise carries up to 10 years.
State prosecutors also agreed not to file charges.
Assistant U.S. Attorney Steven Russell said that on May 23, 2012, Stratman "knowingly caused the transmission of a program, information, code and command," causing at least $5,000 damage to a protected computer owned by the University of Nebraska and Nebraska State College Systems computer system.
Stratman was a senior when he gained access to student audit reports and records and user account information, as well as password information for databases for the University of Nebraska and Nebraska State College Systems.
Russell said the university discovered the intrusion late May 23, 2012, and a search four days later of Stratman's Lincoln address led to computers and other items that linked him to the crime.
"Is what Mr. Russell said true?" U.S. District Judge John Gerrard asked Stratman.
You have free articles remaining.
Yes, Stratman said.
His attorney, Bob Creager, said he didn't intend to cause harm and didn't do anything malicious once he gained access to the database. But Stratman understood that gaining access to the system put it in jeopardy.
Gerrard set his sentencing for March 21.
According to the university, the breach involved the Nebraska Student Information System -- a database containing the records of more than 650,000 students, alumni, parents, employees and applicants from NU campuses in Lincoln, Omaha and Kearney.
Although it initially appeared to affect only the NU system, the investigation later showed the database included information from Chadron, Peru and Wayne state colleges.
The State College System and NU began using a shared student information system known as NeSIS in 2009. It stores information such as Social Security numbers, birth dates, addresses, grades and financial aid.
After the breach, university and state college officials said it didn't appear any information was transferred from the system, but it prompted the university to re-evaluate its online security plans.
NU computing services personnel identified Stratman as a suspect by the IP address used to access the system, officials said.