I shudder to think what else was on his hands in the Michigan Football Offices!
Yes. Right now, they've just released the criminal charges. There are also, now, several civil suits being filed by individuals who were violated. UM is catching a lot of heat because they haven't even acknowledged it, as far as I know. One attorney for those filing said that there are thousands of people that don't even know he hacked them. And most of these cases seem to assume he did so for some kind of sexual gratification.Not sure how closely folks are following this, but wanted to share a nugget I saw today
(to recap: in the course of this federal investigation into Weiss being a internet pervert, evidence came to light that Weiss also gained illegal access to a website that is cloud storage/access for universities' football teams' practice film. Michigan was accessing OSU's practice film (99.999% confirmed) and very likely accessing other opponents as well. There was a second school rumored to be nearly confirmed and it was assumed for a long time to be MSU (i.e. OSU and MSU being UM's biggest rivals. Turns out the second school is almost certainly PSU).
TTUN Scandal CCL
From PD last thread: "Two new notes that have come into focus over the past several days:www.elevenwarriors.com
(again, none of this 100% confirmed yet, but there are three sources posting that have been pretty right about everything so far)
I don't think the investigations are linked (per se). Apparently, the NCAA is opening a new investigation (NOA incoming) regarding the practice footage hacking (they had to wait for FBI to file charges).
Three. Don't forget about the recruiting violations (and lying about them).
Just to clear this up a bit, the entry point for all of this was a database that tracks athlete medical records (Keffer Development Services). It is not clear how he got access there. It is suspected that through that site, he had access to student athlete email addresses and passwords, which allowed him to socially engineer additional hacks (e.g. if I know your password to your PSU account, chances are you are lazy and use that same password for something similar, including cloud accounts where you might store racy pictures. Or at a minimum I can use your email/password combo to do a password reset for other accounts, if 2 factor authentification isn't required)
First, how did he get their passwords? But even if that were true, the story I heard is he had access to 150,000 students' data. So if goes far beyond individual usercode/passwords. And the passwords are encrypted so nobody, not even the schools, know what they are.Just to clear this up a bit, the entry point for all of this was a database that tracks athlete medical records (Keffer Development Services). It is not clear how he got access there. It is suspected that through that site, he had access to student athlete email addresses and passwords, which allowed him to socially engineer additional hacks (e.g. if I know your password to your PSU account, chances are you are lazy and use that same password for something similar, including cloud accounts where you might store racy pictures. Or at a minimum I can use your email/password combo to do a password reset for other accounts, if 2 factor authentification isn't required)
This is actually somewhat separate from the unauthorized film access which is through a company called Catapult. Catapult identified unauthorized access to their system back in Dec 2023
Catapult says NCAA investigating unauthorized video access, denies breach
A company that handles film for college programs issued a statement after Alabama players said the team has locked down footage for security concerns.www.al.com
It is probably likely that he used the same sort of social engineering to hack players' (from various schools) access to their team's catapult accounts, i.e. logging in pretending to them and downloading video (it's also occurred to me that maybe he was trading XXX picture/videos to someone at Catapult in exchange for this information, but according the recently filed charges he wasn't sharing any of his ill gotten collection, so I don't think that's the case).
My understanding it that he basically had admin access at Keffer Development Services. Which would mean he could see everyone's email and passwords who were on that site. That's where the 150000 athletes comes from. He then branched out from there to access other accounts (whether it be school or gmail or icloud or whatever). And also into Catapult.
got it. if he had that, Keffer better be calling their attorneys pronto. it would be hard for me to believe that each university didn't have their own secure access, including hard and soft shells. And if true, that would rule out one employee being compromised.
Clearly there were a lot of internet security failures throughout this debacle.
You're not wrong. The FBI has been investigating this for a while. It also appears to be a ring of folks involved. This is beyond bad.
This is not remotely a nothing burger. There are thousands of victims here. Michigan will be fortunate to survive this. He also, possibly hacked into tOSU and PSU athletic departments.
Yes, there at least two aspect to this, neither of them are good for Michigan.
That is the attorney I was referring to. Now, he is an attorney which is a "paid spokesperson" for his clients. So he'll say anything to provoke the situation. But his comment appears to be, for the most part, believable. Especially the lack of response fromthe University of Michigan. They are still in the "denial" or "bargaining" phase.
It really was incredible how they absolutely positively KNEW a fake field goal from the 13 yard line was coming, and how they somehow knew a fake punt was coming from midfield in the first quarter and called time out.
Important to keep in mind that any issues related to Matt Weiss and the NCAA (i.e. stealing practice video) is NOT part of the current NCAA investigation (i.e. the NCAA couldn't do that until the FBI indicted).
Thanks for the post but doesn't that constitute a program that was completely out of control? These are all major infractions.
Oh, absolutely. I suspect Michigan will try to blame as much of this as possible on people who are no longer with the program (Weiss, Stalions, Harbaugh, etc) but I think there are likely to be proveable links for some of this to people still on staff.
Agreed. And also consider that the won a Natty with Stalions and Harbaugh on board plus a lot of contributions by Weiss in prior seasons. The data Weiss stole didn't disappear when he was suspended. letting them keep that Natty, at least historically, is the definition of the ends justifying the means.
Give it time. It appears he also hacked into PSU servers as well.
Also, interesting note about timing of Weiss investigation. It appears the university knew he was under investigation PRIOR to the TCU game and still allowed him to coach.
The TCU coach said, IIRC, he was tipped off and changed their offense signals so that UM couldn't read them. It may have cost UM the game as TCU was up 20-6 at the half before Um outscored them 39-30 in the second half. Remember, UM had that incredible defense that year.
Is there any scenario where they stall as long as possible hoping or anticipating bigger changes coming down where these Top Tier leagues / Conferences become self regulated ?
In a way they have been doing that since the start of all of this.
