"It was too good an opportunity to pass up," explained Professor Alex Halderman from the University of Michigan. "How often do you get the chance to hack a government network without the possibility of going to jail?"
With the help of two graduate students, Halderman started to examine the software. Despite it being a relatively clean Ruby on Rails build, they spotted a shell injection vulnerability within a few hours"
Link to Original Source