[ISN] Hackers break into computers at IU again

From: InfoSec News (isnat_private)
Date: Tue Jun 12 2001 - 22:45:51 PDT

Next message: InfoSec News: "[ISN] Law enforcement officials ask Congress for help in fighting cybercrime"

Previous message: InfoSec News: "[ISN] Security geek developing WinXP raw socket exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.indystar.com/print/citystate/tue/articles/iuhack12.html

By George Stuteville
Indianapolis Star
June 12, 2001  

BLOOMINGTON, Ind. -- Fears that computer hackers may have peeked at
sensitive student information sent Indiana University officials to the
post office to mail about 1,900 letters of apology Monday.

Along with its regrets, the university also said it would pay the
costs of up to three credit reports for anyone whose files may have
been accessed by the hackers.

The electronic break-in occurred late last month in School of Music
computers that serve as host to an Internet Web site displaying
information for prospective students.

That Web site also collects information -- including Social Security
numbers -- from those students for recruitment purposes.

All but about 200 of the 1,900 who responded to the Web site supplied
Social Security numbers, addresses, names and other data.

Data thieves could use that information to get into bank or credit
accounts or to create false identities, said Mark S. Bruhn, IU vice
president for information technology.

Bruhn said it appears their aim was to use the computer as a secret
"safe haven" for an instant e-mail communication system.

The hackers probably broke through the computer's "firewall" around
May 23-25, causing some disruptions in the process.

While troubleshooting those problems, IU technicians on June 4 found
the weak spot in the computer software that had allowed the hackers
access. The computer was immediately disconnected.

The next day, Bruhn said, IU technicians discovered certain files and
programs left by the hackers.

The hackers had deleted evidence that would have allowed them to be
traced, he added.

It was also impossible to know whether any personal information
actually had been taken.

Gwyn Richards, dean of the School of Music, said prospective students
no longer would be asked for their Social Security numbers. It always
has been optional, he said.

The use of Social Security numbers will be ended throughout the
university by 2003.

Earlier this year, a Swedish hacker downloaded the names and Social
Security numbers of about 3,100 Indiana University students.



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribeat_private

Next message: InfoSec News: "[ISN] Law enforcement officials ask Congress for help in fighting cybercrime"
Previous message: InfoSec News: "[ISN] Security geek developing WinXP raw socket exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 00:22:04 PDT