http://www.lasvegassun.com/sunbin/stories/nevada/2003/apr/07/040710833.html April 07, 2003 RENO, Nev. (AP) - A hacker who invaded the computer system at William Bee Ririe Hospital in Ely has been traced to the former Soviet Union, authorities said. The FBI said the hacker used the Web site of Al-Jazeera, the Arab news network, as a conduit to the hospital. Officials at the 40-bed hospital said patient records are safe, but added that the cyber intruder may have accessed employee Social Security and bank information. The incident has resulted in improved computer security at Nevada's other rural hospitals and serves as a lesson for all computer users. "Here's tiny Ely, a place where people leave doors unlocked, and we get hacked by the Russian Mafia, who are pretending to be Arab terrorists, because they are the people to blame this week," Jim Crosley, information technology manager for the Ely hospital, told the Reno Gazette-Journal. "We may be remote in geography, the most distant city from any metropolitan area, but with the Internet we might as well be in downtown New York or Los Angeles." Crosley detected the Ely break-in on March 20. "It was just after 6 a.m. and I saw an active connection from outside, on a path through the emergency room to the payroll computer, but I knew no one was in the payroll office." He said he ran to the affected computer and pulled the plug. Crosley said the system seemed to be protected from attacks. But the FBI lab's analysis of the hospital's hard drives showed a game program, "Blaster Ball," contained a Trojan horse, a hidden code that acted as a beacon and let hackers into the hospital's system. "Two employees admitted downloading the game from the Internet and installing it at a work station," Crosley said. "The Trojan horse reported back to the hackers, and the system was compromised. It was an eye-opener that you can have the best firewall available, but someone on the inside can unintentionally blow it out." Bob Morasco, hospital administrator, said the intrusion resulted in tighter policies and procedures, and more security measures. "Payroll is off the network," he said. "We've told employees never to install software or sign on to streaming Internet services." Crosley said the Ely hospital's security measures routinely fight off between 40 and 60 electronic attacks a day. Computer experts said all Internet connections are vulnerable to electronic vandals, whose motives range from bragging rights to identity theft. "Ely isn't remote any more," he said. "On the Internet, the world and all the bad guys in it are as close as your desktop PC." Information from: Reno Gazette-Journal - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Apr 08 2003 - 07:15:42 PDT