[ISN] Hacker Breaks Into UMKC Computer System

From: InfoSec News (isn@private)
Date: Thu Jan 15 2004 - 03:32:12 PST

  • Next message: InfoSec News: "[ISN] 9th Edition of the ISO 17799 Newsletter"

    http://www.thekansascitychannel.com/technology/2764780/detail.html
    
    January 14, 2004
    
    KANSAS CITY, Mo. -- A hacker broke into the University of
    Missouri-Kansas City computer security system, compromising the
    passwords of about 17,000 students, staff and faculty.
    
    The school's Internet system was temporarily shut down Monday as
    students returned from holiday break. Users were required to change
    their passwords.
    
    The hacker downloaded an encrypted file containing passwords for
    university e-mail accounts, but there was no evidence other files had
    been tampered with, said Tom Brenneman, interim director of
    information services at UMKC.
    
    "We are confident that we have stopped any and all problems with
    this," he said.
    
    The FBI is investigating the security breach.
    
    UMKC employs a "single-sign-on" system designed to make it easier to
    use several university services with the same username and password.  
    The computer system allows a person with an e-mail password to access
    financial information, human-resources records and student grades.
    
    Officials would not give specifics about when the breach occurred and
    the hacker downloaded the passwords. Faculty, staff and students were
    told late Monday the breach was "discovered" earlier that day. But an
    internal memo obtained by The Kansas City Star said the first sign of
    a possible breach occurred Thursday evening, four days earlier.
    
    Officials did not react until another incident was detected in the
    computer logs around midnight Sunday.
    
    "That's when we immediately decided to shut down the Internet and
    change all the passwords," Brenneman said. He said the hackers likely
    did not have time to unscramble the encrypted passwords before the
    intrusion was discovered.
    
    But independent computer security officials say a four-day span could
    give hackers enough time to unscramble them and use the passwords to
    access information.
    
    "If someone got that file and knew what they were doing, they could
    get working passwords, if they had it four days," said Gary Fish, head
    of Kansas City-based Fishnet Security Systems.
    
    The security breach occurred on a Windows-based computer that
    authenticates the university's Microsoft Exchange e-mail.
    
    Mary Lou Hines, vice provost for strategic partnerships for UMKC,
    alerted the campus community late Monday to the break-in and said the
    password file had been copied.
    
    She assured faculty, staff and students that the file was encrypted
    but added, "it has been demonstrated that these files can be cracked
    once they are in the hands of the hacker."
    
    Officials said they were pleased that new security monitoring software
    placed on the system had alerted them to the breach. Brenneman
    stressed the system was secure.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jan 15 2004 - 05:57:42 PST