http://www.idsnews.com/story.php?id=20854 By Michael Zennie January 27, 2004 Five hours after this year's biggest snowstorm had stopped, IU was put under an emergency alert, thanks to a student hacker who manipulated the campus warning Web site. IU spokeswoman Jane Jankowski said the server of the emergency Web site did not have adequate security and that it had been breached from the outside by a student on the IU campus. Students visiting the Web site, http://emergency.iub.edu, between 1:30 and 8 a.m. were greeted with the incorrect emergency alert and a plea to "call up your congressman and suggest the educational process at Indiana University be suspended on Monday." The site also directed students to the National Weather Service and the Drudge Report Web sites "for details." Jankowski said the incorrect information was fixed just after 8 a.m. Monday when University Information Technology Services staff showed up for work. She said since then, the hole in security has been fixed, and the site is no longer vulnerable to such unauthorized access. Jankowski said the student hacker has been caught and referred to the dean of students for reprimand. Forcibly gaining unauthorized access to a Web site is not only against IU policy, but also against Indiana state law. Jankowski declined to give the name of the student in question. Senior Matt Haas saw the site with the incorrect information and thought it was suspicious. "It seemed most odd that it had a link to DrudgeReport.com," he said. "However, it was also very strange that this official IU Web page directed students to call their congressman to cancel school." IU's emergency automated hotline kept the correct information throughout the night, IU was under normal conditions. In the event of an emergency, IU President Adam Herbert has the final say in class cancelations, and congressmen have no input in the process. The University uses the Web site, which is maintained by the Office of Risk Management, to alert IU students, faculty and staff to terrorist threats, weather-related closings and other emergencies, said Larry Stephens, director of the Office of Risk Management. Freshman Arnav Patel also saw the compromised site and questioned the security of the IU network. "I thought it was unusual that someone was able to hack into what should be the most secure site on campus." -- Contact staff writer Michael Zennie at mzennie@private - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jan 28 2004 - 05:09:55 PST