http://www.boston.com/business/articles/2005/03/09/mit_says_it_wont_admit_hackers/ By Robert Weisman Globe Staff March 9, 2005 The dean of MIT's Sloan School of Management yesterday said Sloan will join Harvard Business School in rejecting applications from prospective students who hacked into a website last week to learn whether they had been admitted before they were formally notified. Stanford's Graduate School of Business, meanwhile, asked its own applicant-hackers to come forward and explain their actions, in a sign that the California school soon may take tougher action as well. Thirty-two applicants apparently sought an early peek at the confidential data in their admission files at Sloan, while 41 files were targeted at Stanford and 119 at Harvard. Harvard on Monday became the second victimized business school to say outright it would not admit proven hackers. The first was Carnegie Mellon's Tepper School of Business, where one admission file was violated. Those schools, along with Dartmouth's Tuck School of Business and Duke's Fuqua School of Business, all use an independent website run by ApplyYourself Inc. of Fairfax, Va., to receive applications and, in some cases, manage communications with applicants. After midnight last Wednesday, hundreds of business school admission files were targeted by computers around the globe when a hacker posted detailed instructions on a BusinessWeek Online forum. Most of the hackers saw only blank screens, though some who accessed admission files at Harvard viewed preliminary decision information. ''Students who hacked the ApplyYourself website will be denied admission to Sloan," the school's dean, Richard L. Schmalensee, said in an interview yesterday after a team from Sloan met with representatives of ApplyYourself to learn what happened. Sloan used the website only to receive applications, using a separate in-house server to handle the admissions process, he said. Schmalensee said he made his decision to reject the 32 applicants after seeing the directions posted by the hacker. ''The instructions are reasonably elaborate," he said. ''You didn't need a degree in computer science, but this clearly involved effort. You couldn't do this casually without knowing you were doing something wrong. We've always taken ethics seriously, and this is a serious matter." At the same time, Schmalensee said Sloan would allow rejected applicants to reapply in later years, though he said the hacking incident would continue to be a factor in the school's decision. ''We'll look at applicants next year," he said, ''but we'd want to see evidence that this was an aberration, that they have grown." Schmalensee said Sloan would consider appeals this year only if there were clear-cut extenuating circumstances; one example he cited was an applicant serving in Afghanistan turning over his ApplyYourself password to an irresponsible brother-in-law. As to why MIT's Sloan School waited nearly a week to take action, Schmalensee said school officials needed to confer with ApplyYourself representatives and understand the situation better. ''The fact that we took so long doesn't mean we don't take ethics seriously," he maintained. ''It means we take due process seriously as well." In Palo Alto, Calif., Stanford issued a statment from Derrick Bolton, assistant dean and director of MBA admissions, demanding explanations from the applicants whose files were targeted. ''Business schools teach students to make decisions and to be accountable for those decisions," Bolton said. ''We hope that the applicants who accessed their accounts might contact us to explain their behavior and to take ownership for their actions. We will take appropriate steps in the cases that warrant further scrutiny." ApplyYourself's software enables schools to know which files have been accessed but can't definitively identify the hacker. However, both Schmalensee and Kim B. Clark, the Harvard business dean, noted that applicants bear ultimate responsibility for their passwords even if they turned them over to third parties who did the hacking. Paul Danos, dean of Dartmouth's Tuck School, released a statement saying school officials continue to investigate and will meet on Friday to discuss their options. And at Duke's Fuqua School, where one file was hacked, associate dean James A. Gray said the applicant would be notified of a decision on March 18, the regular decision date for the school's current round of applicants. ''It would not be smart of him to be buying a Duke sweatshirt and renting an apartment in Durham," Gray said. ''It's not likely that he will need either." Robert Weisman can be reached at weisman @ globe.com. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Wed Mar 09 2005 - 06:01:44 PST