[ISN] Chico State computer system attacked by hackers

From: InfoSec News (isn@private)
Date: Wed Mar 16 2005 - 00:30:18 PST

Forwarded from: William Knowles <wk@private>


Staff Writer
March 16, 2005

More than 59,000 people connected to Chico State University will be 
contacted for what officials are calling the largest computer hacking 
incident the college has seen.

Notifications to anyone whose personal information was compromised 
were going out Tuesday, said Joe Wills, director of public affairs at 
the university.

That list includes current and former Chico State faculty and staff 
members. But the majority are students, since the server hackers 
targeted held the names and Social Security numbers of current, former 
and prospective students.

There have been previous hacking incidents at the university, but none 
has affected this many people, Wills said.

While the exposed server contained personal information, there's no 
indication hackers will use it for illegal activity, he added.

"It's impossible to know what their motives are," Wills said. 

The university was made aware of the incident about three weeks ago, 
after routine monitoring of its network showed that hackers illegally 
accessed the University Housing and Food Service server. 

An investigation revealed hackers installed software to store files 
and attempted to break into other computers.

Meanwhile, university personnel have placed information about the 
incident online, which can be accessed through Chico State's Web site. 
The site provides links to credit reporting agencies that can detect 
fraud or identity theft at no charge.

The university is also developing an alternative identification system 
using a new, randomly assigned nine-digit ID number for students and 
employees in place of Social Security numbers. 

Wills recalled a similar incident at San Diego State University, in 
which more than 120,000 people were notified. For those affected by 
the system breach at Chico State, notifications will be sent via the 
Internet for those who have current e-mail addresses and by letter to 
all others.

University Police are investigating the incident, but Wills said he 
doesn't know if it's likely the hackers will be caught. At this time, 
there's no indication the crime took place on campus or involved 
university personnel.

"They literally could be anywhere," he said.

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

Bellua Cyber Security Asia 2005 -

This archive was generated by hypermail 2.1.3 : Wed Mar 16 2005 - 06:31:48 PST