From: InfoSec News (isn@private)
Date: Mon Mar 21 2005 - 03:13:44 PST

Forwarded from: William Knowles <wk@private>


March 19, 2005

A hacker has invaded a UNLV server containing thousands of records 
with foreign students' information, UNLV officials announced Friday. 

University of Nevada, Las Vegas computer analysts were conducting a 
routine security check on network activity when they found a hacker 
accessing the Student and Exchange Visitor Information System, also 
known as SEVIS. 

"We're not sure that he got very far with it. We caught him in the 
middle of it and took the server off-line, so we're not sure if he got 
much and how much it is," said Johnie Sullivan, UNLV information 
security officer and a former FBI computer security specialist. 

University officials declined to detail specifics about the attack 
such as when it happened. But they said the hacker could have accessed 
the records of as many as 5,000 former and current UNLV international 
students. The FBI is investigating the incident. 

Analysts have determined the suspect is not a university student or 
employee. Sullivan said this is the first major hack UNLV has 
experienced on a student data server, Sullivan said. 

They're treating the incident as a possible identity theft case, he 
said. The office of International Students and Scholars on campus sent 
an e-mail to all students and scholars in the database to refer them 
to identity theft protection Web sites. 

Those who believe they might be a victim can contact the Federal Trade 
Commission at www.consumer.gov/idtheft or call 1-877-ID-THEFT. 

UNLV staff also is working with students face to face, said Rebecca 
Mills, vice president of student life. 

The U.S. Citizenship and Immigration Services uses SEVIS, an 
Internet-based system, to maintain current information on nonimmigrant 
students, exchange visitors and their dependents. 

The program, which is part of the Department of Homeland Security, 
tracks information such as foreign student enrollments, visa status, 
course load, address and name changes, and off-campus employment. 
After Sept. 11, 2001, universities, colleges and flight schools have 
been required to use SEVIS to help prevent terrorists from entering 
the country as students. 

Sullivan said the hacker was storing potentially stolen data from 
somewhere else on the UNLV server and attempting to download 
university data when he was caught. The old server went to the FBI 
crime lab and a new server is up and running, he said.

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

Bellua Cyber Security Asia 2005 -

This archive was generated by hypermail 2.1.3 : Mon Mar 21 2005 - 04:59:04 PST