http://www.bozemandailychronicle.com/articles/2005/06/29/news/02fwp.txt By NICK GEVOCK Chronicle Staff Writer June 29, 2005 A hacker broke into a Montana Department of Fish, Wildlife and Parks computer database containing personal information about hunters last month, but officials say no data was stolen. The hacker made it onto the FWP server that contained the state's hunter-harvest survey, FWP spokesman Ron Aasheim confirmed Tuesday. The database includes personal information about hunters, including Social Security numbers, along with data on where they hunted and whether they killed game. Upon discovering the hacking, FWP immediately contacted Sam Mason, a state data security specialist, who determined the hacker hadn't downloaded any information, Aasheim said. "He told us there's no reason for concern here with identity fraud or stealing of information," Aasheim said. "If there had been, we would have taken other actions and certainly contacting the public was one of them." The database, which was collected and maintained by FWP's Region 3 staff in Bozeman, was stored on a Montana State University computer system that lacked several security measures, including a "firewall," Aasheim said. But that's the fault of FWP, not MSU. "There were a couple of steps that we didn't take, just because of a lack of communication," he said. "We take full responsibility." Based on a review of the database after the incident, it appears that the hacker was looking for storage space for files, Mason said. Hackers often use such databases as a temporary location for storing pirated software so it can be downloaded by others without leaving a trail. Had any personal information been downloaded, the computer would have created a log of the transfer, but none was created, Mason said. "It seemed to be just a bunch of people throwing movies or pirated software around," Mason said. "Everything seemed to be quite safe." Luckily, Aasheim said, the agency's databases use Oracle software, which compresses inforamtion into a code that is not visible to hackers as readable text. In addition, the database takes up 12 gigabytes of disc storage that can't be accessed in pieces. A transfer of that size would take time, but the hacker was only on the server for a few minutes. Americans are increasingly fearful of identity theft, one of the fastest-growing crimes. Several large breaches of databases have occurred over the past year, including the theft of thousands of names from credit card companies and colleges. FWP has learned from the incident and is taking steps to prevent someone from hacking into other databases, Aasheim said. It is moving all of its databases to a state system that has multiple security steps built in. FWP also is hiring computer specialists to work at each of its seven regional headquarters, Aasheim said. "We've dodged a bullet, that's the good news," he said. "Now we've taken the steps to correct it." _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 30 2005 - 01:17:15 PDT