[ISN] Foreign hackers gum up UA computers; motive unknown

From: InfoSec News (alerts@private)
Date: Tue Jan 09 2007 - 22:12:45 PST


By Eric Swedlund
Arizona Daily Star
Tucson, Arizona 

Foreign hackers infiltrated the UA's computer network several times in 
the last two months, depositing files on numerous servers and 
workstations in the library, Student Union and procurement office.

University of Arizona investigators have no evidence of other tampering, 
and they are uncertain about the hackers' motives. With the 
infiltration, the attacker or attackers could have gained access to 
other data, although personal student information and research-oriented 
information were not at risk, said Michele Norin, executive director for 
the UA's Center for Computing and Information Technology.

"Across the three areas, the impact was upwards of 30 servers, and we're 
assessing upwards of 350 workstations," Norin said. "We're still trying 
to define all the details of how it occurred."

The hackers installed software that enabled them to store files, such as 
movies or games, on the systems. In similar breaches, hackers typically 
enable others to access the files, but it wasn't clear whether that 
happened to the UA computers, Norin said.

"Being able to put files on machines is pretty common across any 
organization that manages a network," Norin said. "What is unclear is 
the ulterior intent in terms of whether they were trying to see other 
information or not. That could indicate a different motive."

On a few computers, hackers installed software that captures and logs 
keystrokes and can be used to catch log-in names and passwords.

"Because of the potential of what might have been captured, that led to 
analysis of all the systems and all the machines," Norin said. "We can't 
confirm that anything was captured or that it was used for anything. All 
we know is that it was there."

The breach was noticed last Tuesday, the first working day after the 
holiday break, when a typical process failed to run, raising a red flag. 
The computers were hacked in November and December.

The breach wasn't a particularly unusual or sophisticated attack, but it 
was notable for the number of workstations and servers it hit, Norin 
said. The attacks appear to have originated in France.

In addition to the internal investigation, campus police and the FBI are 
conducting a criminal investigation. Sgt. Eugene Mejia, the UA Police 
Department's spokesman, directed all questions to other campus 

Provost George Davis wrote in a campus memo that the affected servers 
and computers were removed from the campus network, and all computer 
network managers have searched their areas for intrusion. No additional 
breaches were found.

The library network which also runs the science and music libraries and 
the Center for Creative Photography system has been restored. 
Interlibrary loans, e-mail and e-reserves were temporarily disrupted.

In the Student Union Memorial Center, payroll processing and the student 
meal plan were temporarily disrupted, but they have been restored.

In Procurement and Contracting Services, online purchasing and surplus 
operations are not functioning. Temporary equipment installation is 
letting staff members operate normally, but they're unable to continue 
projects initiated before the breach was discovered.

If the investigation reveals the breach of any personal data, the UA 
will notify the individuals affected, Norin said.

"I know people will be concerned about data, and we will of course 
notify as needed once we're more sure about what that data is," Norin 

The UA's system, like most large computer networks, is a frequent target 
of hackers. In February, Romanian hackers were able to breach computers 
in the UA's journalism department, creating havoc for students.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Tue Jan 09 2007 - 22:34:17 PST